Google this week introduced a new version of reCAPTCHA, a new API that helps website owners detect abusive traffic on websites without user interaction.
The new reCAPTCHA v3, instead of showing a CAPTCHA challenge, returns a score so users can choose the most appropriate action for the website.
The reCAPTCHA evolution
On reCAPTCHA v1, every user was asked to pass a challenge by reading distorted text and typing into a box.
On reCAPTCHA v2 Google began to use other signals to determine whether a request came from a human or bot.
On reCAPTCHA v3, Google how sites can test for human vs. bot activities by returning a score to tell how suspicious an interaction is and eliminating the need to interrupt users with challenges at all.
“reCAPTCHA v3 runs adaptive risk analysis in the background to alert you of suspicious traffic while letting your human users enjoy a frictionless experience on your site.”Wei Liu, Google Product Manager
reCAPTCHA v3 in multiple pages
Google recommends adding reCAPTCHA v3 to multiple pages so the reCAPTCHA adaptive risk analysis engine can identify the pattern of attackers more accurately by looking at the activities across different pages on your website. In the reCAPTCHA admin console, website owners can get a full overview of reCAPTCHA score distribution and a breakdown for the stats of the top 10 actions on your site, to help website owners to identify which exact pages are being targeted by bots and how suspicious the traffic was on those pages.