The OrchardCore.ReCaptcha module can be used to prevent robots from abusing your OrchardCore website.
There are four features in the module:
In order to activate the ReCaptcha feature, you have to create an account with Google and enter the secret and site key in the Admin section. You can sign up here: https://developers.google.com/recaptcha/
You can enable this feature in the admin section and your login pages will be protected against robots. The feature will use the IP address of the request to count the number of login attempts. When the threshold for login attempts are broken, a captcha is shown on the login page preventing robots from making any further requests.
You can add protection from robots to forms by including the recaptcha field when you design a form.
You can add a validate ReCaptcha task in your workflow. You can use this to validate the captcha that you show on your OrchardCore.Forms form.
You can decorate your controllers with [ValidateReCaptcha] attribute.
This attribute works in tandem with the
Extending the module¶
If you have requirements that you have to protect against robots using another method than IP address, you can create your own implementation of the IDetectRobots interface and it will join the robot detectors.
The ReCaptcha api uses the data-callback attribute to return the token generated when validating the ReCaptcha widget. This allows to post that token from an Angular, Vue.js form post. If you want to validate the ReCaptcha from the Workflow task you will need to pass the token in the header of your request as "g-recaptcha-response".