Protecting Forms

Protecting your website from spam and automated bots is crucial to maintaining data integrity, and the overall functionality of your webforms. Without proper defenses, bots can flood it with spam messages, and even attempt fraudulent activities, resulting in wasted resources and potential security threats. By implementing preventive measures such as CAPTCHAs and other verification tools, you can ensure that only legitimate users interact with your forms, safeguarding your site from unwanted disruptions and enhancing the user experience.

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of challenge-response test used on websites to determine whether the user is a human or an automated program. You typically recognize a CAPTCHA when a website asks you to type in distorted letters and numbers, select images that match a description (like all the pictures with traffic lights), or solve simple puzzles before submitting a form or accessing certain features.

In the case of forms, CAPTCHAs protect them in two key ways:

• Prevent automated spam: CAPTCHAs stop bots from automatically filling out and submitting webforms (such as contact forms, sign-ups, and comments), which helps protect your site from spam and junk data. This is particularly relevant if you utilise forms as a means of engaging with a wider target audience (e.g. call for submissions, applications, and similar).

• Reduce fraudulent activity: They make it harder for bots to abuse registration forms, submissions, and login systems, which can otherwise be targets for brute-force attacks or scalping. Indeed, CERN Computer Security routinely scan CERN websitse for vulnerable forms as a security precaution.

There are multiple CAPTCHA options, though at the moment we recommend hCaptcha.

Create a hCaptcha account

1. Visit the hCaptcha Dashboard and sign up using your CERN email address.

2. Complete your account setup by following the link in the email send by hCaptcha to verify your email address.

Configure hCaptcha for Fluent Forms

1. Login to the hCaptcha Dashboard.

2. Click the Add Site button, provide your preferences for enabling the CAPTCHA (e.g. domain) and configure settings to suit your needs.

3. Press the Save button.

4. In the admin panel of your WordPress dashboard, navigate to Fluent Forms -> Global Settings -> Security -> hCatpcha. This is where you can add the Site Key and Secret Key obtained from the hCaptcha dashboard (explained in the next steps).

5. Find the Site Key underneath the site name in your list of sites on your hCaptcha dashboard.

6. Create the Secret Key by visiting the URL provided in the administration panel: hCaptcha Secrets Settings. Click Generate New Secret to obtain the key. Make sure to copy and save the key.

7. Once you have entered both keys in to the Fluent Forms settings menu (shown in step 4), click the Save Settings button.

Adding hCaptcha to Forms

In order for hCaptcha to protect your forms, you need to add the hCaptcha field to each form you want to protect.

1. Navigate to Fluent Forms -> All Forms in the admin panel of your WordPress site.

2. Select the form you want to protect and click on the Edit button.

3. Insert a hCaptcha field in the form.

4. Save the form and preview it in a browser to verify that the hCaptcha field is visible and functional.