No one likes spam. We jump through all kinds of hoops to prevent it- adblockers, spam filters, math problems, Google Recaptcha, Akismet, the list goes on. In our quest to can the spam we’ve tried all manner of solutions. Sometimes, we even go overboard. This is an article on just that- going overboard.
How can we possibly make too much of an effort to squash the spam that haunts our comment sections, our inboxes, our form submissions? This is a topic that’s less about effort, and more about using the right tools for the job. We’ve noticed that a lot- A LOT- of our users are taking advantage of the Google Recaptcha feature in Ninja Forms. That’s great- that’s what it’s there for. It’s also quite possibly one hoop futher than you or your visitors may need to jump to stay spam free, however. Bear with me for a minute while I explain.
What Spam Protection Does Ninja Forms Offer Me Natively?
No one is advocating going out into the wilds of the interwebs unprotected. We have your back even if you don’t take a single measure to prevent spam. There’s a lot of first time WordPressers out there that don’t even realize the quantities of creepy crawly spam that can infiltrate their form submissions with no protection in place. That’s a terrible user experience, so we’ve designed Ninja Forms to fight spam without you ever having to lift a finger.
Ninja Forms comes equipped with a native honeypot feature out of the box. No setup, no configuration, it’s there working for you from the moment you activate the plugin.
What’s a Honeypot?
A honeypot is a field designed to catch spammers in the same way an actual pot of honey (or a nice tall glass of sweet tea or sugar water) would catch flies. It’s a hidden field placed into every Ninja Form that is programmed to make form submission fail if anything is entered into it.
The vast majority of spam submissions come from automated programs that crawl the web looking for parts of a website to exploit. When they see a form, they are programmed to fill in every field. They can’t tell the honeypot field from any other field on the form, and so they fill it out and form submission automatically fails. By that time the program is off crawling greener pastures.
Honeypots are highly effective and used by web security professionals around the world for many, many applications ranging from spam filtering to network security. There is a high probability that Ninja Forms’ native honeypot feature is all you need to prevent the majority of form spam.
Why Not Google Recaptcha?
There is no question that Google Recaptcha is effective. Like a honeypot, it exploits a weakness in the automated spambots that crawl your website looking for things to exploit. Instead of being tricked into filling in a field that causes submission to fail, Google Recaptcha presents a required field that spambots struggle to fill in properly. Heck, most of us humans can’t read them half the time. And that, that’s exactly where the problem lies.
Negative Impacts of Recaptcha
Recaptcha presents not just a formidable barrier to spambots, but to your leads, contacts, and anyone trying to fill out your form. A fairly fundamental principle of any business is to lower the barriers between your product or service and the consumers that want them. Recaptcha hurts your website in 3 big ways:
- Accessibility
- Convenience
- Conversion
Accessibility
Standard Recaptcha makes your form difficult enough to submit as it is. For a visually impaired individual, it essentially makes your form useless. Standard Recaptcha has been identified as one of the greatest barriers to accessibility on the modern web by accessibility advocates.[1] Google’s NoCaptcha feature reduces that burden, but it’s not an issue on hardly enough people’s radars. It’s effectiveness is also in question to a certain degree.[2]
Convenience
Recaptcha’s most obvious flaw is the fact that it is just plain and simple a pain in the rear to complete. That’s obviously a very subjective statement, but there’s objective evidence to back it up in abundance. Consider these findings from a Stanford University study[3]:
- Almost 33% of the time, any 3 given users cannot agree on the interpretation of a visual captcha
- More than 66% of the time, any 3 given users cannot agree on the interpretation of an audio captcha
- Visual captchas take ~10 seconds for a user to complete, audio captchas almost 30 seconds.
- Users who do not speak English as their primary language have to devote ~20 seconds to solving an English captcha.
Conversion
Your marketing team’s new campaign has attracted just the right people to your page. The exquisitely designed lead magnet has captivated a new visitor. Your carefully crafted call to action is inspired, your potential new lead is ready to do exactly what you’ve spent hours designing all this for aaaaaaand… now please verify that you’re human by pondering this grossly distorted image for something vaguely resembling a series of numbers or letters for a while before you can get what you came for. No, thanks.
There’s no question that Recaptcha’s inconvenience harms conversion. One study by the web engagement and usability group Moz found a 3.2% conversion decrease with Recaptcha enabled.[4] That’s not massive, but it’s probably more than you can comfortably dismiss out of hand.
Should I Be Using Recaptcha?
