How to Fix Google reCaptcha not blocking SPAM

If your Google reCAPTCHA isn’t blocking spam effectively and you’re facing a wave of unwanted messages or users, then read this article.

Published on: September 1, 2024 in Google for Businesses

How to Fix Google reCaptcha not blocking SPAM (1)

How does Google reCaptcha work?

Google reCAPTCHA is a security tool to prevent bots from damaging your website and to prevent spam that might overload your server. It also used to differentiate between human users and bots. Captcha works by presenting challenges that are easy for humans but difficult for automated systems.

There are different versions of reCAPTCHA:

  1. reCAPTCHA v2: It requires users to click a checkbox (“I’m not a robot”) and may prompt users to identify images if more verification is needed.
  2. reCAPTCHA v3: This version runs in the background, analysing user behaviour on the site. It assigns a score based on how likely the user is to be a human or a bot. No interaction is needed from the user, however the badge is usually displayed on the right bottom side and it’s quite hard to remove it without digging into the code.
  3. Invisible reCAPTCHA: Similar to v3, it doesn’t interrupt the user but still verifies if they are human by monitoring their behaviour.

Why is Google reCAPTCHA not blocking spam?

Google reCAPTCHA isn’t foolproof. In the recent 10 years Google reCaptcha made significant progress in preventing spam however it’s not ideal and more about this system history you can read about here.

There are few reasons why Google recaptcha is not effective anymore on your website

  • Some bots are getting smarter and can bypass simple CAPTCHA tests, especially as they evolve and mimic human behaviour.
  • Human-Powered Spam: Sometimes, spammers use real people to solve CAPTCHAs, making it harder for automated systems to block them.
  • Improper Configuration: If reCAPTCHA isn’t set up correctly, it might not be as effective. For example, if the scoring threshold in reCAPTCHA v3 is set too low, it may allow bots to get through.
  • Behavioural Patterns: Bots can sometimes mimic human-like patterns that fool reCAPTCHA’s behavioural analysis.

You would think that Google, a multimillion priceless company would be able to fix the problem with the captcha and spam but it’s not easy as it sounds…

Google CAPTCHA Spam Still Getting Through – What to Do?

If spam is still getting through even with Google reCAPTCHA, here are some advices and steps you can take to prevent SPAM:

Tighten reCAPTCHA Settings:

If you’re using reCAPTCHA v3, consider increasing the threshold score to make it harder for bots to pass as humans. Usually, this setting can be adjusted within the plugin’s settings or on the official Google website.

Tighten reCAPTCHA Settings on Google Admin to prevent bots

  • Visit this link.
  • Use the ‘Security Preference’ slider and set it to the right or slightly to the right if you’re experiencing a high volume of bots and Google reCAPTCHA is not blocking spam. Click the blue ‘Save’ button to apply the changes.
  • Give Google reCAPTCHA at least 12-24 hours to see the difference.
  • Remember, you must have configured reCAPTCHA correctly—the ‘Owners’ field should contain your email, the domain should be your website’s URL, and the reCAPTCHA keys should be implemented in your WordPress plugin.

 

For example, in WPForms article you can set the threshold to a specific level based on the amount of spam you’re receiving. It’s important to set the threshold appropriately depending on your site’s spam ratio—if too low, more bots may get through; if too high, some legitimate users might be blocked.

Fine-tuning this balance can significantly improve your spam prevention efforts:

fine tuning recaptcha google wpforms to prevent spam

Low Spam (Occasional spam emails or submissions):

  • Threshold Score: 0.3 to 0.4
  • This setting allows most legitimate users through while blocking basic bots.

Moderate Spam (Regular spam, but not overwhelming):

  • Threshold Score: 0.4 to 0.5
  • A balanced setting that offers better spam protection while still allowing most legitimate users.

High Spam (Frequent and persistent spam):

  • Threshold Score: 0.6 to 0.7
  • This higher setting blocks more potential spam, though some legitimate users may be challenged.

Extreme Spam (Constant and aggressive spam attacks):

  • Threshold Score: 0.7 to 0.9
  • This is a strict setting that will block most spam, but it may also require some legitimate users to go through additional verification steps.

Combine with Other Tools:

Use Google reCAPTCHA alongside other anti-spam tools, such as email verification services, IP blacklisting, or content filtering for example – Antispam Bee  or Wordfence Security Scanner. If you have a good website hosting provider (learn more about hosting for Irish businesses in 2024), you can simply visit your cPanel and add spam filtering variables. This allows the system to automatically mark messages as spam if certain keywords are detected in the subject line.

Fix Google reCaptcha not blocking SPAM with email spam filtering

  • This is the example of how you can create a new filter for all mail on your professional webmail account.
  • Any incoming message with the subject that contains “app development”, or “erotica” or Russian spam will be discarded.

Additionally, consider implementing 2FA (two-factor authentication), which requires additional information from the user, such as a phone number. Ensure that your settings and privacy policies are adjusted to comply with GDPR requirements when using such measures.

These tools are more effective in reducing spam when combined rather than used individually.

Update Your reCAPTCHA Version:

Still experiencing issue with Google reCAPTCHA not blocking spam? Ensure you’re using the latest version of reCAPTCHA for the most up-to-date protection against bots.

It’s also important to keep your WordPress website updated, as this can significantly reduce spam and implement important changes that might help you combat it more effectively.

Consider Switching to Another Captcha (hCaptcha):

Even though you may have mixed feelings about Google reCAPTCHA, it has been around for years and has established a strong position in bot prevention. However, as more and more websites come under attack, it may be time to consider an alternative if Google reCAPTCHA is no longer effective at stopping spam on your site.

Consider-Switching-to-another-Captcha-hCaptcha-if-google-captcha-is-not-working-effectively

One such alternative is hCaptcha (it’s free), which focuses on user privacy and offers strong protection against bots and spam. Cloudflare, a leader in cybersecurity, even switched from Google reCAPTCHA to hCaptcha due to its enhanced privacy features and security capabilities. You can learn more about this switch on Cloudflare’s blog here.

The Advantages and Disadvantages of hCaptcha

AdvantagesDisadvantages
Enhanced Privacy: Collects less personal data compared to Google reCAPTCHA, making it more privacy-friendly.User Experience: Some users find hCaptcha challenges more difficult or intrusive compared to Google reCAPTCHA.
Strong Security: Provides robust protection against bots and spam, making it effective for high-traffic websites.Less Recognition: Not as widely recognized as Google reCAPTCHA, which might lead to user skepticism.
Cloudflare Partnership: Integrated with Cloudflare, a leader in cybersecurity, enhancing its security capabilities.Compatibility Issues: May require additional adjustments to ensure compatibility with certain websites or platforms.
Monetisation Option: Allows websites to earn revenue by serving hCaptcha challenges, offering a financial incentive.Implementation Complexity: Setting up hCaptcha may require more technical knowledge compared to other CAPTCHA solutions.
Open Source: Being open source allows for greater transparency and customization possibilities.Fewer Integrations: May have fewer integrations with third-party services and plugins compared to Google reCAPTCHA.

Conclusion

As you can see, Google reCAPTCHA is facing challenges as bots become more advanced and intelligent. This article should help you address issues with Google reCAPTCHA not blocking spam. However, if you’re still struggling to eliminate spam, feel free to contact me—I’ll be happy to assist you further.

× My WhatsApp