Want to stop spammers from filling out your forms? Google’s reCAPTCHA allows you to add human verification technology to your forms. WPForms makes it super easy to add reCAPTCHA to your forms.
In this article, we will show you how to set up and enable the built-in reCAPTCHA integration in WPForms.
What is reCAPTCHA?
reCAPTCHA is a free spam prevention service provided by Google. There are three types of reCAPTCHA available for your forms: v2 Checkbox reCAPTCHA, v2 Invisible reCAPTCHA, and v3 reCAPTCHA.
v2 Checkbox reCAPTCHA
With this classic form of reCAPTCHA, the user must check a box to confirm that they are human.
v2 Invisible reCAPTCHA (recommended)
Just like the v2 Checkbox reCAPTCHA, v2 Invisible reCAPTCHA will in some cases ask the user to answer image-based questions to ensure they are not a spam bot.
To avoid asking for user interaction, Google will monitor the user’s behavior on your site to look for what it considers suspicious activity. Then, reCAPTCHA will assign them a score. You will decide the score needed to allow your forms to submit.
If a user’s reCAPTCHA score does not meet your requirements, they will have no way to submit your form. This is a major difference from the v2 reCAPTCHA options, which provide an opportunity for the user to prove that they’re human.
Note: Since there is a chance that v3 reCAPTCHA may prevent some legitimate users from submitting your forms, we recommend using v2 Invisible reCAPTCHA on most sites. v3 reCAPTCHA is recommended only for advanced users, if advised by support, or if running Google AMP.
1. Generating reCAPTCHA Keys in Google
To get started, you’ll need to log into your WordPress site and go to WPForms » Settings. Then, click on the reCAPTCHA tab.
In the settings, go ahead and select the Type you’d like to use.
Note: Each reCAPTCHA type requires a different set of keys, so if you later decide to switch types you will need to generate a new set of keys.
Next, you’ll need to set up reCAPTCHA in your Google account to get the required keys. To start this setup process, you’ll need to open Google’s reCAPTCHA landing page.
Once you’ve opened the reCAPTCHA landing page, you’ll need to click the Admin console button in the upper right corner to get started.
After clicking this button, you’ll be asked to sign into your Google account. What you see on login will depend on whether you’ve set up reCAPTCHA with this account before.
If you have set up a reCAPTCHA with this account in the past, you’ll need to click the + (plus) icon to add a new site.
If you’ve never set up reCAPTCHA before, you’ll be directed straight to the reCAPTCHA setup form.
Below, you’ll find more details on how to fill out each field in this form.
- Label: This is just for you, so enter any name that makes logical sense (most commonly the website name).
- reCAPTCHA Type: Select the version of reCAPTCHA that you’d like to use.
- Domains: Enter the URL where you’ll be using reCAPTCHA. Do not include “http://www” at the start (for example, wpforms.com would be accepted, but https://wpforms.com or www.wpforms.com would not).
- Owners: Unless you know a specific reason to adjust this, you can skip this.
- Accept the reCAPTCHA Terms of Service: You must check this box to proceed.
- Send alerts to owners: Unless you know a specific reason to turn this off, you can leave this box checked.
Once the form is complete, go ahead and click the Submit button.
After registering, you should see a page with the keys for your website.
You’ll need to copy the Site Key and Secret Key. Then switch back to your WordPress site to paste these keys into their corresponding fields.
Now that you’ve added your reCAPTCHA keys, you can also optionally adjust other reCAPTCHA settings.
- Fail Message: This error will display to any user who does not pass reCAPTCHA’s verification test.
- Score Threshold (for reCAPTCHA v3 only): This is the score at which you want users to fail reCAPTCHA v3’s verification. Scores can range from from 0.0 (very likely a bot) to 1.0 (very likely a human).
- No-Conflict Mode: If reCAPTCHA is is being loaded more than once on your site (for example, by both WPForms and your WordPress theme), this can prevent reCAPTCHA from working properly. No conflict mode will remove any reCAPTCHA code that’s not loaded by WPForms. However, we highly recommend getting in touch with our support team if you’re in at all unsure whether to use this option.
Be sure to click on the Save Settings button at the bottom of this page to store your setting changes.
Additional Steps ONLY for AMP Users
If you’re running Google AMP on your WordPress site, then you’ll need to make an extra adjustment in your reCAPTCHA setup to ensure compatibility with AMP.
Underneath the reCAPTCHA keys, click Go To Settings.
This will open your reCAPTCHA settings up again, however now you’ll be shown an extra setting that was hidden earlier.
Towards the bottom of this page, check the new box labeled Allow this key to work with AMP pages. Then, click Save Settings once more.
2. Adding reCAPTCHA to a Form
Now that you’ve set up your reCAPTCHA keys, you’ll be able to add reCAPTCHA to any of your WPForms.
To do this, go ahead and create a new form or edit an existing form.
After you’ve opened the form builder, go to Settings » General and check the box labeled Enable Google Checkbox v2 reCAPTCHA or Enable Google invisible v2 reCAPTCHA.
3. Testing reCAPTCHA
The last step is to run a quick test to make sure that reCAPTCHA looks and works how you’re expecting.
To test this out, you’ll simply need to submit an entry to your form. For more details on how to test out your forms, please take a look at our full testing checklist.
That’s it! You can now add reCAPTCHA to any of your forms for added spam protection.
Next, would you like to find out how to customize automatic notification emails for your forms? Be sure to check out our notifications tutorial for details on how to email the person who submitted the form, add a header image, and more.