How to Enable Bot Protection with reCAPTCHA
reCAPTCHA Bot Protection - Prevent Spam Bookings
TidyCal integrates with Google reCAPTCHA v3 to protect your booking pages from automated spam submissions and bot traffic. When enabled, reCAPTCHA runs invisibly in the background to distinguish between real users and bots without disrupting the booking experience.
Plan Required: ✅ Available on all plans (Free, Individual, Agency)
💡 Why Enable reCAPTCHA?
- Block automated spam bookings
- Prevent bot submissions on public booking pages
- Reduce fake accounts and malicious activity
- Invisible to real users (no "I'm not a robot" checkboxes)
- Free Google service - no additional cost
What is reCAPTCHA v3?
Google reCAPTCHA v3 is an advanced bot detection system that:
- Works invisibly: No interaction required from legitimate users
- Scores user behavior: Assigns a trust score (0.0 to 1.0) based on how they interact with your site
- Blocks suspicious activity: Prevents submissions from known bots and malicious actors
- No CAPTCHA challenges: Unlike older versions, v3 doesn't show "select all traffic lights" puzzles
Where reCAPTCHA is applied in TidyCal:
- Booking submission forms
- Account registration
- Review and rating submissions
How reCAPTCHA Works in TidyCal
When someone visits your booking page:
- Google reCAPTCHA v3 loads invisibly in the background
- It monitors user behavior (mouse movements, clicking patterns, typing speed)
- When user submits the booking form, reCAPTCHA assigns a trust score
- High scores (likely human) → Booking proceeds normally
- Low scores (likely bot) → Booking is blocked with error message
- User never sees CAPTCHA challenges - completely transparent
For legitimate users: No disruption - they book as usual
For bots: Submission is blocked before reaching your calendar
How to Enable reCAPTCHA Protection
How to Enable reCAPTCHA
TidyCal handles all reCAPTCHA configuration automatically. You do not need to create API keys or register with Google. Just enable it:
- Go to Settings in the sidebar
- Click the Bookings page tab
- Find the Spam protection (reCAPTCHA) dropdown
- Change the dropdown from Disabled to Enabled
- Click Save changes
That's it! reCAPTCHA is now active on all your booking pages. No API keys or external setup required.
How to Test reCAPTCHA is Working
Test Your Booking Page
- Open your booking page in a private/incognito window
- Open browser Developer Tools (F12)
- Go to the Console tab
- Look for messages mentioning "grecaptcha" or "recaptcha"
- Make a test booking and submit
- In Console, you should see reCAPTCHA score (0.0 - 1.0)
Verify reCAPTCHA Badge
When reCAPTCHA v3 is enabled, you'll see a small badge in the bottom-right corner of your booking page:
- Badge text: "protected by reCAPTCHA"
- Links to: Google Privacy Policy and Terms
- Visibility: Usually appears when page loads or user interacts
If you see this badge, reCAPTCHA is active!
✅ Pro Tip: Make a test booking from different devices (desktop, mobile) to ensure reCAPTCHA works across all platforms.
What Your Bookers Experience
With reCAPTCHA v3, legitimate users see:
- Normal booking page - no changes
- Small "protected by reCAPTCHA" badge (bottom-right)
- No CAPTCHA challenges to solve
- No delay or interruption to booking process
- Seamless, invisible protection
If a bot or suspicious activity is detected:
- Booking submission is blocked
- Error message appears: "Your submission could not be verified. Please try again."
- Prevents fake bookings from reaching your calendar
reCAPTCHA vs Booking Approval
Both features help control who books with you, but serve different purposes:
| Feature | reCAPTCHA Bot Protection | Booking Approval |
|---|---|---|
| Purpose | Block automated bots | Screen legitimate humans |
| Automations | Fully automatic | Manual review required |
| User Impact | Invisible (no user action) | Visible (waiting for approval) |
| Blocks | Bots, spam, malicious scripts | Unqualified or unwanted humans |
| Best For | Public booking pages, spam prevention | Client screening, vetting |
💡 Recommendation: Use BOTH features together for maximum protection:
- reCAPTCHA stops bots before they submit
- Approval lets you screen the real humans who get through
📚 Learn more: How to Enable Booking Approval Workflow
Troubleshooting reCAPTCHA
reCAPTCHA Not Loading on Booking Page
Q: I enabled reCAPTCHA but don't see the badge on my booking page.
A: Try these solutions:
- Clear browser cache: Hard refresh (Ctrl+F5 or Cmd+Shift+R)
- Check in incognito: Open booking page in private/incognito window
- Verify settings saved: Go to Settings → Confirm "Enabled" is selected
- Check browser console: F12 → Console tab → Look for reCAPTCHA errors
- Ad blockers: Some ad blockers block reCAPTCHA - temporarily disable to test
Legitimate Users Being Blocked
Q: Real people are getting "Your submission could not be verified" errors.
