This guide shows how to quickly add reCAPTCHA to WordPress comment forms. No internet user likes to jump through reCAPTCHA hoops to access the content. That includes those who add them to their blogs and websites. Unfortunately, spam commenting is rife today. Thus, responsible webmasters can protect themselves and their visitors with this effective verification service.
Spambots are a threat because they look for leaked passwords and post potentially harmful comments. Links can contain nasty viruses, point to phishing sites, and more. Some site owners disable WP comments because of all the spam, but you don’t have to resort to this.
reCAPTCHA to the Rescue
Google’s free reCAPTCHA I’m Not a Robot’ is an effective CAPTCHA system. The search engine giant first released it in May 2007. It’s much more user-friendly today than the original. The early version showed users scruffy text images that were often impossible to read. Now it’s so much easier, only asking users to identify objects in clickable images.
However, Google’s reCAPTCHA V2 doesn’t suit all websites and site owners.
Meet reCAPTCHA Version 3
The newer, reCAPTCHA V3 doesn’t use interactive tests like the V2. Instead, it gives out a score from 1–5. It works by notifying webmasters when potentially risky traffic tries to breach their security system. The most attractive thing about reCAPTCHA V3 is that it doesn’t inconvenience genuine users to your site.
How reCAPTCHA V3 technology works
The reCAPTCHA v3 system predicts activity based on algorithms. Whenever there’s a potentially risky login, it can request email verification. If it’s a bot trying to gain access, then it can’t continue. Posts flagged as spam—or potential spam—are sent for moderation rather than published. V3 can also filter fake friend requests so that they don’t reach the intended target.
reCAPTCHA Admin Console
The beauty of reCAPTCHA Version 3 is the backend data it provides. You can see what the bots and bad actors are doing—or trying to do—on your WordPress blog, website, or store. The reCAPTCHA Admin Console shows reCAPTCHA scores and activity. You may see bots attempting to post spam comments or fake product reviews that you can then block.
Where to Add reCAPTCHA on a Website or Blog
It’s up to the site owner where they add reCAPTCHAs. Usual areas include:
- Comments and user reviews pages
- Login in screens for member sites
- Contact forms
- Checkout screens on eCommerce type websites
- Other
Adding reCAPTCHA is a straightforward process, so you can put it anywhere you think necessary.
Stop Spam with reCAPTCHA in WordPress
This short guide adds current versions of reCaptcha in WordPress. It’s a simple procedure using a plugin, and there are several available. For this tutorial, we use the most widely used “I’m not a Robot” with the No CAPTCHA reCAPTCHA by MailOptin Team. Users can’t post comments until they’ve passed your reCaptcha, and that means a lot less spam.
Please read How to Install New Plugins first, if you’re new to WordPress, then return here.
Log in to your WP Dashboard as Administrator.
Install then Activate the plugin.
Go to Settings => No CAPTCHA reCAPTCHA from the Dashboard side menu.
You’re now at the No CAPTCHA reCAPTCHA settings screen.
Scroll down to the reCAPTCHA Keys section.
The first step is to grab the reCAPTCHA API Site key and Secret key.
You mustn’t skip this part, so click the Grab it here link to proceed.
The link takes you to the Google reCAPTCHA screen. You may need to log in with your Gmail account if you’ve not already done so.
Let’s go ahead and fill out the reCAPTCHA form to register the site.
- Enter a label that lets you identify your site easily
- Under Recapture Type, select reCAPTCHA v2, and “I’m not a robot” radio buttons
- Type the site URL in the Domain name section
- Check the email address you want to use is correct under Owners
- Accept the reCAPTCHA Terms of Service
- Allow Google to Send alerts to owners (optional)
- Click the Submit Button
The next screen confirms your website registration and provides your unique keys.
Copy and paste the keys into the plugin’s reCAPTCHA fields in WordPress and Save All Changes.
Now scroll down to the Display Settings section.
From here, you can choose where to add the reCAPTCHA on your WordPress website, i.e., Login Form, Registration Form, and Comment Form. There’s a tick (check) in the Registration and Comment Form boxes by default. We only want it for comments in this tutorial.
Untick the Registration form, leaving only the Comment Form selected.
Click Save All Changes.
Open any post on the site to test the new feature. You should now see a reCAPTCHA I’m Not a Robot’ checkbox near the “Post Comment” button.
No commenter can bypass this simple test.
Put a tick (check) in the ‘I’m not a robot’ box.
You’re then presented with a simple test that proves you’re a human.
That’s how you add a Google reCAPTCHA to your WordPress comments form. Your site can now tell humans and bad-behaving robots apart.
