How to Set Up and Use reCAPTCHA in WPForms

Would you like to use Google’s reCAPTCHA to help prevent spam in your WordPress forms? Adding reCAPTCHA allows you to use human verification technology in your forms, which can decrease the amount of spam submissions you receive.

In this tutorial, we’ll walk you through how to set up and use the reCAPTCHA option in WPForms.

  1. Generating reCAPTCHA Keys in Google
  2. Adding reCAPTCHA to a Form
  3. Testing reCAPTCHA
  4. Frequently Asked Questions

1. Generating reCAPTCHA Keys in Google

To get started, you’ll need to log into your WordPress site and go to WPForms » Settings. Then, click on the CAPTCHA tab. Be sure that the reCAPTCHA option is selected.

Captcha tab in WPForms

Then, within the settings that appear, go ahead and select the reCAPTCHA Type you’d like to use.

Select type of reCAPTCHA to use

Note: For an overview of each reCAPTCHA type, be sure to check out our tutorial on how to choose a CAPTCHA for your forms. Each reCAPTCHA type requires a different set of keys, so if you later decide to switch types you will need to generate a new set of keys.

Next, you’ll need to set up reCAPTCHA in your Google account to generate the required keys. To start this setup process, you’ll need to open Google’s reCAPTCHA landing page.

Once you’ve opened the reCAPTCHA landing page, you’ll need to click the v3 Admin Console button in the left menu to get started.

Note: Clicking this button will take you to the general reCAPTCHA admin console, so if you’re looking to use the v2 reCAPTCHA, you’ll still need to click the v3 Admin Console button.

Click admin console button on Google reCAPTCHA page

After clicking this button, you’ll be asked to sign into your Google account. What you see on login will depend on whether you’ve set up reCAPTCHA with this account before.

If you have set up a reCAPTCHA with this account in the past, you’ll need to click the + (plus) icon to add a new site.

Existing reCAPTCHA users can click plus icon to add new site

If you’ve never set up reCAPTCHA before, you’ll be directed straight to the reCAPTCHA setup form.

Register a new site with Google reCAPTCHA

Below, you’ll find more details on how to fill out each field in this form.

  • Label: This is just for you, so enter any name that makes logical sense (most commonly the website name).
  • reCAPTCHA Type: Select the version of reCAPTCHA that you’d like to use.

Select reCAPTCHA type to use

Note: If you choose to enable the v3 reCAPTCHA, no reCAPTCHA badge will be shown on the front end of your site when used with a Conversational Form.

  • Domains: Enter the URL where you’ll be using reCAPTCHA. Do not include “http://www” at the start (for example, wpforms.com would be accepted, but https://wpforms.com or www.wpforms.com would not).
  • Owners: Unless you know a specific reason to adjust this, you can skip this.
  • Accept the reCAPTCHA Terms of Service: You must check this box to proceed.
  • Send alerts to owners: Unless you know a specific reason to turn this off, you can leave this box checked.

Once the form is complete, go ahead and click the Submit button.

Submit reCAPTCHA registration form

After registering, you should see a page with the keys for your website.

Copy reCAPTCHA keys

You’ll need to copy the Site Key and Secret Key. Then switch back to your WordPress site to paste these keys into their corresponding fields.

Add site key and secret key for reCAPTCHA

Now that you’ve added your reCAPTCHA keys, you can also optionally adjust other reCAPTCHA settings.

  • Fail Message: This error will display to any user who does not pass reCAPTCHA’s verification test.
  • Score Threshold (for reCAPTCHA v3 only): This is the score at which you want users to fail reCAPTCHA v3’s verification. Scores can range from from 0.0 (very likely a bot) to 1.0 (very likely a human).
  • No-Conflict Mode: If reCAPTCHA is being loaded more than once on your site (for example, by both WPForms and your WordPress theme), this can prevent reCAPTCHA from working properly. No conflict mode will remove any reCAPTCHA code that’s not loaded by WPForms. However, we highly recommend getting in touch with our support team if you’re at all unsure whether to use this option.

Additional reCAPTCHA settings in WPForms

Be sure to click on the Save Settings button at the bottom of this page to store your setting changes.

Additional Steps ONLY for AMP Users

If you’re running Google AMP on your WordPress site, then you’ll need to make an extra adjustment in your reCAPTCHA setup to ensure compatibility with AMP.

Note: When running Google AMP along with reCAPTCHA, a reCAPTCHA badge will not display on the front end of your site.

Underneath the reCAPTCHA keys, click Go To Settings.

AMP users click on Go To Settings

This will open your reCAPTCHA settings up again, however now you’ll be shown an extra setting that was hidden earlier.

Towards the bottom of this page, check the new box labeled Allow this key to work with AMP pages. Then, click Save once more.

AMP users need to enable compatibility

2. Adding reCAPTCHA to a Form

Now that you’ve set up your reCAPTCHA keys, you’ll be able to add reCAPTCHA to any of your WPForms.

To do this, go ahead and create a new form or edit an existing form.

After you’ve opened the form builder, look under the Standard Fields section and click on the reCAPTCHA field.

Enable reCAPTCHA on a form

To confirm that your reCAPTCHA is enabled, look for the badge in the upper right corner of your form builder.

Note: If no badge appears in your form builder, make sure you’ve correctly set up your reCAPTCHA keys.

3. Testing reCAPTCHA

The last step is to run a quick test to make sure that reCAPTCHA looks and works how you’re expecting.

To test this out, you’ll simply need to submit an entry to your form. For more details on how to test out your forms, please take a look at our full testing checklist.

Frequently Asked Questions

Can I use reCAPTCHA if my site uses a subdomain?

Google reCAPTCHA does work with subdomains, however reCAPTCHA won’t accept subdomain sites with the path format (e.g., https://domain.com/subdomain). If you’re using a subdomain for your site, be sure to format your site URL as subdomain.domain.com when setting up your reCAPTCHA keys.

I’m still getting spam with reCAPTCHA enabled. What can I do to stop this?

If you’re using the v2 reCAPTCHA, you can adjust the difficulty settings for your reCAPTCHA from within your Google reCAPTCHA account.

To increase the difficulty of your reCAPTCHA, navigate to the Security Preference section of your reCAPTCHA settings. From here, you can adjust the slider to be more secure.

Security Preferences in reCAPTCHA

That’s it! We just showed you how to add Google’s reCAPTCHA to your WPForms.

Next, would you like to keep a record of events that occur within your WordPress forms? Be sure to check out our guide on how to enable activity logging for more details.