How to Prevent Fraud by Using a CAPTCHA System (Recommended)
In This Document
A CAPTCHA is an anti-spam technique which helps to protect your website from spam and abuse while letting real people pass through with ease. This can help automatically protect your custom payment forms from excessive declines occurring due to card testing, spam, and other fraud.
Choosing a CAPTCHA Service
WP Simple Pay supports two popular services, hCaptcha and Google’s reCAPTCHA.
|hCaptcha||Image Challenge||Free||On-site payment forms|
|reCAPTCHA||Invisible/No Friction||Free||Off-site Stripe Checkout forms|
Google’s reCAPTCHA uses an “invisible challenge” by monitoring the user’s behavior on your site to look for what it considers suspicious activity. When a payment form is submitted reCAPTCHA will assign the user a score. If the score is below the set threshold the request will be rejected.
hCaptcha is a free reCAPTCHA alternative that focuses on user privacy. It only ever collects necessary user data, and clearly lays out which information it collects and how it uses those details. hCaptcha offers you control over the difficulty of the image challenge, ranging from Easy to Always On. Each difficulty level influences how often your users will see an image challenge.
hCAPTCHA works by preventing non-humans from interacting with your page, meaning that an attacker’s automated system will not be able to use your payment form.
Register for hCaptcha
To enable hCAPTCHA, register your site with hCaptcha:
If you find the Moderate Passing Threshold setting is not reducing card testing, spam, etc., you can switch to the Difficult setting which will show harder challenges.
Configure hCaptcha in WP Simple Pay
After registering you will be redirected to a page where you can retrieve your Sitekey to enter into your WP Simple Pay Pro settings.
Your Secret Key can be found by clicking on your avatar in the top right corner of the screen to open your account menu. Then click on Settings. Next, copy your secret key from the Secret key section on this screen.
You will find the hCAPTCHA settings in the WP Simple Pay → Settings → General → Anti-Spam tab.
You’ll know things are set up correctly when you visit or preview your payment form and see hCAPTCHA’s challenge added to the payment form.
Google’s reCAPTCHA works by preventing non-humans from interacting with your page, meaning that an attacker’s automated system will not be able to use your payment form.
Register for reCAPTCHA
To enable invisible reCAPTCHA, register your site with Google choosing the reCAPTCHA v3:
Configure reCAPTCHA in WP Simple Pay
After registering you will be redirected to a page where you can retrieve the necessary credentials to enter into your WP Simple Pay Pro settings.
You will find the reCAPTCHA settings near the bottom of the WP Simple Pay → Settings → General → Anti-Spam tab.
If you find the Default Score Threshold setting is not reducing card testing, spam, etc., you can switch to the Aggressive setting which will be more stringent in its analysis.
You’ll know things are set up correctly when you visit your website and see Google’s reCAPTCHA privacy and terms overlay in the lower right-hand corner of the page.
Using additional reCAPTCHA implementations
If you have multiple plugins using reCAPTCHA in addition to the WP Simple Pay implementation, such as Contact Form 7 or another payment plugin, please ensure they are set up using reCAPTCHA v3. Also, use the same Site and Secret keys as entered above to avoid any potential conflicts.