Captcha Plugins
The launch of the Joomla! 5.x Series saw the removal from the Core Joomla! CMS of the:
+ Google reCAPTCHA Plugin, and the
+ Google Invisible reCAPTCHA Plugin.
Despite removal from the Joomla! Core, the Joomla! 5+ Update Process does not remove the Google Invisible reCAPTCHA Plugin.
So users of Joomla! 5+ websites (which were updated from Joomla! 4 or earlier in the past) will see the Invisible reCAPTCHA Plugin listed in the Plugins screen of their website Dashboard.
No official explanation for this appears to have been published by The Joomla! Project.
There is however the following reference in the following Official Publication.
Read more: Planning to upgrade from Joomla! 4 to Joomla! 5
Extract: Google reCAPTCHA
"If you are using Google reCAPTCHA in J4, you should replace it with Invisible reCAPTCHA prior to upgrading to Joomla 5 (or a third-party solution). J5 will not include Google Recaptcha any longer. The Recaptcha plugin will be uninstalled upon upgrade to J5. The Invisible reCAPTCHA plugin still exists if you’ve upgraded from 4.4.x. You can enable it and set it up with new keys so you can use Invisible reCAPTCHA instead. Or you may use another third-party solution. Fresh installations of Joomla 5.x do not include any reCAPTCHA plugins in the core. Fresh installations of Joomla 5.x will need to use a third-party plugin/solution."
Source: Official Joomla! Documentation.
There was some consternation expressed in the Joomla! Support Forums about the de-coupling of Google CAPTCHA from the Joomla! Core.
And some confusion regarding why Invisible reCAPTCHA was not uninstalled during the Joomla! 5+ Update Process.
Exclusion of Google ReCAPTCHA from the Core does seem to make sense in terms of data privacy and GDPR.
Reason: use of Google reCAPTCHA apparently results in the loading of Third Party Cookies.
There are Third Party alternative Captcha Plugins listed in the Joomla! Extensions Directory.
Read more: JED Captcha Extensions
Example GDPR Friendly Third Party Captcha Plugin: Aimy Captcha-Less Form Guard.
Read more: Aimy Captcha-Less Form Guard
Ways of working without having to rely on Captcha Plugins
If your website does not have user registration enabled, and you can get by without publishing interactive forms (example: contact form) then you may be able to get by without using any Captcha Plugins in your website.
Here are some things you can do to protect your website when you choose not to use a Captcha plugin.
- Disable user registration.
- Hide the Contact Form.
- Unpublish the Login Module in the Front End.
- Toggle the setting in a WYNCHCO Template to hide the Password Reset and Password Reminder fields.
- Publish an email contact address instead of a contact form.
Note: the Joomla! CMS by default protects published email addresses from bots using javascript.
Items 1-4 are the default settings in a WYNCHCO Website Design.
You should also seriously consider adding a Web Application Firewall to your website.
Read more: Web Application Firewall.
Getting started
If you want to use the core Captcha - Invisible reCaptcha Plugin (assuming it is available to you) then you will first need to acquire some Google Captcha Keys.
To do so visit: https://www.google.com/recaptcha/about/
and select Get Started with Enterprise.
Remember to read the small print about pricing.
Next, in your website's Dashboard, add the Keys to the plugin (see below).
Enable the plugin.
And finally, select a Default Captcha in the Global Configuration screen of your website's Dashboard.
You will also need to check and change (if necessary) the Captcha settings in the:
- Users > Options (to protect user registration), and
- Contacts > Options screen (to protect the contact form).
When configured and enabled, the Captcha - Invisible reCaptcha Plugin requires no user interaction in the Front End unless the Captcha algorithm identifies a suspect bot.
A dodgy response will trigger a puzzle to be solved.
