Login
Schedule a Call

How to Migrate reCAPTCHA to Google Cloud

Uncategorized
19 Mar WP Sprints

How to Migrate reCAPTCHA to Google Cloud

What is Google Captcha? 

Google reCAPTCHA is a service from Google that helps protect websites from spam and abuse. It works by using advanced risk analysis techniques to tell humans and bots apart. This helps to prevent automated software from engaging in malicious activities on your site, such as:

  • Creating fake accounts
  • Submitting spam comments
  • Performing brute-force attacks on logins
  • Scraping content3

Types of Google Captcha

Here are the main types of Google reCAPTCHA:

  • reCAPTCHA v2 (“I’m not a robot" Checkbox): This is the most common type you’ve likely encountered. It presents users with a checkbox that they must click to confirm they are human.4 In some cases, after clicking the checkbox, it might present further challenges like identifying specific objects in images (e.g., “Select all squares with traffic lights"). It uses a site key and a secret key for integration.5
  • reCAPTCHA v2 (Invisible reCAPTCHA): This version also uses the same underlying technology as the checkbox version but aims for a more seamless user experience. Instead of a visible checkbox, the captcha verification happens in the background when the user interacts with certain elements on the page (like submitting a form).6 It still uses a site key and a secret key.7
  • reCAPTCHA v3: This is a completely invisible version that doesn’t require any user interaction.8 Instead, it assigns a score (from 0.0 to 1.0) to each interaction indicating how suspicious it is.9 You, as the website owner, can then decide what action to take based on the score.10 For example, you might allow submissions with a high score but require further verification for submissions with a low score.11 This version uses a single site key for integration.
  • Enterprise reCAPTCHA: This is a more advanced version built for larger organizations. It offers all the features of reCAPTCHA v3, along with additional benefits like:
    • Mobile app support12
    • Detailed analytics and reporting13
    • Integration with security information and event management (SIEM) systems
    • Improved accuracy in detecting sophisticated bots.

Essentially, Google reCAPTCHA acts as a gatekeeper for your website, ensuring that genuine human users can access and interact with your content while blocking malicious automated traffic.14 The different types offer varying levels of user interaction and sophistication in bot detection.

Notice you have received (what does it mean in detail)

By the end of 2025, all Google reCAPTCHA keys will need to be associated with a Google Cloud project, unifying reCAPTCHA under a single set of features, terms, and pricing. Google will send a notice to Classic customers early in 2025 and automatically provision a Google Cloud project for eligible keys shortly after.

Here’s a more detailed timeline and information about the upcoming changes:

Key Dates and Actions:

  • Early 2025: Google will send out a notice to all Classic reCAPTCHA customers, alerting them to the upcoming migration to Google Cloud. 
  • End of 2025: All reCAPTCHA keys must be migrated to a Google Cloud project. 
  • After the Notice: Google will automatically provision a Google Cloud project for eligible keys soon after the notice. 

Basic Google Cloud Project setup in any of the 2 migration cases & new setup as well.

  1. Log in to Google Cloud using your Google account.
  2. Create a new Google Cloud project.
  3. On the Google Cloud screen, there should be an option to create a new project.
  4. Give your project a name.
  5. Keep in mind that the Project ID cannot be changed later. You can change the project name later, but not the ID.
  6. The location setting is mentioned, and the speaker’s example didn’t include an organization, stating that it is not required for migration.
  7.  Once the project is created, you can go to the Dashboard and then Project settings.
  8. Review Privacy and Security settings. This is particularly important if European data protection laws apply to you. You need to read through and certify these settings.
  9. Understand the assessment limits of the latest Google reCAPTCHA. It allows up to 10,000 assessments per month.

Add billing details if your website or your client’s website anticipates needing more than 10,000 assessments per month to avoid any interruption in service. You can do this by pressing the menu, going to the main dashboard, and then looking for the option with three dots on the top right, where you can access billing account management.

