How do I enable reCAPTCHA?

What is reCAPTCHA?

Google reCAPTCHA lets you stop spammers and bots from signing up.

Important note: You should only enable reCAPTCHA if you are using the GrowSurf form as a dual-purpose form of signing up both new visitors and referred friends (e.g, waitlist).

Google's reCAPTCHA prompts visitors to check a box to prove they are human before submitting their results. Sometimes, they are prompted to complete another task (e.g, identifying a series of letters). reCAPTCHA makes it difficult for bots to automate form submissions.

If you find that your referral program is being abused by spambots, we recommend enabling reCAPTCHA.

How to set up reCAPTCHA

Step 1: Go to the Options step in the Campaign Editor, then scroll down to the 'Automate fraud prevention' section and toggle the (Optional) Enable reCAPTCHA link.

Step 2: Next, you'll need to enter a Site Key and Secret Key. To get these keys, visit

Step 3: In your Google reCAPTCHA admin panel, you should see the 'Register a new site' screen by default (if you already have reCAPTCHA site(s) set up, click on the Create icon (+) on the top-right).

  • Label: Enter your site
  • reCAPTCHA type: Choose "reCAPTCHA v2" ("I'm not a robot" Checkbox)
  • Domains: Add the domain(s) that your GrowSurf form is located on.
  • Accept the reCAPTCHA Terms of Service: Make sure to accept the terms and mark the checkbox, then click Submit.

Step 4: You should then be able to see the 'Adding reCAPTCHA to your site' screen. Copy and paste the Site Key and Secret Key values into the Campaign Editor. Then click the 'Save ReCAPTCHA' button below the fields, and then click the 'Save Changes' button at the top-right of the screen.

Step 5 (This is an important step -- do not skip it): Make sure to test your GrowSurf signup form to ensure that you see the reCAPTCHA in place and that there are no errors that can prevent new visitors from signing up.

Important Notes

  • If you ever update your Share URL or any URL in which you have the GrowSurf form present, you'll need to make sure to add the domain to your Google ReCAPTCHA site as well. Follow these instructions to add a new domain to your reCAPTCHA site:
    1. Go to your reCAPTCHA admin panel.
    2. Click the Settings icon (the) in the top-right.
    3. Add your new domain(s) to the Domains list
    4. Click the Save button at the bottom of the page.
  • Limitations: If you expect to make more than 1k reCAPTCHA calls per second or 1m reCAPTCHA calls per month, you must use reCAPTCHA Enterprise or fill out this form and wait for an exception approval from Google.

Troubleshooting Tips

For common FAQs, please see reCAPTCHA - Frequently Asked Questions. Additionally, we provide some common issues outlined in this section, as you may see a reCAPTCHA error that looks something like the following:

Google reCAPTCHA Invalid Key TypePlease refer to the following error glossary for troubleshooting:

Invalid domain for site key
You will see this error if you have not correctly added all your site's domains for your Google reCAPTCHA site. Go to your reCAPTCHA site in Google, and add the domain(s). Make sure to save your changes (Please note, any changes may take up to 30 minutes to take place).
Invalid key type If you are using reCAPTCHA v3, you may see this error because GrowSurf only supports reCAPTCHA v2, at this time.

v3 keys are not compatible with v2 keys, and vice-versa.
Go to your reCAPTCHA site in Google, and make sure that you are using v2. If you are using v3, follow the  How to set up reCAPTCHA instructions above to add a new v2 site.
Unable to submit form. Please try again later. If you accidentally copy additional text into the  Secret Key field in your GrowSurf Campaign Editor reCAPTCHA settings, you will see this error.

Go to your reCAPTCHA site, and make sure to copy the Secret Key directly.
Localhost is not in the list of supported domains for this site key. You may see this error if you are testing reCAPTCHA in a local environment (e.g, on localhost), but you have not added localhost as a domain. Go to your reCAPTCHA site in Google, and add localhost as a domain. Alternatively, you can use the following test keys (make sure to switch back after you are done testing): 
  • Secret Key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
This reCAPTCHA is for testing purposes only. Please report to the site admin if you are seeing this. You will see this error if you have testing keys.

reCAPTCHA will display a warning message to claim these keys are only to be used for testing purposes. Please make sure to switch back to your production keys. Follow the How to set up reCAPTCHA instructions above.

In addition, here are some other known issues with reCAPTCHA:

  • Invisible reCAPTCHA is not invisible - If you are using Invisible reCAPCHA v2 on your site, and Google flags you as suspicious (most likely from submitting your form multiple times from the same IP address), it may display an image challenge after the submit button is clicked. This is expected behavior for Invisible reCAPTCHA v2, to ensure you are a human and not a robot.
  • The reCAPTCHA checkbox does not show - JavaScript is required for reCAPTCHA to work properly. If the reCAPTCHA element does not appear, this may be due to a JavaScript error on the webpage.
  • Marking the reCAPTCHA checkbox sends you to the bottom of the page - On some iOS devices, marking the reCAPTCHA box will send a visitor to the bottom of the page. This is caused by an issue between iOS and Google and is unresolvable at this time.
  • reCAPTCHA does not work in a specific browser - Sometimes reCAPTCHA may appear to fail in certain browsers, but this is most likely due to an issue with caching. If reCAPTCHA works for you in one browser but not another, please disable any caching on your webpage.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.