Knowledgebase Home / How To Add CAPTCHA Protection To WordPress

How To Add CAPTCHA Protection To WordPress

In this guide, we will walk you through the steps to add CAPTCHA protection to your WordPress site

Quick Steps

  • Install a reCAPTCHA plugin
  • Register for Google reCAPTCHA keys
  • Copy the keys and configure the plugin

As WordPress gets popular and popular, Spam comments and Contact forms spams have gotten out of control for the websites that use it. As spammers become more sophisticated, they can launch massive spam attacks with little effort. Dealing with spam comments can be frustrating, and some website owners even choose to completely disable comments on their websites.  Instead of turning off the comments, you can add captcha protection to the WordPress comment form to practically eliminate spam.

reCAPTCHA is an advanced form of CAPTCHA, which is a technology used to differentiate between robots and human users.  Google acquired CAPTCHA technology in 2009 and then later renamed it as reCAPTCHA. Basically, it presents users with a simple checkbox that they can click to pass the test. If for some reason the test doesn’t pass, then the user will be presented with a challenge identifying text in an image or matching objects in multiple images which will be simple for humans but not for bots.

Google reCAPTCHA sample screenshot

Install a reCAPTCHA plugin

There are quite a lot of plugins available in the WordPress repository. Most of them support WordPress forms like Login form, Registration form, Reset password form, Comment form, New password form, etc. Not every reCAPTCHA plugin has support for contact forms as the contact forms plugins are different in every website as it is installed as it suits you and most of them have built-in support for reCAPTCHA. All you need is to add the keys to it. We will discuss it in the next step. 

An example plugin will be “Simple Google reCAPTCHA” which supports adding reCAPTCHA for Login form, Registration form, Reset password form, Comment form & New password form.

Download ReCaptcha plugin

Once installed and activated, go to Settings >> Simple Google reCAPTCHA on the left side menu. It will lead you to the plugin settings where you will be asked to provide a site key and secret key which you will get once you register on the reCAPTCHA website.

Simple Google reCaptcha settings before adding key

Simple Google reCaptcha settings before adding key

Register for Google reCAPTCHA keys

Go to https://www.google.com/recaptcha and log in with your Google account. Once logged in you will be presented with a screen to add your domain.

Google reCaptcha Registration

Google reCaptcha Registration

Fill in the label that you want to identify the domain, select the reCAPTCHA type. Here we are using the reCAPTCHA v2 type which most of the plugins support and is easy to configure, Add the domains you want to protect with the reCAPTCHA and accept their terms of service.  Once all the details are filled in, click submit and you will receive the keys on the next screen.

Google reCaptcha Keys

Google reCaptcha Keys

Copy the keys and configure the plugin

In the “Simple Google reCAPTCHA” settings page,  add the site key and secret key we copied from the reCAPTCHA website and click the “Save Changes” button to add captcha protection to WordPress website forms.

Simple-Google-reCAPTCHA​-_settings

Simple-Google-reCAPTCHA​-_settings

You’ve successfully added reCAPTCHA to your WordPress built-in forms. You can now check your blog’s comment section or login page to confirm that it’s working properly.

Note: the reCAPTCHA checkbox will be displayed only to logged-out users, so you will need to either logout or open your website in an Incognito window of your browser to preview reCAPTCHA.

Adding reCAPTCHA to contact forms

There are a lot of contact forms plugins available in the WordPress repository and most of them have options to add reCAPTCHA protection by default. All you need is to get the keys by following Step 2 above. If not, check the WordPress repository for any compatible reCAPTCHA solution that supports your contact form plugin. For custom-written contact forms, you can use the API provided by the reCAPTCHA to validate your visitor submissions.

As always, if you have any questions, don’t hesitate to contact us.


If the steps above listed in this article do not resolve your issue, please feel free to open a support ticket and we’d be happy to take a look.  

Our Guiding Principles

  • Provide consistent, stable, and reliable web hosting services.
  • Ensure rapid ticket response and quick resolutions to issues.
  • Never saturate or over-provision servers to ensure stability and speed for our customers.
  • Use only high-quality enterprise-class hardware to ensure minimal downtime from hardware failures.
  • Provide clear pricing with no hidden fees or gotchas.