MembershipWorks implements our own anti-spam and anti-fraud system by detecting suspicious activity that repeatedly targets the same form. But as web fraud and spam activity increase in volume and sophistication, you can now implement an additional layer of security by enabling Google reCAPTCHA for your MembershipWorks membership sign-up form, event registration forms, donation forms, and other forms created through our Forms/Carts/Donations feature.
MembershipWorks integrates with the latest generation v3 reCAPTCHA, which is invisible to users – your members do not have to actively identify any text or objects when submitting the form. Google detects robot activity through advanced risk analysis techniques based on how the user is interacting with your website. Adding Google reCAPTCHA does not require that you disable MembershipWorks built in anti-spam and anti-fraud system, so you have the benefit of defense in depth with both systems combating bot and fraudulent/spam activity.
Google reCAPTCHA is also an industry accepted anti-spam / anti-fraud system that may be required by your payment gateway (Stripe, Paypal, Authorize.net, etc) if you have been a victim of previous fraudulent activity on your website.
To integrate Google reCAPTCHA with MembershipWorks, you will first need to establish a reCAPTCHA account on Google’s website if you have not previously done so:
Once you are signed in to your Google reCAPTCHA account, register for a new site. On the registration screen, select reCAPTCHA v3 and make sure to include all domains where your MembershipWorks forms may be used. For example if you may have your event registration forms on other websites, you will need to include those domains otherwise the registration form will not work on those domains.
After registration, you will be provided with a Site Key and Secret Key. In MembershipWorks go to Organization Settings > Security and enter the keys from Google accordingly.
You can specify the minimum score required to allow the transaction through. A score of 0.0 means the transaction is likely generated by a bot, while a score of 1.0 means the transaction is likely a good interaction. The default score is 0.5. Note that Google will take some time to learn user patterns on your website and it will usually score transactions as 0.5 initially, so do not require a score of higher than 0.5 in the beginning or users will not be able to signup or register for your events.
After adding the keys and specifying your minimum score, click “Save & Continue” to save your settings.
Important! Test your forms immediately afterwards by signing up as a new member or registering for an event. Any error in your Google reCAPTCHA setup can cause all your forms to fail. Note that verifying that the form loads normally is not sufficient, you need to submit a transaction to make sure reCAPTCHA is working as intended.