Change Log

  • 23-Aug-2022 | v6.7.0 | Added CRM Setting description for 'Enable email verification flow'
  • 14-Jun-2022 | v6.6.0 | Custom reCAPTCHA keys added
  • 30-Oct-2021 | v6.2.1 | reCAPTCHA version option for system forms
  • 26-May-2021 | v5.9.0 | All new article

Contributors:

Rusty Hatch - PearsiteAdam Wilson - Logo Pogo

Miscellaneous Settings

These various site-wide settings allow you to further control and customise the way your website functions, both in the admin and on the front-end.

Access CMS controls for things like admin interface behaviours, reCAPTCHA threshold, CSS and Javascript asset control, upload folders, and GDPR settings.

Admin Panel Settings

Option
Description
Enable text wrapping on a new line in the code editor.
When using the code editor in the admin, this setting controls whether lines of code wrap to the editor window bounds, eliminating horizontal scroll, or continue uninterrupted.
Enable 24 hours format in the date picker.
Sets any date/time picker in the admin interface to 24 hour time instead of 12 hour time with AM/PM selectors.
Disable warning notification on switching between WYSIWYG and ACE editor
When using the WYSIWYG editor in the admin and switching to CODE view, or vice-versa, a warning dialog appears upon saving due to a small risk of corrupting more complex Liquid code. If you know such coding complexities will not be an issue for your site then this warning can be disabled here.
Disable autocomplete for already taken URL slugs
By default (when this setting is unchecked), if an item is created using a URL slug that already exists, the CMS will append `-1` to the end upon saving the item in order to ensure there are no URL conflicts. Checking this option will instead display an error dialog warning of the duplicate URL chosen, providing the opportunity to alter the URL slug before saving.

reCAPTCHA Settings

Option
Description
reCAPTCHA V3 Score
This setting allows you to adjust the spam threshold score used by reCAPTCHA V3 when identifying suspect site visitors interacting with your forms. The score is between 0 and 1, with a higher score calculated indicating a more legitimate user. So setting a threshold here of 0 would allow all (or most) users through, while a threshold of 1 would block or challenge more users, since it would be harder to achieve such a high score. The default threshold is 0.5 but if you are seeing an increase in spam form submissions, gradually increasing to 0.6 or 0.7 could help block these interactions. Use this setting with caution and monitor the results to ensure the threshold is not set too high and blocking legitimate user interactions.
See the external resources section for more information on reCAPTCHA V3.
reCAPTCHA Version

This setting allows you to choose either reCAPTCHA v2 or reCAPTCHA v3 to be used on all system forms, which include:

  • login form
  • restore password request form
  • reset password form (on ’reset-password’ system page)
  • Update account form

The selected reCAPTCHA version will affect both the way the form's HTML is generated from the Component Manager and how the reCAPTCHA validation for the submit action functions.

Be sure to update the form code for all these form locations you have in use if adjusting this setting.

reCAPTCHA v2 Site Key

Enter the site key generated after registering your v2 reCAPTCHA domain with Google.

reCAPTCHA v2 Secret Key

Enter the secret key generated after registering your v2 reCAPTCHA domain with Google.

reCAPTCHA v3 Site Key

Enter the site key generated after registering your v3 reCAPTCHA domain with Google.

reCAPTCHA v3 Secret Key

Enter the secret key generated after registering your v3 reCAPTCHA domain with Google.

Set Up Custom reCAPTCHA Key

WebinOne allows you to add a custom Google reCAPTCHA key for any of your sites and this provides additional statistics and settings for your reCAPTCHA at an individual site level. This can be helpful for gaining better insights into the spam threats occurring on an individual site so you can make more informed decisions on combatting such spam.

Adding a custom reCAPTCHA key can also resolve issues where your site uses an unsupported domain extension for the default reCAPTCHA key provided by WebinOne.

This guide will help you configure your own Google reCAPTCHA key on your WebinOne site so that it works with all your site forms.

Requirements

In order to configure the integration you, or your client, will need to have:

  • A website instance on WebinOne
  • A Google Account
  • A Google reCAPTCHA Site Key and Secret Key

Creating Your Google reCAPTCHA Keys

To create your Google reCAPTCHA keys visit https://www.google.com/reCAPTCHA

Click on “v3 Admin Console” at the top of the page.
(You will need to login into your google account to register Google reCAPTCHA. If you don’t have an account you will need to create one. Just follow the onscreen steps.)

Register for Google reCAPTCHA

Register a new site for Google reCAPTCHA

If you have no other reCAPTCHA registrations in your account, you’ll immediately see the set-up screen for a new registration.

If you already have other registrations, click the plus icon towards the top right of the page to start a new registration.

Under “Label” enter a description (which is for your reference only).

Select reCAPTCHA v3 or v2 from the reCAPTCHA type option.

  • The reCAPTCHA v3 verifies the requests with a spam threshold score.
  • The reCAPTCHA v2 validates the requests with a challenge and offers three methods to process the validation. (If selecting reCAPTCHA V2 select “I’m not a robot” Checkbox.)

Enter your site’s domain name(s).

Enter domain name only, ie: “mydomain.com”, all subdomains are automatically included.

Add any additional owners if required, accept the terms and submit the registration.

