FundCollector Documentation

← Back to Documentation


Note: This documentation applies to both the Free and Pro versions of FundCollector. To install and use the Pro version, you must first install and activate the Free version, which should not be uninstalled. The sections relating to the Pro version are marked with PRO.

Security Settings

Security Settings
Security Settings
Open FundCollector → Settings in your WordPress admin and click the Security tab. This screen is where you reduce spam and automated abuse on your donation forms. You can use honeypot protection alone, Google reCAPTCHA v3 alone, or both together for a stronger setup.

Honeypot Protection

Honeypot protection adds a hidden field to the form that real visitors do not see or fill in; simple bots often fill every field and get caught. It does not ask donors to solve puzzles and is privacy-friendly.
  • Enable Honeypot Protection — Turn the invisible honeypot field on or off.
  • Honeypot Field Name — The name of that hidden field (shown read-only). Use Generate New to rotate a random name from time to time so predictable bots have a harder time adapting.

Google reCAPTCHA

FundCollector uses Google reCAPTCHA v3, which runs in the background and scores how likely the visitor is human—no checkbox challenge for most users. You must create a v3 site in the Google reCAPTCHA console and add the keys here.
  • Enable Google reCAPTCHA — Activates reCAPTCHA on donation forms.
  • Site Key — Public key from Google (safe to use in the browser).
  • Secret Key — Private key; keep it confidential.
  • Security Threshold — Minimum score (0.0–1.0) required to accept a submission. Lower means stricter:
    • 0.3 – Very strict — Fewer bots get through; some real users might occasionally be blocked on strict sites.
    • 0.5 – Recommended — Balanced default for many sites.
    • 0.7 – Moderate and 0.9 – Permissive — More submissions allowed; use if you see false positives with stricter values.

Admin notice

If neither honeypot nor reCAPTCHA is enabled, the plugin can show a Security Warning stating that no anti-spam protection is active and that forms may receive automated spam. Enabling at least one method clears that concern.

Practical tips

  • Quick win: Enable honeypot only—no external account, minimal friction.
  • Extra layer: Keep honeypot enabled and add reCAPTCHA v3 with the Recommended threshold, then adjust if donors report issues or spam persists.
After any change, scroll down and click Save Changes (same as the rest of FundCollector settings).


Next step: How to Create a Donation Form →