- This topic has 2 replies, 2 voices, and was last updated 3 years, 5 months ago by
.
-
Posts
-
Hi,
I need to protect my forms because of too much spam. I want to use hCaptcha with manual forms. To do so, I need a serverside verification script. I can easily use a Javascript, but that would expose my secret key to the world. The only viable option is to use a PHP script.
I plan to have a form with JS onsubmit to do the verification. If successful, the validation will submit the form or reject it with an error message.
I don‘t know where to put the PHP because all the others are in Elements. I don‘t use a child theme but have all done with Elements. Can I use an Element that holds the PHP script (execute PHP) to serve as the validation endpoint? If not, what would be the preferred solution?
Lead Developer
Hi there,
Elements are primarily meant to be used for displaying HTML – not for server-side stuff like this.
You’re better off using one of the methods in the following link to add the necessary PHP to your site: https://docs.generatepress.com/article/adding-php/
So, after many backs and forth, I finally found a way to implement hCaptcha invisible to my forms. I did not use Elements for it, but the suggested Snippets plugin, which I already had. The trick is to create a shortcode that first renders a form and second validates the input server-side via PHP. That works great for the visible captchas.
However, the invisible hCaptcha has some disadvantages (and I guess the same is true for invisible reCaptcha) that causes me to abandon the idea. It would either validate before any fields are being validated or would pop up even if the user does not want to fill in the form. The only options that would work are reCaptcha V3 and BotStop from hCaptcha. The former is not legally usable in the EU, and the latter is not free.
I will use the honeypot method for the time being, although bots become smarter and smell those pots more often than I’d like.
- You must be logged in to reply to this topic.