Would you like to use Google’s reCAPTCHA to help prevent spam in your WordPress forms? Adding reCAPTCHA allows you to use human verification technology in your forms, which can decrease the number of spam submissions you receive.
In this tutorial, we’ll walk you through how to set up and use the reCAPTCHA option in WPForms.
- Generating reCAPTCHA Keys in Google
- Adding reCAPTCHA to a Form
- Testing reCAPTCHA
- Frequently Asked Questions
1. Generating reCAPTCHA Keys in Google
To get started, you’ll need to log into your WordPress site and go to WPForms » Settings. Then, click on the CAPTCHA tab. Be sure that the reCAPTCHA option is selected.
Then, within the settings that appear, go ahead and select the reCAPTCHA Type you’d like to use.
Note: For an overview of each reCAPTCHA type, be sure to check out our tutorial on choosing a CAPTCHA for your forms. Each reCAPTCHA type requires a different set of keys, so if you later decide to switch types you will need to generate a new set of keys.
Next, you’ll need to set up reCAPTCHA in your Google account to generate the required keys. To start this setup process, you’ll need to open Google’s reCAPTCHA admin console.
Here you’ll be asked to sign in to your Google account. What you see on login will depend on whether you’ve set up reCAPTCHA with this account before.
If you have set up a reCAPTCHA with this account in the past, you’ll need to click the + (plus) icon to add a new site.
If you’ve never set up reCAPTCHA before, you’ll be directed straight to the reCAPTCHA setup form.
Below, you’ll find more details on how to fill out each field in this form.
- Label: This is only visible to you, so enter any name that makes logical sense (most commonly the website name).
- reCAPTCHA type: Select the version of reCAPTCHA that you’d like to use.
Note: If you choose to enable the v3 reCAPTCHA, no reCAPTCHA badge will be shown on the frontend of your site when used with a Conversational Form.
- Domains: Enter the URL where you’ll be using reCAPTCHA. Do not include “http://www” at the start (for example, wpforms.com would be accepted, but https://wpforms.com or www.wpforms.com would not).
- Owners: Unless you know a specific reason to adjust this, you can skip this.
- Accept the reCAPTCHA Terms of Service: You must check this box to proceed.
- Send alerts to owners: Unless you know a specific reason to turn this off, you can leave this box checked.
Once the form is complete, go ahead and click the Submit button.
After registering, you should see a page with the keys for your website.
You’ll need to copy the Site Key and Secret Key. Then switch back to your WordPress site to paste these keys into their corresponding fields.
Now that you’ve added your reCAPTCHA keys, you can also optionally adjust other reCAPTCHA settings.
- Fail Message: This error will display to any user who does not pass reCAPTCHA’s verification test.
- Score Threshold (for reCAPTCHA v3 only): This is the score at which you want users to fail reCAPTCHA v3’s verification. Scores can range from 0.0 (very likely a bot) to 1.0 (very likely a good interaction).
- No-Conflict Mode: If reCAPTCHA is being loaded more than once on your site (for example, by both WPForms and your WordPress theme), this can prevent reCAPTCHA from working properly. No-Conflict Mode will remove any reCAPTCHA code that’s not loaded by WPForms. However, we highly recommend getting in touch with our support team if you’re at all unsure whether to use this option.
- Preview (for Checkbox reCAPTCHA v2 only): If reCAPTCHA is configured correctly, you’ll see a preview of what it will look like on your site.
Be sure to click on the Save Settings button at the bottom of this page to store your setting changes.
Additional Steps ONLY for AMP Users (for reCAPTCHA v3 only)
If you’re running Google AMP on your WordPress site, then you’ll need to make an extra adjustment in your reCAPTCHA setup to ensure compatibility with AMP.
Note: When running Google AMP along with reCAPTCHA, a reCAPTCHA badge will not display on the frontend of your site.
Underneath the reCAPTCHA keys, click Go To Settings.
This will open up your reCAPTCHA settings again, however, now you’ll be shown an extra setting that was hidden earlier.
Towards the bottom of this page, check the new box labeled Allow this key to work with AMP pages. Then, click Save once more.
2. Adding reCAPTCHA to a Form
Now that you’ve set up your reCAPTCHA keys, you’ll be able to add reCAPTCHA to any of your WPForms.
To do this, go ahead and create a new form or edit an existing form.
After you’ve opened the form builder, look under the Standard Fields section and click on the reCAPTCHA field.
To confirm that your reCAPTCHA is enabled, look for the badge in the upper right corner of your form builder.
Note: If no badge appears in your form builder, make sure you’ve correctly set up your reCAPTCHA keys.
3. Testing reCAPTCHA
The last step is to run a quick test to make sure that reCAPTCHA looks and works how you’re expecting.
To test this out, you’ll simply need to submit an entry to your form. For more details on how to test out your forms, please take a look at our full testing checklist.
Frequently Asked Questions
Can I use reCAPTCHA if my site uses a subdomain?
Google reCAPTCHA does work with subdomains, however, reCAPTCHA won’t accept subdomain sites with the path format (e.g.,
https://domain.com/subdomain). If you’re using a subdomain for your site, be sure to format your site URL as subdomain.domain.com when setting up your reCAPTCHA keys.
I’m still getting spam with reCAPTCHA enabled. What can I do to stop this?
If you’re using the v2 reCAPTCHA, you can adjust the difficulty settings for your reCAPTCHA from within your Google reCAPTCHA account.
To increase the difficulty of your reCAPTCHA, navigate to the Security Preference section of your reCAPTCHA settings. From here, you can adjust the slider to be more secure.
That’s it! We just showed you how to add Google’s reCAPTCHA to your WPForms.
Next, would you like to keep a record of events that occur within your WordPress forms? Be sure to check out our guide on how to enable activity logging for more details.