There are clear drawbacks to using Recaptcha, so the bottom line is that no, you shouldn’t be using it unless there is a compelling reason to do so. The key question to ask yourself is Do I have a form spam problem without Recaptcha? If no, then you should not be using it. Ninja Form’s honeypot feature should be all you need in the majority of cases. If yes, then you have to weigh the balance of the spam submissions you do receive against the negative effects of Recaptcha on your users and your website. Does the benefit outweigh the drawbacks? That’s a question only you can answer.
We hope this has shed some light on Google Recaptcha and helped you make a more informed and conscious decision about its use on your website. If you have any questions at all, feel free to fire away in the comments below!
Bashir Ahmed says:
Hi Quay,
I hate Google Recaptcha codes that’s why I don’t use them on any of my site. I’m thinking to use Ninja form plugin to create Contact Us form and Guest post form.
One of my friend suggested that Ninja forms plugin is far better than any other form plugins. I hope that it will help me.
Thanks!
Quay Morgan says:
Me too! Feel free to drop us a line anytime at https://ninjaforms.com/contact if you have questions!
Cheers,
Quay
David says:
cannot get Google Recaptcha to work
what are we doing wrong?
Thanks,
David
Quay Morgan says:
David,
Make sure you have it configured properly per this document: https://ninjaforms.com/docs/plugin-settings/
And deactivate Contact Form 7 if you have it installed- there’s a known conflict with them & Google Recaptcha.
After that if you still can’t get it set up, drop us a line at https://ninjaforms.com/contact and we’ll get you straightened out!
Cheers,
Quay
Jose says:
I agree with your point of view.
I prefer to suffer some spam but allow my customers to get a great web experience.
Why penalize our customers?
Sam Z says:
Hi! I’ve been looking through articles you’ve posted about the latest Ninja Forms version 3 but couldn’t find an answer: is it necessary to add a honeypot field, or is it automatically part of every form? If it must be added, what is the field called in the form builder?
Thanks!
James Laws says:
Sam, In v3 and higher you no longer need to add the honey pot field. We add this anti-app defense by default for all forms.
Daniel Gonzalez says:
I am using the ninja pop up window to add users to my constant contact then reward them with a downloadable PDF in a second pop-up in the series. Constant contact has shut me down saying that the form is adding to many SPAM users and that I need to add a captcha to the form before they can switch me back on. Can I add a captcha to a Ninja Pop-up window?
Quay Morgan says:
Daniel,
Hey! Honestly not sure what a Ninja Pop-up window is… it’s not something we’ve built, in any case. If you want Ninja Forms in a a modal/pop-up window, I’d strongly recommend WP Popup Maker. Switching solutions here may be all you need to remedy this.
https://wordpress.org/plugins/popup-maker/
Cheers,
Quay
Sara says:
Hello, my honeypot field is showing, how can i hide it?
Quay Morgan says:
Sara,
My first thought is that it’s likely an issue with how your theme is handling the display of the form, but this definitely isn’t the best place for us to handle support. Please drop us a support request at https://ninjaforms.com/contact/
Cheers,
Quay
Jonathan says:
Other than making it more difficult for bots to submit solicitations to me, are there any other benefits to using reCaptcha? In other words, does reCaptcha only stop bots from sending something to me from my online form?
Quay Morgan says:
Correct, it basically filters out programs that crawl the web looking for forms to spam. With the reCaptcha in place, they hypothetically cannot complete the reCaptcha, and therefore can’t submit the form. I say hypothetically because it’s an ongoing battle to stay smarter than the bots 🙂
Cheers,
Quay
Alex says:
Hi,
This post is no longer revelant, Recaptcha v3 is invisible…
Isn’t it?
Alex
Quay Morgan says:
Alex,
Pretty much, yep! We’re working on integrating v3 into the plugin now; work is done and we’re testing it pre-launch. When the update goes live we’ll probably retire or modify this article.
Cheers,
Quay
Christopher says:
is Recaptcha v3 still coming to Ninja Forms?
Donald says:
Hello Ninja Forms!
I love Ninja Forms! Do you still stand by this recommendation to avoid reCaptchas and put my faith in the built-in honeypot?
Thank you,
Donald
Shaylee Hansen says:
Hello Donald,
Thank you for bringing this question to our attention. In 2016 at the time this article was written, the intention was to provide a reCaptcha alternative. More technological barriers existed in 2016 that made reCaptcha difficult to use. Since then, technologies have improved, making reCaptcha (specifically v3 reCaptcha ) easier to use and more convenient. While Honeypots served their purpose they are now considered outdated with the advent of reCaptcha v3.