Customer Portal: Bring Your Own Captcha on Page Load

In the 25C release, a new widget is introduced for the Customer Portal, enabling CP Admins to integrate and manage their own Captcha service.
This enhancement allows CP Admins to configure their preferred Captcha service for use with the Customer Portal. CP Admins can set up their chosen Captcha to validate page loads, helping protect the portal from bot attacks and unwanted crawling. This flexibility strengthens the portal’s security and can enhance overall performance by minimizing automated, non-genuine requests.

If no third-party Captcha service is configured, the widget provides a simple math-based captcha by default.

Business Values:

  • Enhanced Security: Protects the Customer Portal from bots and automated crawlers by leveraging custom Captcha validation.
  • Flexibility: Allows organizations to select and manage their Captcha provider according to internal preferences or compliance requirements.

Steps to Enable

  • Upgrade CX Version to 25C and Customer Portal to 3.11
  • In the Configuration Settings editor, enter the required values for CAPTCHA_PROVIDER_URL, CAPTCHA_SECRET_KEY, CAPTCHA_VERIFY_URL, and CAPTCHA_SITE_KEY based on your captcha provider.
  • Using a profile with CP Edit access, configure the BringYourOwnCaptcha widget via WebDAV under /cp/core/widgets/standard/utils/, referencing the configuration settings and customize it as needed. If no valid third-party service is set (for example, if the configuration settings are not configured), the widget will automatically use the default math-based captcha.
  • Navigate to the ci/admin area with a profile that has CP Edit, Stage, and Promote access, and test the captcha functionality on the relevant portal pages in Development mode.
  • After successful testing, promote the changes to Production.

Note: The Captcha widget can also be used to implement the default captcha from the same folder.

Tips And Considerations

  • Ensure the Captcha service you choose aligns with your organization's security and privacy standards.
  • Regularly monitor Captcha effectiveness and performance to maintain a seamless user experience.

Access Requirements

CP Edit, Stage and Promote