Skip to main content

Increase Form Security with reCAPTCHA

Updated this week

If you plan to embed Bloomerang CRM forms on your website, enable reCAPTCHA. This free Google service helps prevent fraudulent transactions by looking for suspicious behavior. For example, reCAPTCHA can prevent bots (computer programs that mimic humans) from filling out your forms to test stolen cards.

This is a technical task, which means you might need help from your IT support provider or web developer.

Note: Bloomerang Support does not include direct support for your organization's website, Google account, or custom self-hosted forms.

Should I Enable reCAPTCHA?

Custom Self-Hosted Forms

You must enable reCAPTCHA in Bloomerang CRM before you can change a standard form to a custom self-hosted form. For example, you create a standard form in Bloomerang CRM and decide to customize it outside of Bloomerang CRM. To do this, you must click Self-Host Form to change the form to self-hosted mode. The Self-Host Form button appears only when reCAPTCHA is enabled.

Standard Forms

If you have a standard form that you plan to embed on your website (by copying a short Javascript snippet from Bloomerang CRM), you don’t have to set up reCAPTCHA in Bloomerang CRM. The form automatically uses Bloomerang’s reCAPTCHA keys. However, a Donate, Join, or Register button appears on your site instead of the form. The button redirects donors to a Bloomerang-hosted version of the form, which automatically uses reCAPTCHA v3 and v2. If you prefer to have the form appear directly on your site instead of a button, enter your organization’s reCAPTCHA keys in Bloomerang CRM.

Bloomerang-Hosted Forms

Bloomerang-hosted forms automatically use reCAPTCHA v3 and v2.

How reCAPTCHA Works

To protect your form with reCAPTCHA, you must:

  • Set up reCAPTCHA in Google

  • Set up reCAPTCHA in Bloomerang CRM

Bloomerang forms support both versions of reCAPTCHA: v3 and v2. These two versions of reCAPTCHA work together to secure your forms.

reCAPTCHA v3 monitors activity on your forms in a way that’s usually invisible to donors. If reCAPTCHA v3 determines a legitimate donor is filling out your form, the donor doesn’t have to complete a reCAPTCHA checkbox or puzzle. If you previously set up reCAPTCHA v2 in Bloomerang CRM, reCAPTCHA v3 is optional but recommended. It’s more secure and interrupts your donors less often than reCAPTCHA v2.

reCAPTCHA v2 gives your donors a simple puzzle to solve before they can submit the form. Donors select I’m Not a Robot or click images to prove they are human and a real donor. If you enable reCAPTCHA v3, donors see a checkbox or a puzzle only if reCAPTCHA has flagged their behavior as suspicious.

"I'm Not a Robot" check box

If you set up reCAPTCHA in Bloomerang CRM before April 3, 2025, your custom self-hosted form uses reCAPTCHA v2. Your custom self-hosted form continues to work but uses only reCAPTCHA v2 until you add reCAPTCHA v3 keys in Bloomerang CRM. If you set up reCAPTCHA v3 in Bloomerang CRM, you must recopy the full form code from Bloomerang CRM to your website.

Important: The full form code that you copy from Bloomerang does not include any customizations that you made outside of Bloomerang.

Before You Begin

  • Make sure you have access to your organization’s Google account.

  • If your organization doesn’t have a free Google account, create one. To make sure your organization always has access to its reCAPTCHA keys, do not use a personal Google account.

  • If you embed an iframe on your website to contain reCAPTCHA, find the domain for that iframe. Some website builders, such as Wix, use an iframe to embed reCAPTCHA. You must enter your website domain and the iframe domain when you set up reCAPTCHA in Google.

Step 1 — Set Up reCAPTCHA in Google

To set up reCAPTCHA in Google, you register two sites: a v3 site and a v2 site. Google generates a site key and secret key for each site.

Register a reCAPTCHA v3 Site

To register a reCAPTCHA v3 site and copy the v3 keys:

  1. Sign in to your organization's Google account.

  2. Go to google.com/recaptcha/admin/create.
    The Register a New Site page opens.

  3. In the Label text box, enter a description that helps you identify this site in the future.

  4. In the reCAPTCHA Type section, select Score Based (v3).

  5. In the Add a Domain text box, enter your site's domain name, such as example.org.

    Label, reCAPTCHA type, and domain settings in Google

  6. If you embedded an iframe on your website to contain reCAPTCHA, enter the domain for that iframe in the next Add a Domain text box. You must enter this domain in addition to your site's domain name. Read about how to find this domain.

