How to add reCAPTCHA (or other types of CAPTCHA) to your WordPress website

CAPTCHAs are an effective and easy-to-implement solution to protect your WordPress websites from spam and certain attack bots. Thanks to recent advancements, user experience has drastically improved, often requiring no interactions.

With many different CAPTCHA services and types to choose from, many administrators may find themselves at a loss. reCAPTCHA is the Google CAPTCHA service however, it is not the only one. While it certainly is one of the most popular, other contenders such as hCaptcha and Cloudflare Turnstile can also be integrated just as easily when using CAPTCHA 4WP.

Adding CAPTCHA to your WordPress website is easy when choosing CAPTCHA 4WP. It stands out as one of the best WordPress plugins thanks to its support for multiple providers, enabling you to choose the one that best fits your requirements. It also comes with many useful features designed with WordPress users in mind, such as Failover Action, which helps prevent false positives from falling through the cracks.

CAPTCHA 4WP is a CAPTCHA plugin for WordPress websites. It comes with a lot of useful features that easily make it a must-have CAPTCHA plugin.

With multiple plans to choose from, CAPTCHA 4WP will easily fit into your workflows and budget. Once you buy the plugin, you will receive an email with the CAPTCHA 4WP license key and plugin download link. Download the plugin and upload the plugin ZIP file to your WordPress website. Next, install and activate the plugin.

Once activated, CAPTCHA 4WP will show you the following prompt:

Enter your license key in the input field and then click the Activate License button to activate the plugin. You’ll find the license key in the email that you received after purchasing the plugin.

Different CAPTCHA services, such as Google reCAPTCHA, hCaptcha, and Cloudflare Turnstile, provide their versions of CAPTCHAs that you can integrate into your forms.

CAPTCHA 4WP enables you to add the following types of CAPTCHAs to your WordPress site:

  • Google reCAPTCHA v2 (I’m not a robot): Visitors have to check an “I’m not a robot” checkbox.
  • Google reCAPTCHA v2 (Invisible reCAPTCHA): Visitors are only asked to solve a CAPTCHA if Google deems their activities to be suspicious.
  • Google reCAPTCHA v3: Assesses visitor behavior to issue a score without any user interaction.
  • hCaptcha: Visitors have to check an “I’m not a robot” checkbox.
  • Cloudflare Turnstile: where users occasionally have to check a checkbox if the service thinks that the request is suspicious.

Google reCAPTCHA v3 and other CAPTCHA services require a site key and a secret key to work. The site key is passed in the HTML code of your web pages. The secret key is used for server-side integration. CAPTCHA 4WP automatically takes care of all this for you.

You can get your site key and secret key by visiting the service provider’s website. We will illustrate how this works using reCAPTCHA V3. First, you’ll need to log in to the service provider’s dashboard. In our case, we’ll be logging in to Google’s reCAPTCHA admin dashboard using a Google account.

Google will take you to its register a new site page if you don’t have any reCAPTCHA keys associated with your account. Otherwise, you can click the + icon in the secondary header menu to create a new pair of keys.

Keep in mind that the reCAPTCHA API keys are tied to a specific website and a specific version of reCAPTCHA. Therefore, it is essential to ensure that the website domain and reCAPTCHA version match what is configured on your WordPress website.

Register your site with Google reCAPTCHA

You’ll need to fill out a few details to register a site to enable reCAPTCHA:

  • Label: The label is meant for you to identify a pair of keys. You can choose any name for it that you like. It won’t affect how reCAPTCHA works on your site. In this tutorial, we have named it Melapress v3. This tells us the associated website as well as the type of integrated reCAPTCHA.
  • reCAPTCHA type:  Here. you’ll need to choose the reCA{PTCHA version you would like to set up. In this example, we’re selecting reCAPTCHA v3 since this is what we will be using in this tutorial.
  • Domains: enter the domain name that you want to register. You only need to enter the hostname and the TLD of the domain. It should not include the protocol (http:// or https://) or other such information as part of the URL string. Also, remember that registering a domain automatically registers all its subdomains.
  • Owners: The account you used to log in to get the site key and secret key is the owner of those keys by default. It is also possible to add other owners if you want by providing their email addresses.

Once all fields have been filled in, you’ll need to check the box to accept the reCAPTCHA terms of service if you want to use reCAPTCHA. You can also optionally check the box that says “Send alerts to owners”. This will make sure that you receive alerts from Google if it detects any problems, such as an increase in suspicious traffic or some misconfiguration.

