I wonder from current Frontend users if they are under attack from killer bots? My client is asking for something - is there a work-around for this using other code or plugins?
It’s certainly possible, but not straightforward. There’s no out of the box solutions out there.
We ended up creating a custom field type that is given site/secret keys. Frontend output of the field handles recaptcha initialisation and backend processing hooks into metabox validation (that was the tricky part) that fires off to the API and validates g-recaptcha-response.
FYI: I was able to add Captcha V2 (The I Am Not a Robot challenge) by installing BestWebSoft's Google Captcha plugin, which can be applied to custom fields. I called the php using MB's custom HTML field and it works great - But I don't like needing another plugin. I do think MB should have some version of this built into the Frontend Submission extension.