Setup Google reCAPTCHA

Protect your forms from spam and abuse with Google reCAPTCHA. This guide shows you how to set up reCAPTCHA v3 for your forms.

What is Google reCAPTCHA?

Google reCAPTCHA is a free service that protects your forms from spam and abuse. It uses advanced risk analysis techniques to tell humans and bots apart.

reCAPTCHA v3 Features

• Invisible to users - No puzzles or challenges to solve
• Score-based verification - Analyzes user behavior
• No interruption - Smooth form submission experience
• Free to use - No cost for most websites

Before You Start

Make sure you have:

• A Google account
• Access to your form builder settings
• Your store domain ready

Step 1: Register Your Site

Go to Google reCAPTCHA

1. Visit Google reCAPTCHA Admin
2. Sign in with your Google account
3. Click + to create a new site

Fill in Site Information

Field	What to Enter
Label	Your store name (e.g., “My Shopify Store”)
reCAPTCHA type	reCAPTCHA v3
Domain	Your store domain (e.g., mystore.myshopify.com)

Add Required Domains

Enter these domains in the Domains section:

1. Your store domain: your-store.myshopify.com
2. Your custom domain (if any): www.yourstore.com
3. App domain: qivra-form-builder.com

Important: Add all domains where your forms will appear.

Accept Terms

1. Check “Accept the reCAPTCHA Terms of Service”
2. Optionally check “Send alerts to owners” for notifications
3. Click Submit

Step 2: Get Your Keys

After registration, you’ll see two keys:

Key	Description
Site Key	Public key used in the frontend
Secret Key	Private key used for verification

Copy Your Keys

1. Copy the Site Key (starts with 6L...)
2. Copy the Secret Key (starts with 6L...)
3. Keep these keys secure

Note: You can always find these keys later in the reCAPTCHA Admin console.

Step 3: Configure in Form Builder

Open Settings

1. Go to your form builder app
2. Navigate to Settings > Integrations
3. Find Google reCAPTCHA section

Enter Your Keys

Field	What to Enter
Site Key	Paste your Site Key from Google
Secret Key	Paste your Secret Key from Google

Enable reCAPTCHA

1. Toggle Enable reCAPTCHA to On
2. Click Save

Step 4: Enable for Forms

Per-Form Settings

1. Open a form in the Form Builder
2. Go to Settings > Spam Protection
3. Enable Use Google reCAPTCHA
4. Save the form

Global Settings

To enable for all forms:

1. Go to Settings > General
2. Find Default Spam Protection
3. Select Google reCAPTCHA
4. Save changes

Step 5: Test reCAPTCHA

Test on Storefront

1. Go to a page with your form
2. Open browser DevTools (F12)
3. Go to Console tab
4. Submit the form
5. Check for any reCAPTCHA errors

Verify in Google Console

1. Go to reCAPTCHA Admin
2. Click on your site
3. Go to Analytics tab
4. You should see requests appearing

Check Submission

1. Submit a test form
2. Go to Submissions page
3. Verify submission was recorded
4. Check for spam score (if available)

reCAPTCHA Settings

Score Threshold

reCAPTCHA v3 returns a score (0.0 - 1.0):

Score	Meaning	Action
1.0	Definitely human	Accept submission
0.5	Likely human	Default threshold
0.0	Definitely bot	Reject submission

Recommended: Keep default threshold (0.5) unless you have specific needs.

Adjusting Threshold

1. Go to Settings > Spam Protection
2. Find reCAPTCHA Score Threshold
3. Adjust the value:
   • Lower (0.1-0.3): More strict, may block legitimate users
   • Higher (0.7-0.9): More lenient, may let some spam through

Troubleshooting

”Invalid site key” Error

Cause	Solution
Wrong key copied	Re-copy from Google console
Key deleted	Create new site in Google
Typo in key	Check for extra spaces

”Domain mismatch” Error

Cause	Solution
Domain not registered	Add domain in Google console
Wrong domain format	Use domain without https://
Missing subdomain	Add both www and non-www

Form Not Submitting

Cause	Solution
JavaScript blocked	Check browser settings
Ad blocker	Disable for testing
Keys not saved	Re-save settings

Still Receiving Spam

If spam continues:

1. Lower the threshold

   • Go to spam protection settings
   • Decrease score threshold

2. Add honeypot field

   • Enable in form settings
   • Additional bot detection

3. Enable rate limiting

   • Limit submissions per IP
   • Prevent spam floods

Managing Multiple Sites

For Multiple Stores

If you have multiple stores:

1. Option A: Separate Keys

   • Create new site for each store
   • Use store-specific keys

2. Option B: Same Keys

   • Add all domains to one site
   • Use same keys everywhere

Adding New Domains

1. Go to reCAPTCHA Admin
2. Click on your site
3. Go to Settings
4. Add new domain
5. Save changes

Best Practices

Do’s

• Keep Secret Key private
• Test after setup
• Monitor analytics regularly
• Update domains when changing store URL

Don’ts

• Don’t share Secret Key publicly
• Don’t use keys from other sites
• Don’t set threshold too low
• Don’t ignore analytics

Privacy Considerations

User Data

Google reCAPTCHA collects:

• User interaction data
• Browser information
• IP address

Compliance

For GDPR/privacy compliance:

• Add reCAPTCHA to your privacy policy
• Inform users about bot detection
• Consider cookie consent implications

Privacy Policy Text

Add to your privacy policy:

“We use Google reCAPTCHA to protect our forms from spam and abuse. This service may collect user interaction data and browser information. See Google’s Privacy Policy for more information.”

Video Tutorial

Play

Related Docs

• Frequently Asked Questions
• Spam Protection Settings
• Form Not Displaying
• Submission Issues