Protecting Your CIMcloud Website With CAPTCHA

 

Overview

CAPTCHAs are an automatic way to deter bots and other automated systems from conducting fraudulent or abusive activity on your CIMcloud website. Google reCAPTCHA v3 is available as of core release 2025.2.0 (4.13.0) and can be enabled in the Worker Portal.

When reCAPTCHA is enabled, detected bots will be blocked from using website functionality that is subject to abuse including cart, checkout, contact us, and login management.

This article is for websites on core release 2025.2.0 (4.13.0) or newer. Older websites that cannot be readily updated to that release with an immediate need for CAPTCHA should submit a CIMcloud support task for assistance.

Important Concepts: Score, Score Threshold, and Blocking

A reCAPTCHA Score is calculated by Google for each website visit (session) based on website activity. reCAPTCHA has 11 levels for scores with values ranging from 0.0 to 1.0. The score 1.0 indicates that the interaction poses low risk and is very likely legitimate, whereas 0.0 indicates that the interaction poses high risk and might be fraudulent.

You control the minimum score (the Score Threshold) required for any website visit to be considered legitimate. If a visit’s score does not meet the minimum threshold it will be blocked from using some website functionality.

What Customer Site Users See

A small reCAPTCHA badge will be visible at the bottom right of protected pages:

The reCAPTCHA badge expands if clicked:

If a visit is determined to not be legitimate (in other words, its Score does not meet the Score Threshold), it will be blocked from using some website functionality.  The only indication to the end-user will be an err=invalid-username message in the URL; however, they will not be able to continue checking out, or submitting forms, where reCAPTCHA is enabled.

CIMcloud’s reCAPTCHA implementation runs on the following pages when enabled:

• Contact Us
• Checkout Cart
• Create Login and Account
• Create Login and Select Existing Account

What An Admin Worker Sees

Enabling reCAPTCHA

Step 1: Register a Google reCAPTCHA Site Key

1. Go to the Google’s reCAPTCHA page and click Get started.
2. Register a new site using these settings:
   1. reCAPTCHA type: choose Score based (v3)
   2. Domains
      1. Add each of your custom domains that have been enabled on your CIMcloud website:
         • Example: coffeesupply.com
      2. Also add these standard CIMcloud domains:
         • cimproduction.com
         • cimstaging.com
         • mycimcloud.com
         • mycimstaging.com
         • mycimproduction.com
         • mycimlocal.com
   3. Google Cloud Platform
      1. Select an existing project or create a new project
   4. Submit the information
   5. You will need to copy-paste these two new keys into your CIMcloud Worker Portal in the next step:
      • Site Key
      • Secret Key (*this should be protected as you would protect a password*)

Step 2: Add your reCAPTCHA Site Key to your CIMcloud Website

1. Sign into the CIMcloud Worker Portal (<site>.mycimcloud.com)
2. Go to Settings Workspace > Customer Site Settings > Customer Sites
3. Scroll to Analytics > Google reCAPTCHA
4. Choose Yes for Use Google reCAPTCHA v3?
5. Paste the Site Key
6. Paste the Secret Key
7. Set a Score Threshold
   1. Any visit with a Score below this will not be considered legitimate and will be blocked from some website functionality.
   2. Higher values (up to 1.0) will block more bots but may accidentally block some legitimate visits. Lower values (down to 0.0) block fewer legitimate users accidentally, but fewer bots may be blocked.
   3. It is recommended to start with 0.7 and then adjust higher or lower based on actual results. The Websites Visits page in the Worker Portal and Google administrative tools have useful information to help with tuning.
   4. According to Google: only the following four score levels are available before triggering an automatic security review by adding a billing account to your project: 0.1, 0.3, 0.7, and 0.9. To request access to 11 score levels, add a billing account to your project.
8. Click Save

Reviewing reCAPTCHA Activity

1. Sign into the CIMcloud Worker Portal (<site>.mycimcloud.com)
2. Go to CRM Workspace Home > Customer Timeline > Website Visits
3. The Verification column shows the results of reCAPTCHA verification for each session
   • Not Processed – Visit was not categorized
   • Passed (<Score>) – Visit was categorized as legitimate.
   • Failed (<Score>) – Visit was categorized as not legitimate and was blocked from some website functionality.
   • <Score> – Likelihood, assigned to the visit by reCAPTCHA, that the visit is legitimate. This is helpful information when adjusting the Score Threshold (configured during setup).
4. Clicking the View link next to the Passed or Failed verification status will show additional technical information.