From Unofficial reCAPTCHA Wiki

Frequently asked questions about reCAPTCHA

Contents 1 Integration 1.1 How do I integrate reCAPTCHA with my PHP form handling code? 1.2 Can I use reCAPTCHA in static HTML files? 2 Troubleshooting 2.1 It's not working! Help! 2.2 I keep getting "verify-params-incorrect" when developing with Windows Vista 2.3 reCAPTCHA is accepting incorrect words 2.4 No - I mean *totally* incorrect words 3 Other 3.1 Can I delete a key/all keys/a site/my account

[edit] Integration

[edit] How do I integrate reCAPTCHA with my PHP form handling code?

See How to integrate reCAPTCHA for a worked example.

[edit] Can I use reCAPTCHA in static HTML files?

Not if all you have are static HTML files - you require a server-side scripting language to verify the reCAPTCHA after it has been submitted by your users. This verification cannot be done in static HTML using Javascript or any other client-side language.

If you want reCAPTCHA you require either knowledge of a server-side language or a web application (examples of both may be found at http://recaptcha.net/resources.html,) and a hosting provider that will allow you to use it.

[edit] Troubleshooting

[edit] It's not working! Help!

Before doing anything else make sure you're using the correct keys. Are your public and private keys swapped? Did you remember to put the private key in the form handler as well as putting the public key in the form?

Note that Mailhide uses different keys from the main form based reCAPTCHA.

Be sure that your form uses the POST method, or else change the reCAPTCHA form handler variables to GET instead of POST.

[edit] I keep getting "verify-params-incorrect" when developing with Windows Vista

Vista defaults to IPV6 for localhost and the IP of the browser on localhost will be sent to ReCAPTCHA as "0:0:0:0:0:0:0:1". You must test for this and change it to "127.0.0.1" during development.

[edit] reCAPTCHA is accepting incorrect words

One of the words displayed by reCAPTCHA is from an old book which is being digitized. As such it is not graded.

On the word that is checked, the user is (currently) allowed to be off by one letter. It has been found that this increases the user experience while not degrading security by a large amount. This is tuned dynamically based on many factors.

[edit] No - I mean *totally* incorrect words

You probably aren't validating the reCAPTCHA with the API servers.

[edit] Other

[edit] Can I delete a key/all keys/a site/my account

No.

Since your's is the only site that can use those keys, no-one else can use them. Simply stop using them. Leaving them 'on the system' as it were, does no harm.

If you're having perceived problems because, for example you've created keys for www.example.com and example.com (without the www) and you want www.example.com to be 'deleted' because you're having issues with authentication, simply remove all keys from your code that refer to the the www.example.com - your example.com keys should work with www.example.com.