reCAPTCHA not validating score

[simonkuran]

Description We've got a site that's been receiving a lot of spam and I recently enabled reCAPTCHA for Comments.

The admin console for Google reCAPTCHA is showing lots of submissions with low scores (0.1), but the number of spam submissions doesn't seem to have gone down in the CP. I did a little digging in the code of the Comments plugin and I'm not seeing a check for a score.

All I see is on line 77 of ProtectService.php there's a conditional for if the reCAPTCHA payload returns a "success", but from what I can tell from the reCAPTCHA docs the "score", which is part of the same response payload, also needs to be checked.

Maybe the settings CP page for comments could have a threshold field that defaults to "0.5" so users could choose how aggressive they want the spam protection. I don't have a ton of experience with reCAPTCHA so maybe I'm misunderstanding something. Any help you could provide would be great.

Additional info

• Plugin version: 1.8.7
• Craft version: 3.7.7
• Multi-site: No

[engram-design]

Hmmm, from what my experience has been, the score has always been an optional thing, but it does help for honing in on spam submissions (where false would be something outright failed, but a low score might be "possibly" spam).

We'll add a score option similar to Formie

[simonkuran]

That would be great, thanks! Do you know roughly how long until that update will be released?

[engram-design]

Probably in the next 4 weeks (still on limited leave at the moment due to our summer holidays!)

[simonkuran]

Great, thanks! Enjoy your holidays!

[simonkuran]

Any timeline updates for this change? I'd really like to alleviate the spam for a client.

[engram-design]

Just added that in for you. To get this early, change your verbb/comments requirement in composer.json to:

"require": {
  "verbb/comments": "dev-craft-3 as 1.9.2",
  "...": "..."
}

Then run composer update.

[simonkuran]

Excellent, thanks!

[engram-design]

Added in 1.9.3