Spam protection (CAPTCHA)

Kentico allows you to protect your website from automated spam bots. You can secure all forms where users enter data, by requiring users to type a security code called CAPTCHA.

You can use CAPTCHA to tell humans and computers apart in the following places:

  • Blog comments
  • Custom tables
  • Page types
  • Forms
  • Forums
  • Message boards
  • Other web parts that allow user input

Changing the default CAPTCHA type

You can choose which CAPTCHA type the system uses:

  • Simple – prompts users to retype a sequence of numbers from an image.
    Simple CAPTCHA

  • Logic – asks users to solve a simple arithmetic problem or to compare two numbers. Example: “one + four”; “Is six > than eight? (true/false)
    Logic CAPTCHA

  • Text – prompts users to retype a sequence of numbers, each number into an individual box.
    Text CAPTCHA

  • reCAPTCHA

    The default reCAPTCHA implementation no longer works after March 31, 2018. See the Using reCAPTCHA section to learn how you can integrate a newer reCAPTCHA version.

    Note that the newer reCAPTCHA cannot be set as the system’s default CAPTCHA type. You can only assign the given form control to specific fields in forms.

The default CAPTCHA type is Simple. To change the default type:

  1. Open the Settings application.
  2. Navigate to the Security & Membership -> Protection settings category.
  3. Under CAPTCHA settings, select a Control to use.
  4. Save the settings.

When you change the CAPTCHA type, all web parts and features that have CAPTCHA enabled use the new type. Also, all fields in custom tables, page types, and forms that use the Security code form control, use the new type of CAPTCHA. Fields that use a specific CAPTCHA control do not change.

Using reCAPTCHA

ReCAPTCHA is an online service which allows your application to tell apart humans and computers.

Important

The default reCAPTCHA implementation in Kentico 10 uses the reCAPTCHA v1 API, which no longer works after March 31, 2018.

To use reCAPTCHA, you can download and import the New reCaptcha package from the Kentico Marketplace.

You need to register your site to use the reCAPTCHA API and obtain a pair of API keys:

  1. Go to https://www.google.com/recaptcha/admin and sign in with your Google account.
  2. Select the reCAPTCHA V2 type (other reCAPTCHA types are not supported).
  3. Fill in all required details, including the domain where your site is running.
  4. Copy your Site key and Secret key.

Next, enter your site’s reCAPTCHA API keys into Kentico:

  1. Open the Settings application.
  2. Navigate to the Security & Membership -> Protection settings category.
  3. Under CAPTCHA settings, paste the Site key and Secret key into the reCAPTCHA public API key and reCAPTCHA private API key settings respectively.
  4. Save the settings.

With the API keys entered into the system, you can create verification fields in page types, forms or custom tables using the imported reCAPTCHA form control.