    Two domain names entered in Google

  7. Click Submit. Your site key and secret key appear.

    image11.png

When you set up reCAPTCHA in Bloomerang CRM, you’ll copy this v3 site key and v3 secret key from Google to Bloomerang CRM.

Register a reCAPTCHA v2 Site

  1. Sign in to your organization's Google account.

  2. Go to google.com/recaptcha/admin/create.

  3. In the Label text box, enter a description that helps you identify this site in the future.

  4. In the reCAPTCHA Type section, select Challenge v2.

  5. Select I'm Not a Robot Checkbox.

  6. In the Add a Domain text box, enter your site's domain, such as example.org.

  7. If you embedded an iframe on your website to contain reCAPTCHA, enter the domain for that iframe in the next Add a Domain text box. You must enter this domain in addition to your site's domain name. Read about how to find this domain.

  8. Select I Agree.

    Label, reCAPTCHA type (v2), and domain settings in Google

  9. Click Submit. Your site key and secret key appear.

    image2.png

When you set up reCAPTCHA in Bloomerang CRM, you’ll copy this v2 site key and v2 secret key from Google to Bloomerang.

Step 2—Set up reCAPTCHA in Bloomerang CRM

After you register both a reCAPTCHA v3 and a reCAPTCHA v2 site in Google (refer to previous steps), you can set up reCAPTCHA in Bloomerang CRM. If you enable reCAPTCHA for the first time in Bloomerang CRM, you must enter both v3 and v2 keys.

Enable reCAPTCHA in Bloomerang CRM and Enter v3 Keys

To enable reCAPTCHA and enter the v3 keys in Bloomerang CRM:

  1. In Bloomerang CRM, click Communications.

  2. Click Forms.

  3. On the Form Settings tile, click Select.

  4. To use reCAPTCHA on all transaction forms, select Use CAPTCHAs for Transaction Forms. Transaction forms include online giving forms, event registration forms, and membership forms (if you have the membership add-on).

  5. To use reCAPTCHA on all other Bloomerang forms, select Use CAPTCHAs for Interaction Forms. Interaction forms include email signup forms and constituent information forms.

    Option to use reCAPTCHA on transaction and interaction forms

  6. Copy the v3 keys from Google:

    1. Go to google.com/recaptcha/admin.

    2. Select the v3 site that you previously set up from the drop-down list.

      Site list in Google

    3. Click Settings Gear icon..

    4. Expand the reCAPTCHA Keys section.

    5. Copy the site key and secret key.

  7. In Bloomerang CRM, in the Site Key v3 text box, paste the site key that you copied from Google.

  8. In the Secret Key v3 text box, paste the secret key that you copied from Google.

    Site and secret key settings for reCAPTCHA v3 in Bloomerang

  9. Click Save.

Enter reCAPTCHA v2 Keys in Bloomerang CRM

To enter the v2 keys in Bloomerang CRM:

  1. In Bloomerang CRM, click Communications.

  2. Click Forms.

  3. On the Form Settings tile, click Select.

  4. (Recommended) To use reCAPTCHA on all transaction forms, select Use CAPTCHAs for Transaction Forms. Transaction forms include online giving forms, event registration forms, and membership forms (if you have the membership add-on).

  5. (Optional) To use reCAPTCHA on all other Bloomerang forms, select Use CAPTCHAs for Interaction Forms. Interaction forms include email signup forms and constituent information forms.

  6. Copy the v3 keys from Google:

    1. Go to google.com/recaptcha/admin.

    2. Select the v2 site that you previously set up from the drop-down list.

    3. Click Settings Gear icon..

    4. Expand the reCAPTCHA Keys section.

    5. Copy the site key and secret key.

  7. In Bloomerang CRM, in the Site Key v2 text box, paste the site key that you copied from Google.

  8. In the Secret Key v2 text box, paste the secret key that you copied from Google.

  9. Click Save.

    Site and secret key for reCAPTCHA v2 in Bloomerang

Next Steps

If you have a standard form embedded on your website, test your form. Bloomerang CRM automatically updates your form to use the reCAPTCHA v2 and v3 information you entered in Bloomerang CRM. You don’t have to copy the short Javascript code snippet from Bloomerang CRM again.

If you have a custom self-hosted form embedded on your website:

  • Recopy the full form code from Bloomerang CRM to your website. Until you do this, your form continues to work but uses only reCAPTCHA v2. The code that you copy from Bloomerang CRM does not include any customizations that you previously made outside of Bloomerang CRM.

  • Test your form with transactions and interactions.

Related

Did this answer your question?