Add spam protection to Widget 2.0 Contact Tab

If you're using Contextual Help Widget (2.0) on a publicly-available site, we recommend adding spam protection to your contact form and contextual help widget.

You'll need to follow these steps if all the following conditions apply:

Find your setup in the table below, then select the link to jump to relevant instructions.

Contact Form spam protection enabled? Knowledge base domain Spam protection setting Link to instructions reCAPTCHA Key/Secret V3 status Widget end-user experience Contact tab spam protection
No KO subdomain or private domain Any N/A Not required No different; tab submits None
Yes KO subdomain Honeypot KO subdomains N/A No different; tab submits unless end-user violates honeypot restrictions Honeypot
Yes Private domain Honeypot Private domains and honeypot N/A No different; tab submits unless end-user violates honeypot restrictions Honeypot
Yes KO subdomain Google reCAPTCHA KO subdomains Not required; automatically applied Contact tab displays reCAPTCHA footer statement; tab submits Google reCAPTCHA
Yes Private domain Google reCAPTCHA Private domains and reCAPTCHA Valid key/secret required Contact tab displays reCAPTCHA footer statement; tab submits Google reCAPTCHA
Yes Private domain Google reCAPTCHA Haven't added V3 yet Key/secret required but not yet added No different; tab submits None
Yes Private domain Google reCAPTCHA V3 added but receiving error Key/secret required but invalid Contact tab displays reCAPTCHA statement; reCAPTCHA error thrown when reader tries to submit Yes, but submissions are prevented

How it works

The Contextual Help Widget's Contact tab is aware of the spam protection setting in Customize > Contact form and will use your Default method set in Security and access > Spam protection, just as it's used in the Contact form.

For spam protection, you can choose between Google reCAPTCHA and KnowledgeOwl's homegrown honeypot solution. Refer to Spam protection for more information.

If your knowledge base uses honeypot spam protection, no change to the widget display or behavior is visible to your end-users.

If your knowledge base uses Google reCAPTCHA spam protection, the Widget Contact tab uses reCAPTCHA V3, which is a silent/invisible reCAPTCHA--no boxes to check or fire hydrants to find. reCAPTCHA calculates a score behind-the-scenes to determine if your reader is a bot or a human. Widget readers who fail the invisible V3 will not be able to submit the Contact tab. The Contact tab also displays a required statement just below the Submit button:

Sample reCAPTCHA statement

This statement is part of Google reCAPTCHA's terms of service. You can't edit or remove it as long as you're using reCAPTCHA to protect your widget.

KnowledgeOwl subdomains

As with all spam protection settings, if you're using a KnowledgeOwl subdomain (like mykb.knowledgeowl.com), we handle the spam protection maintenance for you.

You'll need to change one setting to protect your widget with honeypot or Google reCAPTCHA spam protection:

  1. Go to Customize > Contact form.
  2. Check the Admin Settings box to Use spam protection on ticket submissions.
  3. Be sure to Save your changes.

We'll apply your knowledge base's default Spam protection method to the contextual help widget.

If your default spam protection method is set to Google reCAPTCHA, the widget's Contact tab displays a required Google reCAPTCHA statement. 

If your default spam protection method is set to honeypot, no visible message or alert displays in the widget's Contact tab.

Private domains and honeypot

If you're using your own domain (like help.owlsareawesome.com) and your Security and access > Spam protection > Default method is set to Honeypot, you'll need to change one setting to protect your widget with honeypot:

  1. Go to Customize > Contact form.
  2. Check the Admin Settings box to Use spam protection on ticket submissions.
  3. Be sure to Save your changes.

Private domains and Google reCAPTCHA

If you're using your own domain (like help.owlsareawesome.com) and your Security and access > Spam protection > Default method is set to Google reCAPTCHA, you must add your own V3 reCAPTCHA key and secret to protect your widget's Contact tab:

  1. Go to Customize > Contact form.
  2. Check the Admin Settings box to Use spam protection on ticket submissions.
  3. Be sure to Save your changes.
  4. Now go to Security and access > Spam protection.
  5. In the Custom Google reCAPTCHA integration section, add a reCAPTCHA Key V3 and reCAPTCHA Secret V3. Refer to the more detailed instructions in Add reCAPTCHA.

Once you've added your V3 key, the widget displays a required Google reCAPTCHA message near the footer:

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Contact Form has spam protection but I haven't added my V3 reCAPTCHA key yet

If you haven't yet entered a V3 reCAPTCHA key, don't worry! Your widget Contact tab will still work. In this state, you won't see the reCAPTCHA statement in the footer and you'll have no reCAPTCHA protections. But the widget can still accept Contact form submissions.

Follow the instructions in Private domains and Google reCAPTCHA above to set up your key.

I have a V3 reCAPTCHA key but my widget displays a reCAPTCHA error

If you enter an invalid V3 reCAPTCHA key/secret, when a reader selects Submit in the Contact tab, they'll receive an error instead of the confirmation message that their request was submitted. The text reads something like: "reCAPTCHA error, could not submit request". Here's a sample of what it looks like to a reader:

To resolve this issue, re-enter your reCAPTCHA V3 Key and Secret and be sure you enter the correct values in the correct fields.