In this guide, we will walk you through the steps to add CAPTCHA protection to your WordPress site
Quick Steps
- Install a reCAPTCHA plugin
- Register for Google reCAPTCHA keys
- Copy the keys and configure the plugin
As WordPress gets popular and popular, Spam comments and Contact forms spams have gotten out of control for the websites that use it. As spammers become more sophisticated, they can launch massive spam attacks with little effort. Dealing with spam comments can be frustrating, and some website owners even choose to completely disable comments on their websites. Instead of turning off the comments, you can add captcha protection to the WordPress comment form to practically eliminate spam.
reCAPTCHA is an advanced form of CAPTCHA, which is a technology used to differentiate between robots and human users. Google acquired CAPTCHA technology in 2009 and then later renamed it as reCAPTCHA. Basically, it presents users with a simple checkbox that they can click to pass the test. If for some reason the test doesn’t pass, then the user will be presented with a challenge identifying text in an image or matching objects in multiple images which will be simple for humans but not for bots.
Install a reCAPTCHA plugin
There are quite a lot of plugins available in the WordPress repository. Most of them support WordPress forms like Login form, Registration form, Reset password form, Comment form, New password form, etc. Not every reCAPTCHA plugin has support for contact forms as the contact forms plugins are different in every website as it is installed as it suits you and most of them have built-in support for reCAPTCHA. All you need is to add the keys to it. We will discuss it in the next step.
An example plugin will be “Simple Google reCAPTCHA” which supports adding reCAPTCHA for Login form, Registration form, Reset password form, Comment form & New password form.
Once installed and activated, go to Settings >> Simple Google reCAPTCHA on the left side menu. It will lead you to the plugin settings where you will be asked to provide a site key and secret key which you will get once you register on the reCAPTCHA website.
Register for Google reCAPTCHA keys
Go to https://www.google.com/recaptcha and log in with your Google account. Once logged in you will be presented with a screen to add your domain.
Fill in the label that you want to identify the domain, select the reCAPTCHA type. Here we are using the reCAPTCHA v2 type which most of the plugins support and is easy to configure, Add the domains you want to protect with the reCAPTCHA and accept their terms of service. Once all the details are filled in, click submit and you will receive the keys on the next screen.
Copy the keys and configure the plugin
In the “Simple Google reCAPTCHA” settings page, add the site key and secret key we copied from the reCAPTCHA website and click the “Save Changes” button to add captcha protection to WordPress website forms.
You’ve successfully added reCAPTCHA to your WordPress built-in forms. You can now check your blog’s comment section or login page to confirm that it’s working properly.
Note: the reCAPTCHA checkbox will be displayed only to logged-out users, so you will need to either logout or open your website in an Incognito window of your browser to preview reCAPTCHA.
Adding reCAPTCHA to contact forms
There are a lot of contact forms plugins available in the WordPress repository and most of them have options to add reCAPTCHA protection by default. All you need is to get the keys by following Step 2 above. If not, check the WordPress repository for any compatible reCAPTCHA solution that supports your contact form plugin. For custom-written contact forms, you can use the API provided by the reCAPTCHA to validate your visitor submissions.
As always, if you have any questions, don’t hesitate to contact us.
If you have any web hosting questions please feel free to reach out to us. We're happy to help.
Shared Hosting | Reseller Hosting | Managed WordPress Hosting | Fully Managed VPS Hosting
Our Guiding Principles
- Provide consistent, stable, and reliable web hosting services.
- Ensure rapid ticket response and quick resolutions to issues.
- Never saturate or over-provision servers to ensure stability and speed for our customers.
- Use only high-quality enterprise-class hardware to ensure minimal downtime from hardware failures.
- Provide clear pricing with no hidden fees or gotchas.