Generate reCAPTCHA v3 Keys
You can find out more about Google reCaptcha v3 here.
Go to the Google reCAPTCHA page and sign in with a Google account.
In Register a new site, enter a label such as your organisation or website name.
Select reCAPTCHA v3.
Enter your website domain or domains.
Click Register and copy the Site Key and Secret Key.
Domains must exactly match where your widgets are hosted.
Add reCAPTCHA Keys to Donorfy
Once keys are generated, add them to your Donorfy configuration.
Sign in to Donorfy and go to Settings, then click Configuration.
Search for Stripe Connect.
In the Google reCAPTCHA section, enter your Site Key and Secret Key.
Review the reCAPTCHA Pass Threshold setting.
Click Update to save.
The pass threshold defaults to 0.5. Increase it gradually, for example by 0.1, if suspicious activity is still passing reCAPTCHA.
Understand reCAPTCHA Scores
Google assigns a score between 0.0 and 1.0 for each request.
Scores closer to 1.0 indicate likely genuine users.
Scores closer to 0.0 indicate likely bot activity.
You can review score trends in the Google reCAPTCHA dashboard page under the score distribution graph.
Apply reCAPTCHA to New Widgets
Any new Stripe Web Widgets generated after enabling reCAPTCHA automatically use it.
No additional configuration is required for newly created widgets.
Update Existing Stripe Web Widgets
Existing widgets require manual updates to support reCAPTCHA.
Only SCA compliant widgets are compatible with reCaptcha - we strongly recommend you update all your widgets to the SCA compliant - see this article for help with that.
β οΈ Important:
If you have existing widgets you must update them so they are ready to use reCaptcha, this should be done before you enter the reCaptcha keys into your Donorfy configuration.
If you enter the reCaptcha keys into your Donorfy configuration before updating your widgets then your existing widgets will no longer work.
Update the Stripe Payments Script
Replace the existing Stripe Payments JavaScript reference.
Remove the old script reference, for example:
βstripepayments_2019.7.1.js.Add the latest script reference:
βhttps://cdn.donorfy.com/wwjs/stripepayments_2024.6.1.js.
Add the reCAPTCHA JavaScript
Add the Google reCAPTCHA script below the Stripe JavaScript include.
Keep the existing Stripe script reference.
Add the reCAPTCHA script directly below it, inserting your Site Key.
If this script is incorrect or the key is invalid, reCAPTCHA will not load.
Add Hidden reCAPTCHA Fields
Near the bottom of the widget HTML, add the following hidden fields.
Add ReCaptchaSiteKey with your Site Key.
Add ReCaptchaAction to identify the request source, such as Donorfy.
The action value appears in the Google reCAPTCHA dashboard and can be customised.
Verify reCAPTCHA Is Loading
After updating the widget:
Load the page containing the widget.
Confirm the reCAPTCHA logo appears at the bottom-right of the page.
If the logo does not appear, reCAPTCHA is not loading correctly.
Common errors include:
Invalid domain for the site key.
Incorrect or missing JavaScript reference.
Test Your Updated Widgets
You must test with a real transaction.
Make a small live donation using a valid credit or debit card.
Go to Financial, then click Online Donations to confirm the transaction appears.
Understand Common Error Codes
If an error occurs when submitting a donation, check the error code.
Error Code 11
A reCAPTCHA token was not sent.
Possible causes:
The widget was not upgraded correctly.
Browser settings block cookies or tracking.
Error Code 12
The reCAPTCHA token failed validation.
Possible causes:
Incorrect site or secret keys.
The widget domain is not registered in Google reCAPTCHA.
Additional details appear in the Errors & Info tab under Financial, then Online Donations.