Setting Up Google reCAPTCHA

Would you like to use Google’s reCAPTCHA to help prevent spam in your WordPress forms? Adding reCAPTCHA allows you to use human verification technology in your forms, which can decrease the number of spam submissions you receive.

In this tutorial, we’ll walk you through how to set up and use the reCAPTCHA option in WPForms.

  1. Generating reCAPTCHA Keys in Google
  2. Adding reCAPTCHA to a Form
  3. Testing reCAPTCHA
  4. Frequently Asked Questions

1. Generating reCAPTCHA Keys in Google

To get started, you’ll need to log into your WordPress site and go to WPForms » Settings. Then, click on the CAPTCHA tab.

WPForms Captcha settings

To configure Google reCAPTCHA, select the reCAPTCHA option.

Select reCAPTCHA option

Then, within the settings that appear, go ahead and select the reCAPTCHA Type you’d like to use.

Select type of reCAPTCHA to use

Note: For an overview of each reCAPTCHA type, be sure to check out our tutorial on choosing a CAPTCHA for your forms. Each reCAPTCHA type requires a different set of keys, so if you later decide to switch types you will need to generate a new set of keys.

Next, you’ll need to set up reCAPTCHA in your Google account to generate the required keys. To start this setup process, you’ll need to open Google’s reCAPTCHA admin console.

Here you’ll be asked to sign in to your Google account. What you see on login will depend on whether you’ve set up reCAPTCHA with this account before.

If you have set up a reCAPTCHA with this account in the past, you’ll need to click the + (plus) icon to add a new site.

Existing reCAPTCHA users can click plus icon to add new site

If you’ve never set up reCAPTCHA before, you’ll be directed straight to the reCAPTCHA setup form.

Register a new site with Google reCAPTCHA

Below, you’ll find more details on how to fill out each field in this form.

  • Label: This is only visible to you, so enter any name that makes logical sense (most commonly the website name).
  • reCAPTCHA type: Select the version of reCAPTCHA that you’d like to use.

Select reCAPTCHA type to use

Note: If you choose to enable the v3 reCAPTCHA, no reCAPTCHA badge will be shown on the frontend of your site when used with a Conversational Form.

  • Domains: Enter the URL where you’ll be using reCAPTCHA. Do not include “http://www” at the start (for example, would be accepted, but or would not).
  • Owners: Unless you know a specific reason to adjust this, you can skip this.
  • Accept the reCAPTCHA Terms of Service: You must check this box to proceed.
  • Send alerts to owners: Unless you know a specific reason to turn this off, you can leave this box checked.

Once the form is complete, go ahead and click the Submit button.

Submit reCAPTCHA registration form

After registering, you should see a page with the keys for your website.

Copy reCAPTCHA keys

You’ll need to copy the Site Key and Secret Key. Then switch back to your WordPress site to paste these keys into their corresponding fields.

Add site key and secret key for reCAPTCHA

Now that you’ve added your reCAPTCHA keys, you can also optionally adjust other reCAPTCHA settings.

  • Fail Message: This error will display to any user who does not pass reCAPTCHA’s verification test.
  • Score Threshold (for reCAPTCHA v3 only): This is the score at which you want users to fail reCAPTCHA v3’s verification. Scores can range from 0.0 (very likely a bot) to 1.0 (very likely a good interaction).
  • No-Conflict Mode: If reCAPTCHA is being loaded more than once on your site (for example, by both WPForms and your WordPress theme), this can prevent reCAPTCHA from working properly. No-Conflict Mode will remove any reCAPTCHA code that’s not loaded by WPForms. However, we highly recommend getting in touch with our support team if you’re at all unsure whether to use this option.

Additional reCAPTCHA settings in WPForms

  • Preview (for Checkbox reCAPTCHA v2 only): If reCAPTCHA is configured correctly, you’ll see a preview of what it will look like on your site.

Preview reCAPTCHA in WPForms settings

Be sure to click on the Save Settings button at the bottom of this page to store your setting changes.

Additional Steps ONLY for AMP Users (for reCAPTCHA v3 only)

If you’re running Google AMP on your WordPress site, then you’ll need to make an extra adjustment in your reCAPTCHA setup to ensure compatibility with AMP.

Note: When running Google AMP along with reCAPTCHA, a reCAPTCHA badge will not display on the frontend of your site.

Underneath the reCAPTCHA keys, click Go To Settings.

AMP users click on Go To Settings

This will open up your reCAPTCHA settings again, however, now you’ll be shown an extra setting that was hidden earlier.

Towards the bottom of this page, check the new box labeled Allow this key to work with AMP pages. Then, click Save once more.

AMP users need to enable compatibility

2. Adding reCAPTCHA to a Form

Now that you’ve set up your reCAPTCHA keys, you’ll be able to add reCAPTCHA to any of your WPForms.

To do this, go ahead and create a new form or edit an existing form.

After you’ve opened the form builder, look under the Standard Fields section and click on the reCAPTCHA field.

Enable reCAPTCHA on a form

Alternatively, you can always enable reCAPTCHA by going to Settings » Spam Protection and Security in the form builder.

Next, scroll down to the section labeled CAPTCHA. You’ll need to toggle the Enable Google Invisible v2 reCAPTCHA switch to the on position.

enable google v2 reCAPTCHA

Note: The label on the CAPTCHA switch depends on the version of reCAPTCHA you configured. For example, if you set up reCAPTCHA v3, the label will read “Enable Google v3 reCAPTCHA.”

To confirm that your reCAPTCHA is enabled, look for the badge in the upper right corner of the form builder.


Note: If no badge appears in your form builder, make sure you’ve correctly set up your reCAPTCHA keys.

3. Testing reCAPTCHA

The last step is to run a quick test to ensure that reCAPTCHA looks and works as you expect.

To test this out, you’ll simply need to submit an entry to your form. For more details on how to test out your forms, please take a look at our full testing checklist.

Frequently Asked Questions

Can I use reCAPTCHA if my site uses a subdomain?

Google reCAPTCHA does work with subdomains, however, reCAPTCHA won’t accept subdomain sites with the path format (e.g., If you’re using a subdomain for your site, be sure to format your site URL as when setting up your reCAPTCHA keys.

I’m still getting spam with reCAPTCHA enabled. What can I do to stop this?

If you’re using the v2 reCAPTCHA, you can adjust the difficulty settings for your reCAPTCHA from within your Google reCAPTCHA account.

To increase the difficulty of your reCAPTCHA, navigate to the Security Preference section of your reCAPTCHA settings. From here, you can adjust the slider to be more secure.

Security Preferences in reCAPTCHA

That’s it! We just showed you how to add Google’s reCAPTCHA to your WPForms.

Next, would you like to keep a record of events that occur within your WordPress forms? Be sure to check out our guide on how to enable activity logging for more details.