reCAPTCHA v3 - Share your Experience

[WHMCS John]

Hi testers!

One of the new features added in WHMCS 8.11 Beta is reCAPTCHA v3. Enabling you to use Google's latest protection against automated bots and spam. During the pre-release testing we want to hear about your experiences with this feature.

Some potential starting points for discussion are:

• What was your experience activating and configuring this feature in General Settings?
• What reCAPTCHA Score Threshold setting did you find most effective?
• Did clients encounter any errors or problems submitting the protected forms?

In addition to resolving any errors which might occur, understanding any pain points is of particular interest to us. Your input will help us tweak messaging in the product or documentation and publish support articles.

Thanks for your help in the pre-release testing!

[Kuhl, Rubens]

Our overall experience with reCaptcha and hCaptcha is "unimpressed". Seriously considering Turnstile from Cloudflare. 

 

[slim]

Since upgrading both my live WHMCS installs to the beta, and switching to V3, I have not had a single fake order/registration.

I left the setting at 0.5.

I would like to see more documentation on how this works.. The way I think it works is this:

Visitor visits site and Google makes a determination as to weather to vet the user.. If they think the user is legit, no captcha is displayed and the customer continues without interruption.

If Google thinks the user needs validation, a captcha is displayed and the difficulty of the captcha is determined by the setting in the WHMCS admin area. 0 being easy, .5 being medium difficulty and 1 being ridiculous (many captcha puzzles presented).

Is this how it works? If not, how does it work?

[slim]

On 8/15/2024 at 12:52 PM, Kuhl, Rubens said:

Our overall experience with reCaptcha and hCaptcha is "unimpressed". Seriously considering Turnstile from Cloudflare. 

 

This isnt feedback on the new v3. hcaptcha isn't even a feature in whmcs! Have you actually tried the beta version with v3 captcha?

[WHMCS John]

Thanks for your feedback @slim,

In terms of how it works, I think google keep that intentionally vague. The information to which we have access is here: https://developers.google.com/recaptcha/docs/v3

My interpretation is that it operates based entirely on behaviour analysis, I don't think reCAPTCHA v3 displays any of the puzzles to solve at-all. If the score that reCATCHA provides is above the threshold which you set, the form submission is blocked.

[slim]

Hi @WHMCS John - I spoke to soon.

 

I have a client who was attempting to purchase some domains.. I had Captcha v3 enabled, including for logged-in users (I have now disabled this). He got these errors, and for the life of him couldn't complete the checkout.

Being v3, there is nothing to complete... He got frustrated and contacted me - To fix, I disabled captcha for logged in users..

The worst part is I don't know if he somehow failed captcha OR there is a bug in the checkout?

[pRieStaKos]

@slim Why are you using beta in production ?? You miss the whole "beta testing" meaning...

[pRieStaKos]

On 8/15/2024 at 5:52 AM, Kuhl, Rubens said:

Our overall experience with reCaptcha and hCaptcha is "unimpressed". Seriously considering Turnstile from Cloudflare. 

 

When I started using Turnstile, spam ticket submissions stopped....

I don't know why WHMCS is stuck with reCaptcha !!

[Kuhl, Rubens]

On 8/16/2024 at 3:03 AM, slim said:

This isnt feedback on the new v3. hcaptcha isn't even a feature in whmcs! Have you actually tried the beta version with v3 captcha?

This is based on our experience with our in-house system, not WHMCS. 

 

[slim]

5 hours ago, Kuhl, Rubens said:

This is based on our experience with our in-house system, not WHMCS. 

So why are you here? This is a beta feedback thread specifically for the new v3 captcha feature

Edited August 18 by slim

[slim]

5 hours ago, pRieStaKos said:

Why are you using beta in production ?? You miss the whole "beta testing" meaning..

I’ve been providing feedback to WHMCS for years. I chose to run this in production due to the new v3 captcha.

[Evolve Web Hosting]

On 8/17/2024 at 1:00 AM, slim said:

Hi @WHMCS John - I spoke to soon.

 

I have a client who was attempting to purchase some domains.. I had Captcha v3 enabled, including for logged-in users (I have now disabled this). He got these errors, and for the life of him couldn't complete the checkout.

Being v3, there is nothing to complete... He got frustrated and contacted me - To fix, I disabled captcha for logged in users..

The worst part is I don't know if he somehow failed captcha OR there is a bug in the checkout?

@slim I am glad you bring this up. Maybe now, they will finally fix the issue you reported because it’s tied to the current beta. It’s a problem that has existed for recaptcha v2 as well and when I reported it a year or two ago I was just told ‘it’s not a bug related to the current beta version’.  So they swept it under the rug so to speak. 

[slim]

@WHMCS John - Here is another issue..

This is the beta.. with V3 setup. I put in my email and got this.

Note: Its intermittant - I think it may be that I submitted before captcha did its thing.. Perhaps there needs to be a delay or check that captcha has completed prior to allowing the submit?

[ZeroMB]

On 8/18/2024 at 8:53 PM, pRieStaKos said:

When I started using Turnstile, spam ticket submissions stopped....

I don't know why WHMCS is stuck with reCaptcha !!

Cloudflare captcha sometimes act similarly to reCaptcha.

 

But I agree that we should have multiple options.

[WHMCS John]

On 8/17/2024 at 8:00 AM, slim said:

Hi @WHMCS John - I spoke to soon.

 

I have a client who was attempting to purchase some domains.. I had Captcha v3 enabled, including for logged-in users (I have now disabled this). He got these errors, and for the life of him couldn't complete the checkout.

Being v3, there is nothing to complete... He got frustrated and contacted me - To fix, I disabled captcha for logged in users..

The worst part is I don't know if he somehow failed captcha OR there is a bug in the checkout?

@slim,

This is the error message that will be presented if the reCAPTCHA v3 service assigns the user a score above the reCAPTCHA Score Threshold.

You can confirm this is the case be enabling the Module Debug Log and asking the client to repeat the action.

You'll see the reCAPTCHA score captured in the response, and can adjust your threshold setting accordingly: https://docs.whmcs.com/clients/the-client-area/google-recaptcha/#enabling-recaptcha-v3

 

On 8/19/2024 at 2:37 AM, slim said:

@WHMCS John - Here is another issue..

This is the beta.. with V3 setup. I put in my email and got this.

Note: Its intermittant - I think it may be that I submitted before captcha did its thing.. Perhaps there needs to be a delay or check that captcha has completed prior to allowing the submit?

This error can occur with reCAPTCHA v2 and Invisible as well, usually if the form is double-submitted.

For example some password managers automatically submit forms once they're auto-filled. If this is the case and the visitor also clicks the Submit button, that causes a double-reCAPTCHA-submission, which causes the service to return this duplicate error.

[wellconnit]

It's no longer in Beta, but Recaptcha V3 broke my admin page.

Immediately after update Developer Tools says "Recaptcha site key not defined" so it won't let me login.

There's no way to bypass Recaptcha or MFA for specific IP's, so it's not like I can sign in to turn it off, and the config SQL table doesn't have a clear on/off for captcha, if you change the type it kills the page.

 

I think there could be a better way to handle this process.

[WHMCS John]

@wellconnit,

This indicates that your reCAPTCHA v3 keys were not entered into the Site Key and Secret Key fields.

Please ensure all the fields are completed per steps 9 & 10 of the configuration instructions: https://docs.whmcs.com/system/system-tutorials/enable-recaptcha-v3/

 

To disable captcha on your WHMCS instance:

UPDATE tblconfiguration SET value = '' where setting = 'CaptchaSetting';