Have you ever heard of Google Recaptcha? Probably not, and why would you?
Doubtless you have seen it though.
Have you been to a website contact form where you have to check a box to say “I am not a robot”, or “Click all the buses”. This is Google Recaptcha.
Google Recaptcha – main purpose
The key purpose of this tool is to prevent spamming.
Let’s say you have a contact form and no means of protection. The spammer could do something that makes your form send multiple times over….. The result is your website sending out multiple emails, thus possibly being seen as ‘spamming’. Not good!
The other places you often see this is when you say “I’ve forgotten my password”, or “Create my account” on an ecommerce website. It stops “spam bots” trying to run these things over and over again. It also makes for good, or indeed bad SEO, if done right or wrong.
It’s just a means to stop “multi-triggering” of forms. But can this method be too harsh, and does it get annoying? Simple answer, in our view – YES.
Example: you go to a contact form, fill out all the details, and then it says “click all the bicycles”. you click them all and ‘Verify’…. oh dear, something went wrong and you have to do it again.
It does get tiresome, but it is needed. These are the places though that we usually find this security feature:
- Contact Forms
- Forgotten Password
- Reset Password
- Create Account
- Submit Review
There is frankly no need for it to be in other places. But what about other security measures?
What else can you do?
Let’s talk about logging in to a website.
You get to the page, enter your username and password and you are in. Simple. How do you stop that being ‘spammed’.
If someone tries with admin and a password, and again, and again…. how do you stop that?
The Google Recaptcha will slow them down, but from the user point of view to ‘get in’ to their account, it’s a pain. In our experience, most sites do not do this on the Login screen.
They have hidden ways to deal with it that are far less intrusive.
In our view, Google Recaptcha doesn’t really help here. It adds a layer, sure, but it makes it a hindrance and as such, can lose you customers who get bored of trying.
In fact, real world example: we trialled this on a website and couldn’t actually get back into the admin area! No matter what we tried, it failed. We were locked out. So we had to use a ‘back door’ method, as hosts, to remove it. On a login – not a good idea!
Instead, it’s just simpler to stop multiple attempts at logins and forgotten passwords.
Let’s say BadPerson1 decides to use ‘admin’ as a login. Do you have such a login username? Maybe not. Well, if they try many times, you can kick ’em out. Quite literally say “if after x attempts with this, you are outta here”. It’s so simple to do. You can also permanently bar them if they keep trying.
So you try your username and password 5 times for example and it fails. Why would you do that? Most people after 2-3 attempts, try forgotten password. If that fails after even just 2 attempts, you tend to contact the website about this.
There are methods to bar that user form the system after “too many attempts”.
This is a better method, than Google Recaptcha, in our view, because that “annoying barrier” is not there, and yet your security is still setup properly. Boy is it secure!!
Barriers are great – but don’t put them there when not really needed. It will simply push the customer elsewhere, and give YOU a bad reputation.
How do I install Google Recaptcha?
If your website is on WordPress, we can do it for you. It needs a Google account (free), and a plugin to handle the various areas of your website (free). The cost is just down to the time involved in setting it up. In theory it doesn’t take more than an hour to do. So if you are concerned about such matter, do please get in touch.
So what have we learned here? GR has a brilliant system to prevent spamming and multi-trigger events. But don’t rely solely on this. Think of the customer experience. You never want them to end up ‘frowning’ on your website…. “But I clicked all the flamin busses…. “
What happens if you do get malware or a virus?
This is code – or files that have been somehow added to your hosting server, that has created a serious flaw in your website. Sometimes it can redirect your site elsewhere, it can also create a ‘bridge’ with access to your system from another source. Scary stuff. But there are things we can do – our WordPress Malware Removal service can scan to see how your site is dealing with it. Sometimes it can be a simple cleanup – like a vacuum cleaner over the viruses.
But at other times it can go much deeper, within the core WordPress files, and other plugin files. This is when it’s serious! How do we deal with that? Generally by migrating your core content over to new hosting. Exporting content and more.
We also provide WordPress Security packages, which does a heck of a lot to stop these things happening in the first place. Much of which are shown in this blog, but there are other measures, including WordPress Hosting that has multi-layered security,.