CF7 & Use of reCaptcha v3

It’s not the threshold value that causes all the spam with CF 7 5.1. It’s the code on line 112 of /wp-content/plugins/contact-form-7/modules/recaptcha.php that allows any message for which the reCAPTCHA token has not been set–as will happen whenever javascript is disabled, there is a javascript error that stops javascript execution, etc.–is allowed to be sent. Since most bots do not run javascript, that means all the messages they attempt to submit will be allowed through.

You can find the developer’s rationale for this approach here.

I read that topic, I think that is another issue.

Thank you, linux4me2, for the thoughtful comments. I read the linked issue. In addition to appreciating the comment by Takayuki Miyoshi, I think the conditional response regarding JavaScript is a good suggestion.

One problem with this “learning” concept of Google v3 reCaptcha and threshold settings is the non-tech types trying to use it will be totally lost and have no interest in trying to learn it. This is one reason why v2 with the badge gave a lot of users a visual confirmation their website is protected by spam.

I am not against what Google is trying to improve, but they have made some mistakes with this one.

Agreed! The combination with a v2/v3 choice as suggested earlier is useful, but you still need to be able to modify your threshold.

@hansr00

Having seen the promo video for Google reCaptcha, I understand what Google is doing. The threshold method is something for those who want to use it, because now this method has moved things into a website analytics, which many people are completely uninterested in doing, mainly because, to them, it is the kind of work they don’t want to get involved with.

I have no idea why Google thinks that people are going to follow this. With the experiences I have had with people in my web design business, most want nothing to do with any technical aspects of websites. Even explaining some of the basic things in WordPress I see their eye glaze up. This is where Google still needs to provide the reCaptcha badge or something akin to it.

For me, the threshold method is fine, but it does add more work to doing a website.

But apparently v2 remains beside v3 so Google seems to understand the issue well.
Something for everybody’s needs? That would mean that an application on the level of CF7 requires choice for the user i.e. the webmaster.

@hansr00

I haven’t pursued any research into the full intentions Google has with v3, whether or not they plan to archive v2. So far, as it appears, they understand that they cannot just eliminate v2 because of its wide-spread use, so they have to continue supporting it.

What I refer to in Google’s move with v3 is the lack of expanding v3 to integrate the use of a visible widget, not just keep the v2 alive. I think this “visible” part many many people depend on is what they don’t understand. – and that visible part is where people stop their involvement with the method. Saying, people have no interest in user/page analytics and only care about seeing the visible widget.

Ah yes. I see your point now.