reCAPTCHA Setup
Protect registration, login, and contact forms from spam and automated abuse using Google reCAPTCHA.
Overview
CoinTrail supports Google reCAPTCHA v2 ("I'm not a robot" checkbox) to protect forms from bots and spam submissions.
Optional Feature
reCAPTCHA is optional. If not configured, forms will work without CAPTCHA protection.
Getting reCAPTCHA Keys
Create reCAPTCHA Site
- Go to Google reCAPTCHA Admin
- Click the + button to create a new site
- Enter a label (e.g., "CoinTrail")
- Select reCAPTCHA v2 → "I'm not a robot" Checkbox
- Add your domain(s) under Domains
- Accept the Terms of Service
- Click Submit
Copy Keys
After creation, you'll receive two keys:
- Site Key - Used on the frontend (public)
- Secret Key - Used on the backend (private)
Configuration
Add your reCAPTCHA keys to the .env file:
.env
# Google reCAPTCHA v2
RECAPTCHA_PUBLIC_KEY=your_site_key_here
RECAPTCHA_PRIVATE_KEY=your_secret_key_hereEnabling reCAPTCHA
After configuring the keys, enable reCAPTCHA in the admin panel:
- Go to Admin Panel > Settings > Features
- Find the reCAPTCHA section
- Toggle Enable reCAPTCHA to ON
- Click Save
Protected Forms
When enabled, the following forms will display the reCAPTCHA widget:
- User registration
- User login
- Password reset request
- Contact form
Testing
To test reCAPTCHA on localhost:
- Add
localhostto your reCAPTCHA domains in Google Admin - Configure your .env keys
- Enable reCAPTCHA in admin
- Visit a protected form to verify the widget appears
Domain Verification
reCAPTCHA only works on domains registered in your Google reCAPTCHA settings. Add all production domains including www and non-www versions.
Troubleshooting
| Issue | Solution |
|---|---|
| reCAPTCHA not showing | Verify .env keys are correct and reCAPTCHA is enabled in admin |
| "ERROR for site owner" | Add your domain to reCAPTCHA settings in Google Admin |
| Validation always fails | Check that the secret key is correctly set in .env |