If you are migrating from reCAPTCHA v2 to reCAPTCHA v3 or enterprise

Here’s a breakdown of the general steps you would take to migrate from reCAPTCHA v2 to a newer version like v3 or Enterprise reCAPTCHA:

  1. Understand the Notice:
  • Identify the specific reason for the notice. Does it mention performance improvements, new security features in newer versions, or a potential end-of-life for v2? Understanding the motivation behind the notice can help you choose the best migration path.
  1. Choose Your Target Version:
  • reCAPTCHA v3: This offers a completely invisible experience for users and provides a score indicating the likelihood of bot activity. You’ll need to decide how your website will react to different scores (e.g., allowing all with a certain threshold, requiring further verification for lower scores).
  • Enterprise reCAPTCHA: This is a more comprehensive solution for larger organizations, offering advanced features, mobile app support, and detailed analytics.
  1. Generate New Keys in Google Cloud:

You’ll need to create new site keys specifically for the version you choose to migrate to:

  • Follow the steps outlined in a previous response to create a new site key in your Google Cloud Console under “reCAPTCHA Enterprise."
  • Crucially, when creating the key, select the appropriate “Challenge type":
    • For reCAPTCHA v3, choose “Score-based assessment". You will only receive a Site Key.
    • For Enterprise reCAPTCHA, the selection process might be slightly different depending on the specific features you need. Generally, you’ll aim for a setup that provides a score-based assessment if you want the invisible approach. You will receive a Site Key.
  1. Update Your WordPress Plugin:
  • Check Plugin Compatibility: The most important step is to ensure your current WordPress captcha plugin (or a new one you intend to use) supports the reCAPTCHA version you are migrating to (v3 or Enterprise). Many popular plugins have been updated to support these newer versions.
  • Install or Update Plugin: If your current plugin doesn’t support the new version, you’ll need to find and install a compatible one. If it does, make sure you are using the latest version of the plugin.
  • Access Plugin Settings: Go to the settings page of your captcha plugin in your WordPress admin dashboard.
  • Replace Keys:
    • For reCAPTCHA v3 or Enterprise: You will typically find a field to enter the Site Key you generated in Google Cloud. You will likely not have a field for a Secret Key as these versions don’t use one in the same way v2 does.
    • Remove old v2 keys: Delete the existing v2 Site Key and Secret Key from the plugin settings.
  • Configure Plugin Settings: Depending on the plugin and the reCAPTCHA version, you might have additional configuration options. For example, with v3, you might need to specify the score threshold or which actions on your website should trigger the reCAPTCHA assessment. Consult the plugin’s documentation for specific instructions.
  • Save Changes: Save the updated settings in your WordPress plugin.
  1. Website Code Adjustments (Potentially Required):
  • reCAPTCHA v3: Implementing v3 often involves adding JavaScript code to specific elements on your website (e.g., form submission buttons) to trigger the score assessment. Your WordPress plugin might handle this automatically, but you might need to consult its documentation for details. You might also need to implement logic on your server-side to handle the score received from Google.
  • Enterprise reCAPTCHA: Integration steps can vary depending on the specific features of Enterprise reCAPTCHA you intend to use.
  1. Testing:
  • Thoroughly test all forms and areas where you had reCAPTCHA v2 implemented to ensure the new version is working correctly.
  • For v3: Pay attention to how your website behaves with different user interactions. You might need to fine-tune your score threshold.
  • For Enterprise: Test all the specific features you have configured.
  1. Deactivate/Delete Old v2 Keys:
  • Once you are confident that the new reCAPTCHA version is working correctly, you should go back to your Google Cloud Console and consider either deleting your old v2 site key or modifying its settings (e.g., restricting domains) for security.

Key Considerations for Migration:

  • User Experience: reCAPTCHA v3 aims to be completely invisible, improving the user experience. Enterprise can also offer a smoother experience.
  • Implementation Complexity: Migrating to v3 or Enterprise might require more technical understanding or development effort compared to simply replacing keys.
  • Plugin Support is Crucial: Ensure your WordPress plugin is fully compatible with the reCAPTCHA version you choose.