Click the Submit button once you have filled and verified the entered values to make sure there are no errors, such as the selection of the wrong reCAPTCHA type or misspelled domain.

You should now see a message about successful registration on the next page, as shown in the screenshot below:

A note on API keys

You’ll need to supply the generated site key and secret key to the CAPTCHA 4WP plugin in the next section, so make sure you take note of them.

While we’re covering the process for reCAPTCHA V3 here, the process works similarly for other versions and methods. The Melapress Knowledge Base includes detailed how-tos that will help you configure any type of CAPTCHA covered by the plugin.


We are now ready to configure CAPTCHA on our website using the CAPTCHA integration wizard offered by CAPTCHA 4WP.

Select the type of CAPTCHA

With CAPTCHA 4WP configured, navigate to CAPTCHA 4WP > CAPTCHA Configuration from the WordPress dashboard. Next, click the Configure CAPTCHA integration button. This will start the CAPTCHA integration wizard, which will walk you through the entire setup process. 

First, select the type of CAPTCHA service that you want to use on your website.

In this example, we’re selecting Google reCAPTCHA v3. However, you can choose the service that best fits your requirements. Just make sure that you’ve configured the right keys, as covered in the previous step. Once ready, click on Next. This will take you to the next step, where you’ll need to enter the site key.

Provide your site key

In Step 2 of the configuration process, you’ll need to enter the site key.  If the key is valid, CAPTCHA 4WP will display the CAPTCHA, signaling it it able to connect to the vendor successfully.

Click the Proceed to secret key button now.

Provide your secret key

In the third step, you need to enter the secret key and click the Validate and Proceed button.

Configure a failover action (optional)

One important thing to remember about Google reCAPTCHA v3 is that it is fully automated. This means that, by default, it won’t allow visitors to proceed if they fail the CAPTCHA check. This could prevent legitimate visitors from proceeding forward.

We can prevent this from happening by configuring a failover action. A failover action determines what happens when visitors fail the reCAPTCHA v3 test.

CAPTCHA 4WP gives you the option to choose from three different failover actions:

  • Show a v2 CAPTCHA checkbox.
  • Redirect the visitor to a URL.
  • Take no action.

If you decide to show your visitors a Google reCAPTCHA checkbox, you will need to provide the reCAPTCHA v2 site key and secret key to CAPTCHA 4WP. Keep in mind that these site key and secret key values are separate from the reCAPTCHA V3 keys.

You can easily generate a new pair of keys by following the instructions we covered earlier. You’ll just make sure that you set the reCAPTCHA type to reCAPTCHA v2 “I’m not a robot” checkbox.

Click on the Next button to continue.

Finally, click the Finish button, and your basic configuration to integrate reCAPTCHA v3 into your website will be complete.

CAPTCHA 4WP is a very versatile plugin that you can use to integrate CAPTCHA in any type of form.

Support for native WordPress forms

You can use CAPTCHA 4WP to add CAPTCHA to the WordPress login form, registration form, reset password form, lost password form, and comments form. You can also use the plugin to add CAPTCHA checks to WooCommerce pages, such as the WooCommerce checkout page, WooCommerce login page, WooCommerce password reset page, etc.

Support for third-party plugins

There are a lot of popular form builder plugins in WordPress that website administrators use to create different types of forms, such as a WordPress contact form. Protecting your WordPress contact forms with CAPTCHA 4WP means that you will be able to drastically reduce spam submissions.

CAPTCHA 4WP comes out of the box with very good support for third-party plugins like Contact Form 7, WPForms, Gravity Forms, MailChimp for WordPress, BuddyPress, and bbPress. 

This means that you can easily integrate CAPTCHA into any form using CAPTCHA 4WP via a simple mouse click or drag and drop. There is no need for any customization.

Custom WordPress forms

Let’s say you have a custom form running on WordPress on your website. 

You can still use CAPTCHA 4WP to protect this form from spam bots and prevent fraudulent submissions. Our plugin allows you to display a CAPTCHA field in custom WordPress forms very easily.

Adding CAPTCHA to WordPress forms

Now that the plugin has been configured navigate to CAPTCHA 4WP > Settings & Placements to specify the forms where you want to add the CAPTCHA check. In this tutorial, we just select the Login form and Registration form.

Scroll down to the bottom of the page and click Save Changes.

To verify that CAPTCHA is working, log out from your WordPress account, and you should see the reCAPTCHA badge on the login page.

The same badge should also be visible on the registration page.

Seeing the Google reCAPTCHA badge on the login and registration page means that you have successfully added CAPTCHA to your WordPress site.

