invisible recaptcha “We detected that your site is not verifying reCAPTCHA solutions”

5,301 views
Skip to first unread message

Antonio R

unread,
May 7, 2018, 6:47:01 AM5/7/18
to reCAPTCHA
Hello,

I'm implementing the invisible recaptcha on rhe login page on my website, following the official guide about how to "Automatically bind the challenge to a button":https://developers.google.com/recaptcha/docs/invisible#auto_render

My html page is made in this way:


 <head> 
[...] 
<script src="js/login.js"></script>
<script src="https://www.google.com/recaptcha/api.js" async defer></script> 
</head> 
<body> 
[...] 
<button type="submit" class="g-recaptcha btn btn-primary" data-sitekey="[...]" data-callback="checkCaptcha" id="loginSubmit">Login <i class="fas fa-sign-in-alt"></i></button> 
[...] 
</body> 
</html>




while the javascript file is:


    function checkCaptcha(token) {
        console.log("re-captcha callback invoked.");
        login();
    }


    function login() {
        [...]
    }





But on the panel page of Google I keep having the message "We detected that your site is not verifying reCAPTCHA solutions. This is required for the proper use of reCAPTCHA on your site. Please see our developer site for more information."

Could some one help me to understand what a I wrong?

Thank you so much in advice.

pa...@paulsilver.co.uk

unread,
May 16, 2018, 5:21:52 AM5/16/18
to reCAPTCHA
Hi Antonio,

This message comes up when you're not doing the verification after the form has been submitted to your server. So usually, once the form is submitted successfully you'll do something like post the form to your server and use PHP or another language to take the form fields and build it in to an email. In that code, Google expects you to send back to them the code the recaptcha put in the form, your secret key and preferably the IP address of the person who filled in the form, and they then verify that it is a legitimate code.

They have some docs about it here: https://developers.google.com/recaptcha/docs/verify but I also found it useful to Google for how to make invisible recaptcha work for the language I was using as I don't think they're very clear about this step.

Doing the verification means a spammer can't just put any old code in the g-recaptcha-response field in your form and your site will accept it, if you do the verify step you're sure it's a person and it feeds more data back to Google so they can improve the service over time.

HTH

Paul
Reply all
Reply to author
Forward
Message has been deleted
0 new messages