reCaptcha removal

I have looked at the “reCaptcha” function after following up on the “font awesome” discussion and switched it off for the moment.

The reCaptcha button disappears, but the following text:
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.” remains visible.
I have not found a way to remove the statement and the embedded links from the contact form. Is there a way to do this, which I may have overlooked? If not how can this be accomplished?

Thanks for your advice.

go to Backlight Admin > Settings > Languages
Scroll down to Contact Forms where you’ll find Google reCAPTCHA v3 Privacy Policy and Terms text.
Remove the text and save

Thanks Rod, I would have never found that spot myself :slightly_smiling_face:.
The whole thing is still a bit tricky, since Backlight won’t accept an empty entry (also blanks don’t work), it just re-inserts the original text when saving - there needs to be at least some text. I have for now just left: This site is protected.
The Backlight entry says it is for reCaptcha V3, whereas I was using V2. I would have probably not make the link to V2 myself.
Anyway, this is all for those who will search for the same thing. I am hoping there might be an alternative for reCapture in the future.

Thanks again for your help.

I haven’t tried this, but try removing any recaptcha credentials you have in Backlight Settings

Thanks Rod, will try that eventually.

I can’t find a way of removing that text. On my test site, I’ve not even added the reCaptcha credentials to the settings and the message still displays.
The only way I can see of removing it is with custom css. This works:

.google-recaptcha-privacy-and-terms-text {
  display: none;

The text should only display when reCAPTCHA v3 is enabled for a contact form. I’ve put in a fix for this, which will come through in our next updated.

In the mean time, if you change the Backlight setting for Google reCAPTCHA v3 Privacy Policy and Terms display to ‘Show reCAPTCHA badge’ then it should no longer appear.

changing the setting for Google reCAPTCHA v3 Privacy Policy and Terms display removes the sentence.
Switching reCaptcha off is not really the solution since the spam comes flowing in … but there is currently no alternative when one wants to avoid being charged by some of these tricky lawyers in Europe.

Is there a chance for an alternative to reCapture in the future?

My comment was in the context of removing that text when you’re not using reCAPTCHA.

It’s not so clear cut that using reCAPTCH is in breach of GDPR rules. According to this article, it’s more a matter of informing users of the information that’s being transmitted and gaining their consent.
Of note there is that reCAPTCHA v2 is the more privacy-conscious approach. Is Google Recaptcha GDPR compliant?

Hi Ben,
I had understood that your comment was in the context of removing the text. Sind we have been discussing reCAPTCHA in this post I had taken the liberty to ask for an alternative.
Now, I have been reading a bit more and since the influx of SPAM has been annoying since I have switched reCAPTCHA off, I might be turn it on again. In light of the post you have linked to and the fact that my site is a purely private one with no business intentions, it seems to be an acceptable risk.
What I would like to ask though is the following: A number of posts are about using the “honeypot method” for SPAM protection, which seems to be very effective (example from IBM here).
This would be something as a method you could implement yourself without using an external connection avoiding the problems with reCAPTCHA. Would be nice to hear your opinion eventually.
Cheers, Alfred

Hi @alfred, our contact form has had support for a honeypot going back probably to before Backlight existed. We found that it had become less effective over time, and disabled it in our code when we implemented reCAPTCHA.

I’ve just tried it out and there’s a bug that I’ll need to fix for it to work again. I’ll put in a fix in and update you on this.

Once fixed, the honeypot can be activated by:

  1. Renaming the file backlight/env.php.skel to backlight/env.php
  2. Editing the file and adding a line to enable the honeypot so that the top of the file looks like:

define('ENABLE_HONEYPOT', true);

Hi Ben,
regardless of how this will end, I am appreciating your quick and substantial reply. Your response shows that there are good reasons why I have been supporting the ttg products for quite some time now!
Questions have been answered in no time, and the help when I got stuck a few times was always outstanding and has in all cases helped me to resolve the issues.
You all are listening to your customers, and I can’t thank you enough for that. Something I needed to write :blush:.
I will wait until I get your confirmation that you have made the changes and then I will test them and report back the results.
Cheers, Alfred

1 Like

Hi Alfred, thanks very much for the kind words! We try to solve what we can.

I have added a fix for the honeypot. Can you visit Backlight Modules and click Reinstall for module-admin? The honeypot should then be functioning once you follow the steps above about env.php.
I can help verify this if you let me know when the changes are done. The honeypot is a field called Address. It doesn’t clash with your own fields, as ‘fixed’ fields such as Name, Email, and the honeypot Address use a different parameter naming scheme to the Extra Fields.

1 Like

HI @ben I have done everything you have suggested and I can still send messages as a normal visitor so, that all looks OK.

Since I have activated the honeypot solution the number of unwanted bot-spam messages has dried up, it seems to work well :blush:.

Thanks again, Alfred

1 Like

Hi @alfred, that’s great to hear! Can you update again in a few days about whether this continues to be effective?

Hi Ben,
will do by the end of next week, before I head off to Cape York.

1 Like

Hi @Ben, I tried activating the honeypot on my site too after reinstalling module-admin. I think there’s been a little less spam. Maybe?

1 Like

Hi @Ben and @rod_barbee before I have activated the honeypot solution I had up to 8 SPAM messages per day, there was at least one every day.
Since I have activated the honeypot, I am down to one message every 3-4 days. For me this is a significant improvement.

As an additional information: For all remaining cases the “website” entry was always a country name, e.g. Russia, Ukraine or whatever. Checking whether an entry in that field was a genuine URL would have prevented any SPAM message from coming through.

I’ll keep it activated and see how things develop over time.

Cheers, Alfred

Hi all,

I have a clean Backlight5 Kookaburra installed and I don’t use Google’s reCaptcha because of this European law.
So I followed Ben’s Honeypot tip :
reinstalled module-admin
renamed to env.php an entered “define(‘ENABLE_HONEYPOT’, true);” below “<?php”
But messages will not be sent.

Renaming to env.php.skel everything works fine.

Is there any solution for this?

Thank you in advance.

Best regards,

Could be a syntax error involving curly quote marks. Did you open the file and add the code in a plain text editor?