Is it working correctky?

Hello,

It’s difficult to say without being able to compare the two sites or two plugins. Bots usually find it easier to harvest email addresses than to submit contact forms (I.E., plaintext email addresses). ReCaptcha v2 is also not 100% bulletproof, so Google recommends ReCapatcha v3.

We are certainly open to suggestions or feature improvements as our code is open source. If you would like to provide your website URL we can also take a look to ensure that the reCaptcha is set up properly. Finally, you may also try these alternatives which support Contact Form 7:

– CF7 Invisible reCAPTCHA
– Invisible reCaptcha for WordPress
– Contact Form 7 Captcha

Hopefully using one of the above solutions you’re able to secure your contact forms. Otherwise, should you have any questions please reply back to this thread and we can assist further. Have a wonderful rest of your week!

Hi

The website with the spam issues:

https://www.trucklesoft.co.uk

@ajtruckle Thank you for providing your website! We’ve taken a look at the contact form, and it appears to be working as expected. The form doesn’t submit without filling out the reCaptcha. Disabling Javascript and trying to submit also comes back with an expected error. Unfortunately, it’s unclear how spam submissions are getting through at this time.

If you continue to have spam issues it may be best to try one of the alternatives suggested in our previous reply, Akismet, or upgrade to ReCaptcha v3. Hopefully using one of these solutions you’re able to resolve your spam troubles.

I don’t like those alternatives. There seems to be no user support which is never a good sign.

I have just added a v3 version for reCAPTCHA for my site in the Google reCAPTCHA panel but I can’t seem to configure it on my website. When I go to “recaptcha version” in the backend it only offers v2 or default.

Hello @ajtruckle

ReCaptcha v3 is the default for Contact Form 7. If you’re going the v3 route, you won’t need this plugin (ReCaptcha v2 for Contact Form 7) installed. For more information on Contact Form 7’s ReCaptcha v3, you may review the article linked below:

https://contactform7.com/recaptcha/

Should you have any questions regarding this implementation you may open a thread on the Contact Form 7 Support Forums. ReCaptcha v3 is a learning algorithm since it loads throughout the site and monitors user activity. It may take a couple of weeks before you see meaningful results.

Hopefully, using v3, you’re able to solve your spam issues. Should you have any other questions, you may reply to this thread. Have a wonderful rest of your week!

Hello @ajtruckle

One important note I forgot to mention is that WordPress has it’s own built-in spam filtering system that you may find helpful. In theory, using this method should work regardless of what plugin you choose to use to prevent spam.

Under “Settings > Discussion” is a texarea for “Disallowed Comment Keys”. One “Key” per line. Populating this with a list of “disallowed” keywords should mark any submission with keywords found as Spam. For example, if you’re getting many emails that use the word “explicit” but not something your clients would submit with, adding “explicit” to the list would mark the submission as spam upon submission.

For more information please review Contact Form 7’s article on the subject:

https://contactform7.com/comment-blacklist/

Thanks for the input.

I have just tried:

1. Deactivating your plugin.
2. Setting CF7 to use default.
3. Setting CF7 keys to my sites V3 keys.

Hopefully it is Ok. I see no “Google reCaptcha” icon which concerns me.

@ajtruckle Unless you have something explicitly hiding the Google ReCaptcha badge, your concerns are justified. While this is out of the realm of support here for this plugin, it does look like your webpage is loading 2 versions of Google ReCaptcha with different sitekeys. One comes from the Simple Download Monitor and another from Contact Form 7. I would recommend that both plugins use the same version of ReCaptcha (v3) and that the API key is the same for both. It might also be an issue that Simple Download Monitor is also calling the Google Recaptcha API early in the header and Contact Form 7 is calling their own in the footer. You may try to disable this plugin and see if the badge appears, then take steps to resolve it.