In today’s digital world, website security is extremely vital especially if you use your website for business purposes. I mean, the internet is littered with bot systems and crazy people looking for vulnerable sites to hack into. Nobody wants to end up like Zynga or Sina Weibo, all the more reason to try as much as possible to make your website secure.
While it’s not possible to cover every hacking loophole, it’s necessary to get the basics right and one of the simplest ways you can do this is by installing a CAPTCHA system.
CAPTCHA is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart.” It’s a type of challenge-response test used in computing to determine whether or not the user is human. Short for Completely Automated Public Turing test to tell Computers and Humans Apart, Google’s Captcha system uses distorted text to verify that the user is a human.
I know the captcha isn’t a favourite to web visitors due to breaking the user experience. However, it plays a critical role in preventing bot attempts such as scraping for ad revenue diversion, fraudulent transactions with stolen credit cards, account takeovers (ATO), creation of new accounts, false posts with malicious links, and money laundering, just to mention a few.
Google reCaptcha
Google reCaptcha was the first captcha system developed for general internet users. While the current version may look appealing and advanced, it is all thanks to numerous updates from the original version.
Unlike the previous v2 version which used a challenge system to verify users, the current v3 and enterprise versions use a more advanced score system. They don’t require any user interaction, thereby making the browsing experience more seamless and comfortable.
Here is an image of the v2 “I’m not a robot” checkbox system
Google reCaptcha v3 is based on a Javascript API that monitors a visitor’s browsing habits, comes up with a ‘humanness’ score, and then displays the score to you with recommendations on the actions you should take to either block the user or request further verification.
Cons of using Google reCaptcha
- It is free for only 1-1,000,000 CAPTCHA calls per month. If your website receives more than one million visitors per month you might have to pay $1,000 to enjoy the service.
- One of the biggest con and the reason why I don’t recommend Google reCaptcha is that the enterprise version uses cookies to determine the scores. This means that it favours visitors that use Google services, for example, those that visit your website while logged into their Gmail accounts on Chrome. It could misjudge other genuine users thereby forcing them to take captcha challenges which could affect your traffic.
- Google has a cunning tendency of collecting your users’ personal data without your consent and this includes in Google reCaptcha. They aim to personalize ads to the users which don’t sound fair at all. They should inform the users about it.
- Also, Google reCaptcha doesn’t work in China. If your market is Chinese or you get most of your traffic from China you definitely to find another solution.
Talking of another solution, here an excellent alternative to Google reCaptcha
hCAPTCHA (human Captcha)
Just a quick brief, hCaptcha was designed by IMI, a company that deals with visual domain machine learning and meta-learning. It was developed as a quick internal solution for the company but on the realization of how successful it became, they decided to make it available for the general public.
hCaptcha is a free anti-bot system that uses simple yet intuitive challenges to verify human users. It is free to use and actually pays you commissions for value creation in data labelling. They two subscription options; publisher option which is free but a little limited, and the enterprise version specifically built for big companies that receive millions of web visitors each month.
Here is a sample of the challenges they offer.
Why Cloudflare moved to hCaptcha
One of the trending news on the internet is Cloudflare’s shift from Google reCaptcha to hCaptcha. While this doesn’t come as a surprise, it clearly explains the differences between the two platforms and definitely the superiority of hCaptcha.
Cloudflare claims the reasons for the shift to be higher privacy in the case of hCaptcha and reduced cost. In the real sense, Cloudflare has agreed to be paying Intuition Machines, the company behind hCaptcha, rather than go for the free option which would make hCaptcha to pay them instead. However, the agreed payments are considerably low compared to Google reCaptcha’s enterprise version.
The second reason is increased privacy since they no longer have to worry about Google’s privacy-intrusive data collection policies. And secondly, they don’t worry about dealing with the Chinese market anymore since hCaptcha can be used all over the world.
Should you switch from reCaptcha to hCaptcha?
The Cloudflare move really sets the pace for a dominance turn of tables in the case of Google reCaptcha. There is often a popular belief that Google reCaptcha is the best in the industry but not anymore. You are now sure that there is a better, more privacy-friendly system out there that you can comfortably use without ever worrying about your website’s security or your customers’ privacy against Google.
Therefore, it is a definite YES for me. You need to shift from Google reCaptcha to hCaptcha.
Setting up your hCaptcha account
It is so easy to set up an account with hCaptcha. All you need is to visit their website – click here – click on the sign-up button at the top right corner and follow the process. It is super simple and you’ll be done in minutes, especially if you’re migrating from Google reCaptcha.
Integration
hCaptcha has been gaining massive popularity in the past few years since its launch, a good thing for web developers and owners. This means that it’s becoming easy to integrate it with your form apps like WPForms.
If you’re using WPForms v1.6.4. you can easily integrate hCaptcha into your WPForms system. Visit your WPforms settings section and you’ll see the option to select either hCaptcha or Google reCaptcha, as shown below.
You can then visit hCaptcha’s settings section to set different options as you desire. For example, enabling no-conflict more, tweaking your fail message, among other options. Here is a sample of how it appears to your visitors.
Talking of Wpforms, if you aren’t using it you’re losing on a lot of form building and management potential. It is the best WordPress form plugin.
Just to give you a clue, it has over 4 mil downloads and a review rating of near perfect, 4.9 stars.
It features a super simple drag and drop form builder with hundreds of free and premium templates and building blocks that you can just tweak to fit your needs. You can use it for all types of forms such as contact forms, payment forms, survey forms, newsletter forms, among others.
You can click on this link to visit Wpforms; however, if you are not yet convinced, you can read our honest unbiased review of Wpforms here.
Wrap Up
There is a lot to enjoy with hCaptcha. You’re guaranteed of your visitors privacy, seamless browsing experience, and ultimate protection from bots. And best of all, you’re not sacrificing anything in terms of integrations with other plugins that you might be using.
With that said, I hope you found this article helpful and wish you all the best in your migration journey.