A: This can happen if:
- VPN usage: Ask user to disable VPN and try again
- Suspicious behavior: Booking too quickly, automated clicking patterns
- Shared IP addresses: Corporate networks or shared hosting
- Browser issues: Ask user to try different browser or device
- JavaScript disabled: reCAPTCHA requires JavaScript - ensure it's enabled
Workaround for affected users:
- Temporarily disable reCAPTCHA
- Allow user to book
- Re-enable reCAPTCHA afterward
- OR use Booking Approval instead to manually verify
Still Receiving Spam Despite reCAPTCHA
Q: I enabled reCAPTCHA but still get spam bookings.
A: Try these additional measures:
- Enable Booking Approval: Manually screen all bookings (see above)
- Add custom questions: Require answers that bots can't easily complete
- Check reCAPTCHA score threshold: May need adjustment (contact support)
- Require device verification If available in TidyCal settings
- Report spam: Contact TidyCal support with spam booking details
Note: reCAPTCHA v3 blocks most bots but sophisticated attackers may still get through occasionally.
reCAPTCHA Errors in Browser Console
Q: Browser console shows reCAPTCHA errors.
Common errors and solutions:
Error: "Uncaught (in promise) null"
- Cause: Domain mismatch in reCAPTCHA settings
- Solution: This is usually temporary. Refresh the page. If it persists, contact TidyCal support.
Error: "Invalid site key"
- Cause: Temporary server configuration issue
- Solution: Wait a few minutes and refresh. If it persists, contact TidyCal support.
Error: "reCAPTCHA has already been rendered"
- Cause: Script loaded multiple times
- Solution: Usually harmless - refresh page to clear
Privacy and Compliance
GDPR and Privacy Considerations
When using Google reCAPTCHA, be aware:
- Data collection: reCAPTCHA collects user behavior data (mouse movements, clicks)
- Google Privacy Policy: Users subject to Google's privacy policy
- Cookie usage: reCAPTCHA may use cookies for tracking
- GDPR: Disclose reCAPTCHA usage in your privacy policy
Recommended privacy policy language:
"This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply."
reCAPTCHA Badge Customization
The reCAPTCHA v3 badge is required by Google's terms of service. However, you can:
- Hide the badge: Possible with CSS, but you MUST still disclose reCAPTCHA usage in your privacy policy
- Reposition the badge: Move it to different corner (requires custom CSS)
- Include disclosure: If hiding badge, add text like "This site uses Google reCAPTCHA"
Google's requirement: If you hide the badge, you must include reCAPTCHA branding and links elsewhere on the page.
Alternatives to reCAPTCHA
If reCAPTCHA doesn't fit your needs, consider these alternatives:
1. Booking Approval Workflow
- Manually review every booking before confirming
- No third-party service required
- Full control over who books
- More time-intensive but guaranteed human review
2. Custom Questions as Screening
- Add questions bots can't easily answer
- Example: "How did you hear about us?" with text field
- Review responses to spot spam patterns
- Less effective than reCAPTCHA but helps
Frequently Asked Questions
Q: Is reCAPTCHA free?
A: Yes, Google reCAPTCHA v3 is completely free for most websites. TidyCal includes it at no extra cost.
Q: Will reCAPTCHA slow down my booking page?
A: Minimal impact. reCAPTCHA v3 loads asynchronously and doesn't delay page rendering.
Q: Do I need my own reCAPTCHA API keys?
A: No. TidyCal provides built-in reCAPTCHA protection. You just need to enable it in Settings. No Google account setup or API keys required.
Q: Does reCAPTCHA work on mobile devices?
A: Yes, reCAPTCHA v3 works seamlessly on mobile browsers with no user interaction required.
Q: What's the difference between reCAPTCHA v2 and v3?
A: v2 shows "I'm not a robot" checkboxes and image challenges. v3 is completely invisible and scores user behavior automatically. TidyCal uses v3.
Q: Can I disable reCAPTCHA for specific booking types?
A: reCAPTCHA is currently a global setting. If you need granular control, use Booking Approval on specific types instead.
Q: Will reCAPTCHA affect my SEO?
A: No negative SEO impact. Google reCAPTCHA is designed to be SEO-friendly.
Q: How accurate is reCAPTCHA at detecting bots?
A: Very accurate. Google's machine learning models have high success rates (95%+) at distinguishing bots from humans.
Getting Started with reCAPTCHA
Ready to protect your booking pages from spam? Follow these steps:
- Go to Settings in the sidebar
- Click the Bookings page tab
- Change Spam protection (reCAPTCHA) to Enabled
- Click Save changes
- Test your booking page to verify the reCAPTCHA badge appears
- Update your privacy policy to disclose reCAPTCHA usage
- Monitor for spam - you should see a significant reduction
✅ Pro Tip: Combine reCAPTCHA with custom questions and booking approval for the ultimate spam protection!
Need help? Contact TidyCal support if you have questions about reCAPTCHA setup or troubleshooting.