Skip to main content

ReCaptcha Settings

Menu path: Admin -> Settings -> ReCaptcha Settings

Route: /admin/settings/recaptcha

Use this page to protect important forms from spam and abuse.

Important field note

The current page labels are a little confusing.

Use the fields like this:

  • first key field: public site key
  • second key field: private secret key

Main fields

FieldWhat it meansWhat to enter
reCaptcha KeyPublic site keyThe public key from your chosen provider
reCaptcha SecretPrivate secret keyThe private verification key from your chosen provider
Captcha ProviderActive captcha serviceChoose one provider only: Cloudflare, Google V2, Google V3, or hCaptcha

Form protection switches

You can turn captcha on or off for:

  • Customer Authentication
  • Exchange
  • Review
  • Contact
  • Verification
  • Withdrawal Amount
  • Profile Update
  • Password Change
  • Track Order
  • Admin Authentication

Review ReCaptcha

Review ReCaptcha protects customer review forms from spam and automated submissions.

When you enable it, users must complete captcha before sending a review from pages such as:

  • the exchange order page
  • the customer review page

This switch does not affect admin-created reviews inside Reviews.

If customer review submission stops working after you enable this switch, check:

  • the public key and secret key are correct
  • the chosen provider matches the keys you entered
  • the captcha widget appears on the review form
  • the review workflow settings in General Settings

Common mistakes

  • putting the secret key in the public key field
  • choosing Google V3 while using Google V2 keys
  • enabling admin authentication captcha before testing the provider
  • enabling many protected forms without checking that the captcha widget appears correctly

Best practice

  • Use one provider only.
  • Test customer and admin login after you save.
  • If a protected form stops working, check the keys and selected provider first.

Safe testing order

  1. Save the keys
  2. Enable one or two low-risk forms first
  3. Test those forms in the browser
  4. Enable the rest only after the first tests work