Instead of using the default captcha, you can switch to Google's reCAPTCHA to better protect your site against spam. The setup process is simple.
The first step is to register your site in the reCAPTCHA admin. When choosing the type of reCAPTCHA, select between reCAPTCHA V2 (checkbox) or reCAPTCHA V3 (invisible score).
reCAPTCHA v3 returns a score for each request without user friction. The score is based on interactions with your site and enables you to take appropriate action for your site. Register reCAPTCHA v3 keys here.
To learn more about reCAPTCHA and reCAPTCHA v3 check out this short video from Google Introducing reCAPTCHA v3
Once your site is registered, you'll get a pair of keys - a site key and a secret key. Set these two settings in the conf/settings.py with your new keys.
RECAPTCHA_PUBLIC_KEY = 'your-Google-reCAPTCHA-site-key'RECAPTCHA_PRIVATE_KEY = 'your-Google-reCAPTCHA-secret-key'
To use v3, also add this in your conf/settings.py:
USE_RECAPTCHA_V3 = True
Then restart your site. You can test as a non-login user for the contact form, event registration, membership join... The reCAPTCHA should be showing on those forms now.
For the embed_form template tag for reCAPTCHA v2, you can customize the size to be compact. For example:
{% embed_form 1 gsize='compact' %}
reCAPTCHA v3 Score Threshold
The Google reCAPTCHA v3 Score Threshold can be adjusted at https://www.yoursitedomain/settings/site/global/#id_recaptchascorelimit. It should be a value between 0 and 1, default 0.5 (1.0 is very likely a good interaction, 0.0 is very likely a bot). For more details regarding the score, please view https://developers.google.com/recaptcha/docs/v3#interpreting_the_score. In the meantime, in your reCAPTCHA admin console, you can check score distribution which can be helpful for you to determine how to adjust the reCAPTCHA v3 score threshold for your site.