Due to the newest update from CF7, we cannot integrate with CF7 and control consent for reCaptcha. The latest update from Complianz will detect the issue and drop the integration because your form will otherwise break. This means reCaptcha is not blocked prior to consent with both plugins up-to-date.
In this article we discuss this particular problem and describe some short term solutions and a permanent solution.
Solving the issue for Contact Form 7, version 5.4
The current state:
- Contact Form 7 (5.4+) is not supported when using the native reCaptcha solution. It will make it impossible to send forms when these two integrations, Contact Form 7 and reCaptcha, both are enabled in Complianz. These integrations are automatically switched off when we detect version 5.4 or higher. This will release reCaptcha, and therefore a new solution is needed for anti-spam, and/or consent.
- Contact Form 7 (<5.3) is still supported
The proposed short-term solutions:
- Download and revert back to Contact Form 7 (<5.3)
- Remove reCaptcha V3 integration for a Honeypot, Akismet or Friendly Captcha
- Change to WPForms or any other supported form, for both reCaptcha and Complianz. Instructions for integrating can be found here.
- Not recommended: disabling the integrations Contact Form 7 and reCaptcha under Complianz – Integrations.
Why we have deprecated further integrations for Contact Form 7
There are currently 2 separate integrations still active for Contact Form 7. The latest release (5.4) of Contact Form 7 rearranged functionalities and restricted our possibilities to integrate with reCaptcha and Contact Form 7 for a stable and user-friendly experience.
Besides developing, and maintaining integrations for several plugins, maintaining several integrations for one plugin that seems to be restricted for proper integration is a steep hill to keep climbing if a permanent solution is available for all plugins, but certainly for Contact Form 7, a plugin that integrates a Google service that would need consent from the website visitor in the EU and the UK.
A permanent solution is possible with your help.
This case study is to describe the importance of a standardized consent API in an ever-changing open-source environment, whereby the integrations and compatibilities between plugins can differ per update. We will discuss the implementation of reCaptcha in Contact Form 7 and securing compliance when you’re using reCaptcha.
reCaptcha V3 & Contact Form 7
Contact Form 7 is the most popular Contact Form plugin in the WordPress repository and is after all these years still in active development. The author of Contact Form 7 implemented reCaptcha Version 3 directly in Contact Form 7, but there are several other plugins appending this functionality to Contact Form 7 as well.
This variety in choice in implementation between plugins, and reCaptcha versions, makes integrating with these variables quite difficult and time-consuming for all parties.
How Complianz integrates with Contact Form 7
Contact Form 5.4 was released on February 24th 2021 and is the third, specific integration we need to build for reCaptcha and Contact Form 7 as the latter rearranged hooks and files. To ensure backward compatibility Complianz checks the Contact Form 7 version and implements the correct integration to ensure compliance. The way Contact Form 7 is set-up, the integration is far more intricate and reliant on Contact Form 7 code than we would like, but releasing reCaptcha after consent without it is impossible.
This means we’re looking at the third integration with Contact Form 7, but we will likely not be the only plugin hooking into another plugin to add functionality. Many other plugins will need to update and make changes so functionality won’t break. To fix these dependencies and specifically those between e.g. Complianz and plugins that might add functionalities that need consent, a standardized layer between plugins has been made by Rogier Lankhorst and members of the WordPress Core-Privacy development team. That WP consent API is supported and integrated by Consent Management Platforms such as Cookiebot and Complianz.
About the WP Consent API
The consent layer will standardize how consent is communicated from Complianz or other Consent Management Platforms to any another WordPress plugin that would need any form of consent before placing .
In the case of Contact Form 7, it will be as simple as:
- Complianz records consent from the user, based on the cookie management tooling relevant to the user’s region and settings.
- Complianz pushes this to the Consent API.
- Contact Form 7 waits for the Consent API to tell what settings the user has set.
- When these settings are retrieved by Contact Form 7 it can either:
- Give a warning that the contact form cannot be used without consent.
- Release reCaptcha.
For the GDPR and similar strict privacy laws, reCaptcha will be blocked by default and only a user should be able to override this by giving consent. This means plugins don’t have to wait to execute, only some functionalities should be granular and based on the Consent API call.
What would this mean for Complianz’ integrating with Contact Form 7?
This would simply mean if Contact Form 7 would implement the Consent API, any further development will not cause any issues or time wasted on catching up with each other. But more importantly, millions of users can comply with their respected privacy laws because reCaptcha is handled correctly.
Extending this to not only Contact Form 7, but also Jetpack, WooCommerce Analytics, Facebook Pixel, Google Site Kit, and many others, we’re talking about millions of users who can comfortably install plugins without worrying if their privacy plugin of choice can integrate, or might break functionality, as most integrations are too reliant on the correct implementation.
You can help by creating a pull request, or if you are not a programmer, simply by asking the developers of plugins such as Contact Form 7 to implement the WP Consent API!
Resources for further reading or development
- Demo: wpconsentapi.org
- Article from WP Tavern
- Github: https://github.com/rlankhorst/wp-consent-level-api/