The use of captchas in forms is intended to ensure that form entries are made by humans and cannot be misused by bots for spam or other attacks.
This page explains the function and setup of captchas for forms.
A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a method of distinguishing between humans and bots. CAPTCHAs are used in online forms to ensure that the input is made by a real person.
This is intended to prevent automated attacks by bots and scripts that fill out forms en masse or try out login data. CAPTCHAs thus help to increase the security and integrity of websites and reduce data misuse.
The Captcha field must be activated in every form that should be protected by a captcha. To do this, open the form content in the editor. The Captcha field is located in the first tab, Form page, directly above the validity information.
Two fields are required for the captcha configuration:
In the basic configuration of the Mercury template, the captcha is implemented with an image that displays a sequence of letters that must be entered when filling out the form in order to submit it. This does not offer optimal protection, as these images can be easily processed by bots.
It is therefore possible to use a much more secure external Captcha provider.
Note: If an external Captcha is configured, no settings for the displayed Captcha can be made in the Preset field.
The administration can disable the option to deactivate captcha in forms for individual sites or subsites.
This is done by using the sitemap attribute “captcha.required”, which can be set to “true” or ‘false’. The sitemap configuration can be edited in the sitemap editor in the burger menu under “Advanced - Sitemap Configuration”; the “Attributes” tab allows you to edit attributes.
If the attribute is set to “true”, forms that do not have a captcha configured will no longer be displayed. Instead, a warning is issued to the editor in the page editor that no captcha is activated for the form. For visitors to the website, a neutrally worded message is displayed instead of the form, stating that the form is currently unavailable.