Something is really wrong with that testimonial package as it is not taking into account your captcha. It was trivial to enable the submit button manually ( without using the captcha and then send a message.

It should have been rejected because the captcha was not filled but it went through.

You will find my "testimonial" with the name Nour and message "testing"

That submit button being disabled until everything is filled seems to be the only protection the form offers. Any automated bot will simply submit the form directly without even using the button.

I suggest you contact the plugin developer and tell him captcha is not taken into account

Sorry I just noticed that package doesn't actually make use of captcha systems and you most likely added the captcha manually yourself at the bottom of the form.

In that case, it's not going to work. The form would require some modification to make it work

Thanks for your response. Yes, I did add in the reCAPTCHA myself. I originally used the version that presents images for people to click on (prove that they're human). That worked to challenge human respondents, but that didn't stop the bots. Then I used the "invisible" version, and that produced the same results.

I am afraid that testimonial package was not designed to use recaptcha or any kind of captcha. Internally, it's using a system called a honeypot but that's as weak as it gets.

To make it work with captcha, you would have to modify the package itself. You could hire someone to do it, it wouldn't be that complicated.

Thanks again for your reply. Yes, I realized the addon doesn't currently use reCaptcha. I modified it myself, with the help of the ExchangeCore reCAPTCHA addon. Incidentally, I realized that I didn't use the recaptcha.check() function to test (and control) whether to actually save the testimonial.

I've since done that, and I believe it might be working properly now. It only presents image challenges under some circumstances (of which I'm not entirely clear)

Thanks very much for your time.