Hi, I’ve received an email from Google regarding the reCapcha on my forms. It says the forms aren’t protected as the reCapcha hasn’t been verified on the backend. I’ve read their instructions for what to do, but I don’t understand it.
I thought all the backend stuff was taken care of by Webflow, so I don’t know what I need to do to fix this.
Thanks in advance for your help… I’m hoping somebody can help me.
Here is my site Read-Only: LINK
(how to share your site Read-Only link)
Just a possibility, did you verify that the email is from google and isn’t phishing? Have you noticed that it works strange, or does all seem OK?
I might be totally wrong, but figured I’d check anyways.
recaptcha is not solution as it can be easily bypassed. When you search internet you can find many sources about this topic. 
Yes, it’s definitely from Google, and it shows as unprotected in the Google reCapcha console. There are instructions how to authenticate on the backend, but I just don’t understand how to do it.
Webflow insists on a reCaptcha on every form. 
I am also, having the same issue and do not understand the instructions on how to verify the reCAPTCHA token. Anyone know how to do that for our webflow sites?
When you add the recaptcha tokens under site settings and republish, that’s it, Webflow does the rest.
Make certain you’re using the correct version of recaptcha, Webflow supports an older one. If you are generating keys for the wrong version it won’t work.
Make certain to add the recaptcha element to every Webflow-handled form.
Did anyone find a solution to this? I just received this same email from Google and have no idea how to fix this.
Same problem here… no solution apparently ?
i recieved also same email from gooogle
Security alert for your reCAPTCHA key
but dont find any solution :(
Your key should be restricted to your production domain. * Click the key in question
I have received this email multiple times - I can confirm that for the account in question I’ve added both my main and staging domains in the ‘Domains’ section of reCAPTCHA v2.
This week I also had a client not receive form submission emails to a particular inbox - only Webflow’s emails were soft bouncing for some reason…
How can we be confident that the form integration works reliably when receiving emails like this from Google?
Can we use reCAPTCHA v3 natively?
Thanks
No. Not supported at this time last I checked.
Turnstile seems to be more effective in my opinion.
I personally don’t use Webflow forms on any projects due to limitations. I solved all my issues with a third party integration which also works great for my static builds as well.
I strongly recommend usebasin.com and my spam issues are long gone.
I was having the same issue and figured out a solution for my situation. I had created the reCaptcha keys using Google’s new reCaptcha Console, which has this verification as part of the onboarding process. You need to create the keys through the link inside Webflow > Site Settings > Forms and then click the “Register for a new key.” link, which takes you to the older v2 reCaptcha Console. Setup a new key there (with correct domains) and add the reCaptcha field to the forms and it should work.
