CAPTCHA (Completely Automated Public Turing Test To Tell Computers and Humans Apart) and ReCAPTCHA are two human validation systems designed to prevent spam. They block spam bots while allowing your human users access to your site. You’ve likely seen them around the Internet on sites requiring you to log in.
CAPTCHA is a technique to distinguish between humans and computers. CAPTCHA is mainly used as a security check to ensure only human users can pass through by asking the user to complete the math equation like addition, subtraction, or multiplication. The equation can show up using numbers, letters, or images, giving bots no chance to slip in.
ReCAPTCHA is a system similar to CAPTCHA that also serves to protect the website and - at the same time - assists in the digitization of books. It supports two versions: v2 and v3. In v2, users are challenged to enter some words or digits from an image. In v3, users are directed to mark the checkbox “I’m not a robot”. This generates a probability score based on your users' interactions with your site to determine whether or not the request is from a bot.
These two functions are available to help enhance security to your environment by reducing the risk of bot attacks. Although not required, Fonteva strongly recommends enabling one of these two functions to prevent potential security threats. You will first need to configure Remote Site Settings and CSP Site Settings to enable CAPTCHA and ReCAPTCHA for your Community Portal.
Remote Site Settings For ReCAPTCHA:
If your organization uses a custom domain and not the standard force.com domain, you will need to submit a case with Fonteva Customer Support to enable your domain for reCAPTCHA.
You will need to set up a Remote Site Setting to enable ReCAPTCHA.
Navigate to Setup and type Remote Site Settings in the Quick Find search bar.
Select Remote Site Settings from the generated results in the sidebar. The Remote Site Settings page will open.
Click New Remote Site to begin. The Remote Site Edit page will open.
Enter ReCAPTCHA as your Remote Site Name, and paste https://www.google.com for your ReCAPTCHA site in the Remote Site URL field.
CSP Site Settings:
You will need to create CSP Site Settings for both CAPTCHA and ReCAPTCHA
Navigate to Setup and type All Sites in the Quick Find search bar.
Select All Sites from the generated results in the sidebar. The All Sites page will open.
Click the Builder link for your Community Portal. The Builder will open in a new tab.
Click the gear icon to open Settings. Click Security.
Scroll down to the Content Security Policy (CSP) section.
Under Script Security Level, there is a picklist for you to select a security level for your Community. This controls whether scripts can be executed from your Community Portal and if components can share data. You have the following options with varying levels of security:
Allow Inline Scripts and Script Access to Any Third-party Host: This security level provides no dded security, but enables your Community to work as currently designed. It will block nothing and allow access to all third-party hosts without the need for whitelisting. Lightning Locker is turned on.
Select your security level and locate the Trusted Sites for Scripts section. Click + Add Trusted Site. The Add Trusted Site window will open.
Type a Name and paste a URL for either your CAPTCHA or ReCAPTCHA site.
For ReCAPTCHA, use https://www.google.com.
For CAPTCHA, use https://www.gstatic.com
Ensure Active is checked and click Add Site. The site will get added under Trusted Sites.
Repeat these steps for the remaining CAPTCHA or ReCAPTCHA site.
Enable CAPTCHA For Community Portal
As a final step to enable CAPTCHA, you need to check the Enable Captcha field on your Community Portal record.
Navigate to your Community Portal record and click Edit. The Edit Community Site window will open.
Check Enable Captcha. CAPTCHA and ReCAPTCHA will now be live and active on your Community Portal.