The reCAPTCHA feature allows you to further protect your Stripe payment buttons from bots. The reCAPTCHA feature is built into the main plugin. You just have to configure it in the settings.
It is strongly recommended that you enable one of the Captcha options to prevent against any card testing attack.
This plugin uses Stripe elements (their UI building blocks) to offer a fast, easy and unique checkout experience. This is great for your own branding. However, to prevent card testing issue with Stripe elements, captcha is recommended. Please fully read the card testing issue explained on Stripe’s website before you use this plugin.
When you enable this, the reCAPTCHA option will appear when customers click a Stripe payment button. They will simply need to check a box that confirms they are human. This prevents robots from abusing the payment button on your site.
Originally, we wanted to keep the captcha feature optional so only sites that need it can enable it. However, lately we are finding that a few users will have a bot attack and they instantly panic and give the plugin a bad rating. We generally don’t hear from the thousands of other users who never had any issues to show a counter point on record. So we have added a notice in the plugin to enable captcha from the start.
Configuring reCAPTCHA on Your Website
Follow the steps below to configure reCaptcha for your Stripe payment buttons:
- Click on the Stripe Payments -> Settings menu.
- Click on the Captcha tab.
- Mark the checkbox to enable reCaptcha on your website.
- To use reCAPTCHA, you will need to enter in your Google reCAPTCHA v2 API details. You can create or find your API details here.
- You need to get the reCAPTCHA v2 keys. Our plugin uses reCAPTCHA v2 keys. Don’t ask for v3 option since that one doesn’t give us the flexibility to offer the required option to this plugin).
- Once you get your Site Key and Secret Key for reCAPTCHA, copy and paste them in the plugin’s settings. Click the Save Changes button.
- Now your customers will need to complete captcha prior to checking out.
Invisible reCAPTCHA Option
Note: Stripe recommends using the I am not a robot checkbox option. The invisible captcha option doesn’t provide the maximum protection.
The Invisible captcha option doesn’t provide the maximum protection against card testing attack. So we recommend using the “I am not a robot” option.
Customer’s View When reCaptcha is Enabled
Once the reCaptcha feature is enabled, anyone wishing to proceed to the checkout will need to select the reCaptcha checkbox. Checking the reCaptcha box is simple and hassle free for your customers although prevents bots from spamming your payment buttons.
Below is an example of what a customer would see when proceeding to checkout on a reCaptcha protected website. ReCaptcha will appear on all products created using Stripe Payments when this feature is enabled.
