Introduction

The reCAPTCHA element helps protect your site from spam and automated abuse. Visitors must complete a challenge, like clicking a box or identifying objects in images, to prove they are human before performing actions like submitting data, logging in, or accessing private content.

Important:

To ensure complete protection, you must include backend authorization as a mandatory step of the CAPTCHA validation lifecycle outlined below.

Typical CAPTCHA Validation Lifecycle

The following outlines the typical lifecycle for CAPTCHA validation:

  1. A button or another clickable element that triggers a submit, login, or another restricted operation is disabled, pending CAPTCHA verification.
  2. A site visitor completes the CAPTCHA challenge. One of the following occurs:
    • Verification: The CAPTCHA is verified. A token is generated. The onVerified() event confirms successful completion of the CAPTCHA challenge. Use this event handler to enable the previously disabled clickable element.
    • Error: The reCAPTCHA element loses connection with the CAPTCHA provider. You can use the onError() event handler to instruct the visitor to try again later. Return to Step 1.
  3. The clickable element is enabled. One of the following occurs:
    • Click: The site visitor clicks the clickable element, triggering a backend function that calls authorize() with the generated token from the previous step to check whether the token is valid (authorized).
    • Timeout: The site visitor didn't click the submit button within 120 seconds of token generation, causing the token to expire. When timeout occurs, the reCAPTCHA element automatically resets and displays a message asking the site visitor to redo the challenge. Use the onTimeout() event handler to disable the clickable trigger. Return to Step 1.
  4. In the token authorization process, one of the following occurs:
    • Authorization: The CAPTCHA token is authorized. Perform the restricted operation (such as data insert) in the backend function. Call reset() to reset the reCAPTCHA element for future operations.
    • Error: Token fails authorization. Call reset() to reset the reCAPTCHA element and ask the visitor to redo the challenge. Return to Step 1.

Notes:

  • To use CAPTCHA for data submission via a dataset, you must implement the submission using code. For example, use Wix Data APIs like insert() or save() to handle the data operation and integrate CAPTCHA for protection.
  • You can add reCAPTCHA to Wix Forms and Signup & Login Settings for site members without code.

Learn more about working with your reCAPTCHA element.

Did this help?