There are some optional settings in CAPTCHA 4WP that you can tweak to fine-tune CAPTCHA behavior and appearance according to your requirements. We will discuss some of them here.

Selectively enable and disable CAPTCHA tests

The primary purpose of CAPTCHA tests is to tell apart human visitors from bots. This means that you might not need to enable CAPTCHA for visitors who already have a registered account on your site. Using CAPTCHA only when necessary can improve user experience.

By default, CAPTCHA tests are set to be always active in CAPTCHA 4WP. However, it also gives you the option to disable CAPTCHA tests for logged-in users. It is up to you to specify if the plugin should disable CAPTCHA for all logged-in users or only for users with specific user roles.

Similarly, you also have the option to show the CAPTCHA test on the login page only if the visitors made some failed login attempts. This can help combat brute-force attacks meant to gain unauthorized access to a user’s account.

Change placement of the reCAPTCHA badge

As we have mentioned earlier, reCAPTCHA v3 does not directly interact with visitors. A reCAPTCHA badge that shows up on pages protected by Google’s reCAPTCHA v3 will let visitors know that reCAPTCHA is active on the page.

You can set the placement of this reCAPTCHA badge to either the bottom left or the bottom right of the page to match your WordPress theme.

Change reCAPTCHA domain

reCAPTCHA is a Google service. This means that visitors from regions where Google is blocked will not be served CAPTCHAs. Google does provide some alternate domains that you can use to load the reCAPTCHA script or other Google reCAPTCHA-related resources.

The CAPTCHA 4WP plugin provides an easy way for you to switch to alternate domains that serve the reCAPTCHA script without worrying about making changes to any code.

Please note that other CAPTCHA service providers, such as hCaptcha and Cloudflare Turnstile, are not blocked in different regions like Google reCAPTCHA.

There are a few other important (differences between other CAPTCHA services and reCAPTCHA, such as GDPR compliance, that you might want to consider when determining which service to use on your site to protect it against spambots.

The good news is that CAPTCHA 4WP supports both hCaptcha and Cloudflare turnstile in case you decide to use a different service in the future.

reCAPTCHA v3 sensitivity

Google reCAPTCHA v3 returns a score for each visitor based on their interaction with your website.

This score can range from 0.0 to 1.0. The closer a score is to 1.0, the more likely it is that the interaction was likely initiated by a human.

How users interact with a website is also determined by the type of content it hosts. Therefore, Google lets website administrators set their own threshold for this CAPTCHA score.

CAPTCHA 4WP allows you to specify the threshold below which the traffic is marked as spam. Please keep in mind that this configuration option is only available for reCAPTCHA v3. The default value of this score is 0.5.

reCAPTCHA loading options

Google reCAPTCHA can only keep track of visitor behavior through scripts loaded on the form pages by default. However, reCAPTCHA v3 works best when it can assess how visitors are behaving across the entire site.

You can load reCAPTCHA v3 on all pages of your WordPress website by selecting the All Pages option from the dropdown for the “Load reCAPTCHA v3 scripts on” setting.

CAPTCHA 4WP is our dedicated CAPTCHA WordPress plugin, built with security and ease of use in mind. It is more than a reCAPTCHA plugin, making it easy for you to add different types of CAPTCHA to your WordPress websites and protect yourself from spam comments. 

CAPTCHA 4WP offers wide support with WordPress itself and many 3rd party plugins. It allows you to add CAPTCHA to any form on your website, including the comment, login, registration, and checkout forms. It also makes it easy to add CAPTCHAs to your favorite contact form plugin, thanks to its out-of-the-box support.

If you’re looking to prevent spam and protect yourself from malicious bots, adding reCAPTCHA or anything type of CAPTCHA is a low-hanging fruit that can be of great benefit. It is also quick and easy when using the CAPTCHA 4WP plugin. The CAPTCHA integration wizard in CAPTCHA 4WP guides you throughout the process.

The CAPTCHA 4WP plugin includes a valuable set of additional features that make it better than other CAPTCHA plugins. For instance, you get reCAPTCHA v3 failover action, one-click WooCommerce support, ability to add CAPTCHA to any form, among other things.

CAPTCHAs can prove very effective in protecting your website against spambots. Our plugin, CAPTCHA 4WP, does an excellent job of stopping attacks from bots while still being very user-friendly. Get the CAPTCHA 4WP plugin today and see the amount of spam you encounter on your WordPress website effectively go to zero.

Take the Melapress Security Survey 2024

Share your perspective
and WIN