Back to Blog Posts

Are you human or a bot? Now Google can decide

By Matt / January 10th, 2019

Differentiating between humans and bots is an age old challenge for any developer.

Put a form online and you can bet that soon, you will start receiving spam. As bots and software have become more sophisticated, stopping them has become increasingly difficult, leaving the question of how to stop spam without making it too onerous for real people.

One approach is to make the challenges more obscure and difficult to complete. But this often leads to frustration for users and has significant drawbacks for accessibility. But now Google thinks they've found the answer... Invisible reCAPTCHA.

What is Google Invisible reCAPTCHA?
Google's Invisible reCAPTCHA is a free service designed to protect forms from spam and abuse without any need for users to type in some melted words, click in a somewhat human like fashion or select all the street signs in a group of photographs.

Google says that Invisible reCAPTCHA uses advanced risk analysis technology to separate humans from bots with maching learning technology that enables it to adapt to new threats. All without the need for us humans to click or type on anything at all. And resulting in a much more seamless and less intrusive user experience for the end consumer.

What's new in WHMCS 7.7?
In WHMCS 7.7 we've expanded our Invisible reCAPTCHA support across the product, making it available for everything from login forms to ticket submission to cart checkout.

In addition to being able to choose this new seamless and transparent type of captcha protection for your forms, you can now independently control which forms have captcha protection applied to them, so if there's a form where you don't want captcha challenges to be applied, you can easily disable them.

Getting Started
To get started with Invisible reCAPTCHA, simply follow the steps below:

1. Install or upgrade to WHMCS 7.7
Remember: Don't forget to apply all template changes itemised in the release notes to any custom or 3rd party templates you are using.
2. Login to your WHMCS admin area and navigate to Setup > Security

3. Choose the level of Captcha protection you require, we recommend "Always On" for Invisible reCAPTCHA
4. Select Invisible reCAPTCHA in the Captcha Type setting area

5. Enter your Google reCAPTCHA Site Key and Secret which can be obtained for free using any Google account at

Once completed, hit Save, and you're done. Your forms are now protected by Invisible reCAPTCHA.

If you have any questions, we invite you to ask them in the comments below.

WHMCS 7.7 is available in beta right now, learn more and get involved at

Liked this article? Share it