PHPackages nswdpc/silverstripe-recaptcha-v3 - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. nswdpc/silverstripe-recaptcha-v3 ActiveSilverstripe-vendormodule[Security](/categories/security) nswdpc/silverstripe-recaptcha-v3 ================================ Recaptcha V3 verification for Silverstripe framework, including a form field, spam protector and verification support v1.0.2(10mo ago)315.5k↓44.1%5[1 PRs](https://github.com/nswdpc/silverstripe-recaptcha-v3/pulls)2BSD-3-ClausePHP Since Oct 15Pushed 10mo ago3 watchersCompare [ Source](https://github.com/nswdpc/silverstripe-recaptcha-v3)[ Packagist](https://packagist.org/packages/nswdpc/silverstripe-recaptcha-v3)[ RSS](/packages/nswdpc-silverstripe-recaptcha-v3/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (11)Versions (24)Used By (2) Silverstripe reCAPTCHA V3 verification ====================================== [](#silverstripe-recaptcha-v3-verification) This module handles verification of the quality of website interactions using reCAPTCHA v3. It contains a form field that can be added to a form manually or added automatically via a Spam Protector configuration. You can also use the module to verify tokens/actions from non-form interactions with your website. > The default score for verification is 0.5, you can change this in project configuration Features -------- [](#features) - Project-based threshold set via Configuration API - Granular rules for protected forms - Manage badge placement Installation ------------ [](#installation) Install via composer ``` composer require nswdpc/silverstripe-recaptcha-v3 ``` Requirements ------------ [](#requirements) See [composer.json](./composer.json) Form spam protection -------------------- [](#form-spam-protection) ### Manually [](#manually) Add the field to the form as you would any other `FormField`: ``` use NSWDPC\SpamProtection; // ... $field = RecaptchaV3Field::create( 'MyRecaptchaField' ); $form->Fields()->push( $field ); ``` ### Spam Protector [](#spam-protector) To set `RecaptchaV3SpamProtector` as default spam protector, add the following configuration section to your project configuration ``` --- Name: 'project_spamprotection' After: - '#nswdpc_recaptchav3_spamprotection' --- # set RecaptchaV3SpamProtector as the default spam protector SilverStripe\SpamProtection\Extension\FormSpamProtectionExtension: default_spam_protector: NSWDPC\SpamProtection\RecaptchaV3SpamProtector ``` Then calling `$form->enableSpamProtection()` will add the field to the form automatically. Read the [silverstripe/spamprotection documentation](https://github.com/silverstripe/silverstripe-spamprotection#configuring) for more information on how this works. ### Field for silverstripe/userforms modules [](#field-for-silverstripeuserforms-modules) The module `nswdpc/silverstripe-recaptcha-v3-userforms` provides a userforms field Further documentation --------------------- [](#further-documentation) - [Further documentation](docs/en/001_index.md) for tips on usage - [Badge placement](docs/en/002_badge_display.md) - [Rule management](docs/en/003_rule_management.md) Configuration ------------- [](#configuration) To use the module, create a reCAPTCHA V3 site at the [reCAPTCHA Admin website](https://www.google.com/recaptcha/admin), once created your will be provided a site and secret key for that site both valid for the domains you add (and their subdomains). It's a good idea to have site settings split between your environments to isolate the keys. In the reCAPTCHA site settings, add the domain(s) for the environment you are setting up along with any other desired options and Google users you share the project with. Copy the site/secret key provided to your project configuration, e.g a `spamprotection.yml` file in your project `_config` directory. ``` --- Name: 'my-project-spamprotector' After: - '#nswdpc_recaptchav3_spamprotection' --- # set RecaptchaV3SpamProtector as the default spam protector SilverStripe\SpamProtection\Extension\FormSpamProtectionExtension: default_spam_protector: 'NSWDPC\SpamProtection\RecaptchaV3SpamProtector' # RecaptchaV3 configuration values # TokenResponse is a model to verify responses from the reCAPTCHA v3 API NSWDPC\SpamProtection\TokenResponse: # Set your desired score -> 1 = good, 0 = spam score: 0.4 # Verifier is a model to handle token verification NSWDPC\SpamProtection\Verifier: # Your secret key provided in the reCAPTCHA admin site settings area secret_key: 'abc123....' # The field handles setup of the API and token retrieval NSWDPC\SpamProtection\RecaptchaV3Field: ## Your site key provided in the reCAPTCHA admin site settings area site_key: 'zyx321.....' # Global action prefix for the field execute_action: 'submit' NSWDPC\SpamProtection\RecaptchaV3SpamProtector: # Place the reCAPTCHA privacy text adjacent to the hidden input form field badge_display: 'field' ``` Token retrieval --------------- [](#token-retrieval) The behaviour triggering a token retrieval from the reCAPTCHAv3 API is a focus() event on the form. This avoids submit event race conditions with e.g frontend form validators. > Safari does not support focus event on form elements such as radios and checks. A change() event handler is used to support this. When the first field in a form is focused, a token will be retrieved. If another field is focused in the form after the configured refresh time, the token will be refreshed. The latest token will be submitted with the form and validated, if it has expired (tokens have a 2 minute lifetime), the visitor will be prompted to check and resubmit the form with a fresh token. Token values are verified and give a score by the reCAPTCHAv3 API. Scores that meet the minimum threshold requirements will pass validation. License ------- [](#license) [BSD-3-Clause](./LICENSE.md) Maintainers ----------- [](#maintainers) - PD Web Team Bugtracker ---------- [](#bugtracker) We welcome bug reports, pull requests and feature requests on the Github Issue tracker for this project. Please review the [code of conduct](./code-of-conduct.md) prior to opening a new issue. Security -------- [](#security) If you have found a security issue with this module, please email digital\[@\]dpc.nsw.gov.au in the first instance, detailing your findings. Development and contribution ---------------------------- [](#development-and-contribution) If you would like to make contributions to the module please ensure you raise a pull request and discuss with the module maintainers. Please review the [code of conduct](./code-of-conduct.md) prior to completing a pull request. ### Health Score 45 — FairBetter than 93% of packages Maintenance54 Moderate activity, may be stable Popularity31 Limited adoption so far Community17 Small or concentrated contributor base Maturity64 Established project with proven stability Bus Factor1 Top contributor holds 90.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~102 days Recently: every ~30 days Total 18 Last Release 305d ago Major Versions v0.3.0 → v1.0.0-rc12023-05-25 v0.3.2 → v1.0.02024-03-27 v0.3.3 → v2.0.0-rc12025-07-17 v1.0.2 → v2.0.0-rc22025-07-18 ### Community Maintainers ![](https://www.gravatar.com/avatar/1caefd99092b4a43254e48c40347224f671032ec1ffc3a457e06a7e9ab6e7c02?d=identicon)[nswdpc](/maintainers/nswdpc) --- Top Contributors [![JamesDPC](https://avatars.githubusercontent.com/u/69664712?v=4)](https://github.com/JamesDPC "JamesDPC (110 commits)")[![tardinha](https://avatars.githubusercontent.com/u/457209?v=4)](https://github.com/tardinha "tardinha (12 commits)") --- Tags silverstripeverifyrecaptchaspamv3spamprotection ### Code Quality TestsPHPUnit Static AnalysisPHPStan, Rector Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/nswdpc-silverstripe-recaptcha-v3/health.svg) ``` [![Health](https://phpackages.com/badges/nswdpc-silverstripe-recaptcha-v3/health.svg)](https://phpackages.com/packages/nswdpc-silverstripe-recaptcha-v3) ``` ### Alternatives [undefinedoffset/silverstripe-nocaptcha A spam protector and form field using Google's reCAPTCHA v2 or optionally a foundation v3 implementation 33471.6k16](/packages/undefinedoffset-silverstripe-nocaptcha)[fruitcakestudio/recaptcha reCAPTCHA library 1625.5k1](/packages/fruitcakestudio-recaptcha)[exadium/silverstripe-invisible-spam-protection Very simple anti spam protection based on principle that automated spammers enter bogus information in all form fields. Field is added to form that is hidden using CSS hiding it from human users. Form is only allowed to be submitted if field is empty. Includes an EditableInvisibleSpamField to integrate with the UserForms module. 112.1k](/packages/exadium-silverstripe-invisible-spam-protection) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)