RepairPluginDocs

Security Settings

Configure CSRF protection and Google reCAPTCHA v3 in RepairPlugin to block spam and fake booking submissions without affecting real customers.

securityCSRFreCAPTCHAspam-protectionformsfrontend

What can you do with this?

  • Block fake form submissions with CSRF protection that verifies every request comes from a real visitor on your site.
  • Stop bots and spam with Google reCAPTCHA v3 — it runs invisibly in the background, so customers never have to solve puzzles or check boxes.
  • Hide the reCAPTCHA badge if you prefer a cleaner look (just remember to mention it in your privacy policy).
  • Protect all booking forms — both features cover booking forms, offer request forms, and other submission points.

Where to find it

  1. In the WordPress admin menu, click RepairPlugin.
  2. Click Settings in the submenu.
  3. In the settings sidebar, click Front-End Steps.
  4. Scroll down past the Branding, Repair Boxes, and Layout & Navigation sections to Security & Integration.
https://www.repairplugin.com/wp-admin/admin.php?page=wp_repair_settings&section=styling
The Front-End Steps Security and Integration section showing CSRF protection toggle and Google reCAPTCHA button

How to set it up

Turn on CSRF protection

  1. In the Security & Integration section, find Enable CSRF Protection.
  2. Turn the switch on to activate CSRF protection on all booking forms.
  3. Click Save Changes.

This is turned on by default and should stay on for all live websites. Only turn it off for debugging.

Set up Google reCAPTCHA

  1. Click the Google reCAPTCHA button in the Security & Integration section.
    • The button shows a green left border when reCAPTCHA is already active.
  2. A popup opens with the reCAPTCHA settings.

Get your reCAPTCHA keys

  1. Go to the Google reCAPTCHA admin console.
  2. Register your website:
    • Choose reCAPTCHA v3 as the type.
    • Add your domain name(s).
  3. Google gives you a Site Key and a Secret Key.
  4. Copy both keys.

Enter your keys in RepairPlugin

  1. In the reCAPTCHA popup, enter your Site Key.
  2. Enter your Secret Key.
  3. Turn Enable Protection to on.
  4. (Optional) Turn Hide reCAPTCHA Badge to on to hide the reCAPTCHA badge from your website.
  5. Click Save Changes inside the popup.

reCAPTCHA protection is active right away on supported forms.

Turn off reCAPTCHA

  1. Click the Google reCAPTCHA button.
  2. Turn Enable Protection to off.
  3. Click Save Changes.

Your Site Key and Secret Key stay saved, but reCAPTCHA won't run.

Settings reference

SettingDescriptionDefaultCustomers see
Enable CSRF ProtectionTurns on Cross-Site Request Forgery protection on all RepairPlugin booking forms. A unique security token is created for each visitor session and checked with every form submissiononNo visible change. Forms work normally. Forged submissions from external sources are silently blocked.
Google reCAPTCHA buttonOpens the reCAPTCHA settings popup. When reCAPTCHA is properly set up, the button shows a green left borderinactive (no green border)Nothing — this is an admin-side control.
Site KeyThe public key from Google reCAPTCHA v3. This key is used on your website pages to communicate with Google's serversemptyNothing directly, but without a valid Site Key, reCAPTCHA protection can't work.
Secret KeyThe private key used on your server to verify reCAPTCHA responses with Google. This key is never visible to visitorsemptyNothing directly, but without a valid Secret Key, reCAPTCHA can't verify whether a visitor is real.
Enable ProtectionTurns Google reCAPTCHA v3 on or off for RepairPlugin forms. Even if you've entered valid keys, reCAPTCHA won't run unless this switch is onoffWhen turned on, Google's reCAPTCHA v3 runs silently in the background on pages with RepairPlugin shortcodes. Suspected bots are blocked from submitting forms. Real customers proceed without interruption.
Hide reCAPTCHA BadgeHides the Google reCAPTCHA badge (the small floating icon) from your website Tip: If you hide the badge, Google's Terms of Service require you to mention reCAPTCHA in your privacy policy. Include text like: "This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply."offThe reCAPTCHA badge is no longer visible.

Frequently asked questions

Can I use reCAPTCHA v2 (the checkbox or image puzzle)?

No. RepairPlugin uses Google reCAPTCHA v3 exclusively. Keys from v2 won't work — make sure you select v3 when registering your site with Google.

Do I need to clear my cache after turning on security features?

No. Changes take effect immediately after saving — no page reload or cache clear is needed on the admin side. It's a good idea to test a booking submission afterwards to make sure everything works correctly.

Previous

Repair Box Styling

Next

Shortcodes

Command Palette

Search for a command to run...