Hey @bygonc,
Thanks for contacting us!
I apologize for the trouble with the Google reCAPTCHA token timing out! Unfortunately, Google reCAPTCHA and the reCAPTCHA token length are controlled by Google and we don’t currently have a way to adjust the reCAPTCHA token lifespan.
If you’d prefer not to use Google’s reCAPTCHA, we have a built-in anti-spam option which is enabled by default in the form builder > Settings > General (see screenshot here).
Further, we have another anti-spam protection feature, hCaptcha. This is a good option if you’d prefer not to sign up for Google’s reCAPTCHA service. Within your forms, hCaptcha will display a checkbox asking users to prove they’re human (much like Google’s v2 Checkbox reCAPTCHA). We have a detailed guide for setting up hCaptcha.
Alternatively, you can consider the third-party plugins such as WordPress Zero Spam or Spam protection, AntiSpam, FireWall by CleanTalk which work out of the box to protect your forms against spam.
Hope this helps!