Mercury Dokumentation

External captchas

Captchas are used in forms to ensure that form entries are made by a human being. Captchas are particularly important for contact forms so that you, as a website operator, are not flooded with spam emails.

External captcha providers are currently considered the most effective, some of which even use artificial intelligence to distinguish between humans and machines. Mercury supports the two external captcha providers Friendly Captcha and Google reCAPTCHA.

Part of the Mercury expansion pack

This feature is not included in the open source version of the Mercury template, but is part of the Mercury extension pack from Alkacon Software. Please contact us if you are interested in our Mercury extensions.
Further information

The use of external captchas must first be enabled by your Internet administration. This determines which external captcha provider is available in your installation. If no provider is enabled, the external captcha will not appear.

Create an account with Friendly Captcha and use it to log in to the administration area. You will need the following information from Friendly Captcha:

  • A site key, which you can create in the administration section under “My Apps”.
  • An API key, which you can create in the administration section under “API Keys”.Nehmen Sie danach in OpenCms die folgenden Konfigurationen vor:
  • Switch to the OpenCms Explorer.
  • Open the Properties dialog in the root directory of the website or subsite.
    • Enter the previously created site key for the captcha.sitekey property.
    • Enter the previously created API key for the captcha.apikey property.

Google reCAPTCHA is available in a free version and a paid version. Both versions can be used with OpenCms. However, only reCAPTCHA version 2 with the “I am not a robot” checkbox is supported.

Create a Google account and use it to log in to the reCAPTCHA administration area. You will need the following data from reCAPTCHA:

  • A site key.
  • An API key.

Then make the following configurations in OpenCms:

  • Switch to OpenCms Explorer.
  • Open the Properties dialog in the root directory of the website or subsite.
    • Enter the site key to be used for the captcha.sitekey property.
    • Enter the API key to be used for the captcha.apikey property.

To protect the forms on a website using an external captcha provider, three things must be fulfilled:

  1. Either the Friendly Captcha plugin or the Google reCAPTCHA plugin must be activated for a website. Contact your internet administration for configuration details.
  2. A site key and an API key must be stored as described above.
  3. The captcha field must be activated in every form that is to be protected by a captcha. To do this, open a form content in the editor. The captcha field is located in the first tab of the form page, directly above the validity information.

If neither of the two Captcha plugins is activated, a self-generated Captcha will be rendered. However, the self-generated Captcha is technically outdated. The use of an external Captcha provider is strongly recommended.

If you do not want to use the external captcha on a specific (sub)site, do the following:

  • Go to OpenCms Explorer.
  • Find the folder where the page is located.
  • Open the Properties dialog for this folder.
    • Enter the value none for the captcha.sitekey property.
    • Enter the value none for the captcha.apikey property.

In this case, the external captcha will be deactivated for all pages in the selected folder and all its subfolders. This applies to both forms and newsletter registrations.

When subscribing to the newsletter, the external captcha is automatically displayed if it has been configured for the website.

To the instructions

This plugin does not set any cookies.

This plugin does not use JavaScript from external servers.

The execution of this plugin is NOT controlled by the cookie banner.

This plugin uses JavaScript, but it is loaded directly from your server. This JavaScript then contacts the servers of the Friendly Captcha provider to validate the captcha. In theory, this enables extensive tracking of the web user's activities on the displayed page. The extent to which tracking actually takes place is not known.

According to its own statement, Friendly Captcha does not store any personal user data, see:

https://friendlycaptcha.com/privacy/gdpr/

Quote from the above mentioned website:

Friendly Captcha runs without HTTP cookies, tracking or user interaction, making it the ideal choice for enterprises seeking secure, user-friendly bot protection, and GDPR compliance.

This plugin sets cookies in the “External Content” group.

This plugin uses JavaScript from external servers.

The execution of Google reCAPTCHA is controlled by the cookie banner. The captcha is therefore NOT displayed if the web user has not consented to external cookies. This means that in this case, a form secured with a captcha cannot be submitted by the web user.

Cookies are set when the captcha is loaded via Google. It can be assumed that these include tracking functions for the web user.

External JavaScript files are loaded from Google's servers for this plugin. These are executed in the context of the page. This theoretically enables extensive tracking of the web user's activities on the displayed page. The extent to which the external JavaScript is actually used for tracking is not known.