By following these steps and carefully consulting the documentation for your chosen reCAPTCHA version and your WordPress plugin, you should be able to successfully migrate from reCAPTCHA v2. 

Setting up Google ReCaptcha V3 directly on Google Cloud 

Here are the steps to set up reCAPTCHA v3 for a new website by configuring it in Google Cloud:

  1. Go to the Google Cloud Console: Navigate to the Google Cloud Console and log in with your Google account.
  2. Select Your Project: If you haven’t already, select the Google Cloud project you want to associate with your website. You can create a new project if needed.1
  3. Navigate to reCAPTCHA Enterprise: In the left-hand navigation menu, scroll down to “Security" and click on “reCAPTCHA Enterprise".
  4. Create a New Site Key: Click on the “Create site key" (or “Add site key") button.2
  5. Choose reCAPTCHA v3: Under “Integration settings," find the “Challenge type" section and select “Score-based assessment (v3)". This tells Google Cloud you want to use the invisible, score-based version of reCAPTCHA.
  6. Add Your Website Domain: Under “Domain list," click “+ Add domain" and enter the domain name of your new website.3 You can add multiple domains if needed.
  7. (Optional) Configure Other Settings:
    • Owners: By default, the creator of the key is an owner. You can add other Google accounts as owners who can manage this key.4
    • Labels (Optional): You can add labels to help organize your site keys if you have many.5
  8. Click “Create": Once you’ve selected “Score-based assessment (v3)" and added your domain, click the “Create" button at the bottom.
  9. Get Your Site Key: After creating the key, you will be presented with your Site Key.6 Remember that for reCAPTCHA v3, you only get a Site Key. There is no separate Secret Key in the traditional sense like with v2. Google handles the backend verification.

Next Steps (Website Integration):

After setting up reCAPTCHA v3 in Google Cloud, you will need to integrate it with your website.7 If your website is built with WordPress, you’ll typically do this through a plugin that supports reCAPTCHA v3.8 Here’s a reminder of the general steps for that part:

  1. Install a WordPress Plugin that Supports reCAPTCHA v3: Popular options include “Google Captcha (reCAPTCHA) by BestWebSoft" and “WPForms."9
  2. Configure the Plugin: In your WordPress admin area, go to the settings of the plugin you installed. You will usually find a field where you can enter the Site Key you obtained from Google Cloud.
  3. Specify Where to Use reCAPTCHA v3: The plugin settings will likely allow you to choose which forms or areas of your website should be protected by reCAPTCHA v3 (e.g., comment forms, registration forms, login forms).
  4. Score Threshold (if applicable): Some plugins might allow you to configure a score threshold.10 reCAPTCHA v3 returns a score between 0.0 (likely a bot) and 1.0 (likely a human).11 You can set a threshold, and based on the score, your website can decide what action to take (e.g., allow the submission, require further verification).12 You might need to experiment to find the optimal threshold for your site.

By following these steps, you will have successfully set up reCAPTCHA v3 for your new website using Google Cloud, and you’ll be ready to integrate it into your WordPress site via a plugin.

BONUS: Where to find the old client secret key on new google cloud console

This is not difficult but certainly complex so if you want us to take care of this please schedule a call because you don’t want the Nigerian Prince (Reference to most common spam email globally) to reach out to you via your website form

Schedule a Call

Schedule a call with our team and discover how your website can become your most powerful asset.

Schedule A Call

ByWP Sprints

WordPress Maintenance and Support from Real People.Never worry about your WordPress website again. Design, development, security and updates. We do it all.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Recent Posts

    Logos of Drupal and WordPress on a gradient background.
     11 Mar 2025 by WP Sprints
    From Drupal to WordPress: The Benefits of Migrating your CMS
    Laptop and notepad for e-commerce migration process.
     11 Mar 2025 by WP Sprints
    How to migrate a shopify store to woocommerce
    Lady reading a map trying to figure out the path she needs to take.
     11 Mar 2025 by WP Sprints
    Transform Your Digital Marketing: Master the Customer Journey and Drive Results