Register a new site for Google reCAPTCHA

Get your Google reCAPTCHA Site Key and Secret Key

From the confirmation screen, copy your Site Key and Secret Key somewhere you’ll have access to them in the next step, or leave the Google reCAPTCHA tab open so you can refer back to it below.

Get your Google reCAPTCHA Site Key and Secret Key

Set up reCAPTCHA in WebinOne

Go to your WebinOne website admin (corresponding to the domain you registered the reCAPTCHA keys for), then ‘Settings’ > ‘Misc’ and down to the “reCAPTCHA Settings” and add the relevant keys from the previous step.

You don’t need both versions v2 and v3, only the version you are using on your site.

Update Form Code

Sites generated from version 6.6 or higher should not require any changes to existing forms as newly created forms will now use the Liquid tag {{this.recaptcha_sitekey}} or {{request.system_recaptcha_sitekey}} to populate the appropriate key.

Older sites, or sites duplicated from older trial sites, will likely require all forms to be updated with the new reCAPTCHA code.

This includes both forms you’ve created and system forms (such as; request reset password forms, reset password forms, login/out forms, etc.)

Updating the form code can be done either by resetting the form layout, inserting just the reCAPTCHA form field in the form builder layout, or replacing the default, hard-coded reCAPTCHA key with one of the Liquid tags above.

For example, for v2 reCAPTCHA:

<div class="g-recaptcha" data-sitekey="{{this.recaptcha_sitekey}}"></div>

For reCAPTCHA v3:

<script>
 	'use strict';grecaptcha.ready(function(){function e(a){grecaptcha.execute("{{this.recaptcha_sitekey}}",{action:'general_form_{{this.Alias | replace: "-","_"}}'}).then(function(b){document.querySelector(".g-recaptcha-response-v3-{{this.Alias}}").value=b;a&&a()})}window.customFormSubmit=new Event("customFormSubmit");let a=document.querySelector(".g-recaptcha-response-v3-{{this.Alias}}").closest("form");if(null!=a){let d=!0,b=0,c=document.getElementById("paymentFields_"+a.getAttribute("name"));a.onsubmit = function(f){f.preventDefault(); if (!a.classList.contains("form-validation-error")){if(d)return b++,d=!1,a.CMS_CustomSubmit=new Event("CMS_CustomSubmit",{cancelable:!0}),e(function(){c?"true"===c.dataset.paymentEnabled?(a.dispatchEvent(window.customFormSubmit),b=0,d=!0):a.dispatchEvent(window.customFormSubmit):(a.CMS_CustomSubmit.data={form:a},a.dispatchEvent(a.CMS_CustomSubmit))}),!1;0<b&&b++;if(1<b)return alert("Form submission is in progress."),!1}};c||a.addEventListener("CMS_CustomSubmit",function(c){ c.defaultPrevented ? (b = 0, d = !0) : a.submit()})}else e()}); 
</script>
<input type="hidden" class="g-recaptcha-response-v3-{{this.Alias}}" name="g-recaptcha-response-v3">

If you are updating the site's reCAPTCHA implementaion from v2 to v3, see this article for further instructions.

CMS Assets Management

When certain CMS features are initiated on a page load, additional assets may be required to allow proper functionality and/or display and these will be automatically injected into the page. However, for custom solutions, you may want to override these assets with your own and so the ability is provided here to disable them on a global level.

NOTE: These assets can also be controlled on a per template basis for more fine-grain control.

Option
Description
Main CSS
Unchecking this option will disable WebinOne’s `main.css` file from being added to your page when a dependant feature is initiated.
reCAPTCHA JS
Unchecking this option will disable the reCAPTCHA scripts from being added to your page when a form using reCAPTCHA is loaded.
Ecommerce JS
Unchecking this option will disable WebinOne’s eCommerce related scripts from being added to your page when dependant eCommerce features are initiated.
Payment JS
Unchecking this option will disable WebinOne’s payment gateway related scripts from being added to your page when dependant payment features are initiated.

CRM Settings

Option
Description
Uploads Folder
Assign a storage folder to be used when the CRM Update Account form contains a file upload field (via Advanced CRM Groups). The default folder path is ‘/_customer_data’. If the folder does not exist at time of form submission the folder will be created. When a user uploads a file, a folder will be created (if not already existing) with that member’s CRM ID and the uploaded file will be saved within.
Secure Uploads
When checked, enables restricted access to any files in the designated upload folder. Access to the files will only be granted for logged in admin users, else, the 403 - Forbidden system page will be shown.
Enable email verification flow
This option is checked by default. When unchecked, new users completing a secure zone registration form on the front-end of the website will not need to complete the email verification process (clicking a link in a verification email received after sign-up) which is typically required for secure zone registrations. Instead, the system will not check for, or require, the user to be verified and will continue to log the user on immediately after a successful sign-up form submission.

Turning off the verification flow could result in fake account sign-ups and/or account abuse. Be sure to assess if this reduction in security is suitable for your secure zone implementation.

GDPR Settings

Option
Description
Allow listing CRM contacts data
Due to GDPR and privacy regulations, CRM contact data (including Advanced CRM Groups) can only be output on the front-end of your website when the “Allow listing my contact data in the CMS” option has been enabled on a per-contact basis. The setting here, however, essentially allows you to override individual contact settings and allow all CRM contacts data to be output via the front-end. This option is helpful for situations where GDPR and other regulatory requirements do not apply.