reCAPTCHA

reCAPTCHA: Tips and Guidelines

User Mistakes

Making mistakes when filling out a form can be a very frustrating exprience for the user. When a user enters the CAPTCHA incorrectly (or any other field in the form), we strongly encourage you to help them by:

  • Re-displaying the form in question with the form data they entered pre-filled, so they don't have to re-enter everything.
  • Adding the error= parameter to http://www.google.com/recaptcha/api/challenge so that the error type is displayed to the user.

reCAPTCHA on an https site

In order to avoid getting browser warnings when you use reCAPTCHA on an SSL site, you should replace http://www.google.com/recaptcha/api with https://www.google.com/recaptcha/api when you request a challenge. Your request to reCAPTCHA would look like this:

<script type="text/javascript"
   src="https://www.google.com/recaptcha/api/challenge?k=your_public_key">
</script>

<noscript>
   <iframe src="https://www.google.com/recaptcha/api/noscript?k=your_public_key"
       height="300" width="500" frameborder="0"></iframe><br>
   <textarea name="recaptcha_challenge_field" rows="3" cols="40">
   </textarea>
   <input type="hidden" name="recaptcha_response_field"
       value="manual_challenge">
</noscript>

Empty reCAPTCHA Fields

If the value of "recaptcha_challenge_field" or "recaptcha_response_field" is not set when you are processing the form, avoid sending a request to www.google.com/recaptcha/api/verify. This allows you to more quickly deal with simple attempts at spamming.

Writing a plugin?

If you are writing a plugin for an application, you can link to https://www.google.com/recaptcha/admin/create to offer the user a chance to create a key. This url has two optional parameters, "domains" which will pre-fill the domain field of the sign-up page and "app" which can be the name of the plugin you are writing (this lets us track which plugins are popular).

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.