Search for answers or browse our knowledge base.
Getting started with CAPTCHA 4WP
CAPTCHA 4WP is the most capable WordPress CAPTCHA solution that makes it easy to implement CAPTCHA on your WordPress website. It is highly customizable and can integrate with several different CAPTCHA service providers straight out of the box.
CAPTCHA 4WP is excellent at separating the wheat from the chuff, allowing humans to easily interact with your forms and logins while blocking spam bots.
This getting started guide will cover the steps you need to take to install and configure the CAPTCHA 4WP plugin on your WordPress website.
Step 1: Download and activate the plugin
When you purchased CAPTCHA 4WP you should have received an email with your license key and a plugin download link. If you do not see the email, kindly check your Spam/Junk folder.
Alternatively, you can log in to the My Account page, where you’ll find everything you need. To log in, use the email address used when purchasing the plugin. If you do not remember your password use the password reset functionality to reset your password.
Refer to the Melapress plugin installation guide for more information on how to install CAPTCHA 4WP.
Step 2: Get a Site Key and Secret Key pair
CAPTCHA 4WP offers out-of-the-box integration with the following CAPTCHA services and methods:
- Google ReCAPTCHA V2 “I’m not a robot”
- Google ReCAPTCHA V2 Invisible
- Google ReCAPTCHA V3
- hCaptcha Always Challenge
- Cloudflare Turnstile Managed mode
You need one site key per vendor and one secret key per method for each site that you want to enable CAPTCHA on. These keys need to be configured through the service provider’s website, with detailed instructions available in the links below.
How to get Google ReCAPTCHA keys
How to get Cloudflare Turnstile keys
Step 3: Set up the plugin
Once you activate the plugin, the configuration wizard will open automatically. The configuration wizard is designed to guide you through the initial configuration of CAPTCHA 4WP. If you’re not ready to start the configuration process at this time, you can exit the wizard by clicking on Cancel and restarting it later. To continue, click Next.
Step 3.1: Choose CAPTCHA vendor and version
CAPTCHA 4WP offers out-of-the-box integration with the following CAPTCHA versions:
- Google ReCAPTCHA V2 “I’m not a robot”
- Google ReCAPTCHA V2 Invisible
- Google ReCAPTCHA V3
- hCaptcha Always Challenge
- Cloudflare Turnstile Managed mode
Choose your preferred method by clicking on the radio button next to the method and click Next.
Step 3.2: Enter your Site Key
Regardless of which vendor or version you use, in the next step of the wizard, you will need to enter your Site Key. As mentioned earlier, you need to make sure that the Site Key you enter here is for the domain of the WordPress website.
Once you enter the Site Key, CAPTCHA 4WP will attempt to connect to the service to ensure the key works. If the connection is successful, you’ll see the CAPTCHA test displayed in the wizard, as shown in the screenshot below.
This example uses hCaptcha. If you chose a different CAPTCHA method, you will see the test for that method.
Enter your Site Key and click on Proceed to secret key.
Step 3.3: Enter your Secret Key
In the next step of the wizard, you will be asked to enter your Secret Key. Kindly enter the Secret Key in the text box and click Validate & proceed.
Once the key is validated, you can finish the CAPTCHA 4WP configuration wizard by clicking the Finish button.
Optional: ReCAPTCHA V3 failover
If you choose ReCAPTCHA V3, you’ll have an additional option available to configure a failover action. This setting allows you to present the user/visitor with a different challenge should ReCAPTCHA V3 return a negative result.
There are 3 failover actions to choose from. These are as follows:
Show a V2 CAPTCHA checkbox – This option presents the user/visitor with a ReCAPTCHA V2 I’m not a robot test.
Redirect the website visitor to a URL – This option redirects the user/visitor to a URL that you specify
Take no action – This option effectively disables the failover feature and does nothing.
If you choose the Show a V2 CAPTCHA checkbox option, you will need to supply a Site Key and Secret Key for Google ReCAPTCHA V2 “I’m not a robot”. This is not the same key pair as those for V3. Make sure you get a Google ReCAPTCHA Site Key and Secret Key for this version.
If you choose the Redirect the website visitor to a URL, you will need to enter the redirect URL. On the other hand, if you choose the Take no action option, no further additional input will be required.
Click Next once ready to finish the setup configuration. Click Finish to close the wizard.
Step 4: Configuration options
It’s important to note that ReCAPTCHA Version 3 includes additional settings specific to this version. Configuration of these settings is highly recommended.
CAPTCHA Score
ReCAPTCHA Version 3 assesses visitors’ interaction with your website to determine if it’s human-like or bot-like. Based on its assessment, it issues a score. The closer to 1 the score is, the more confident ReCAPTCHA is that the visitor is a human. The closer to 0 the score is, the more confident ReCAPTCHA is that the visitor is a bot.
By default, the score is set to 0.5; allowing assessments with a score of 0.5 and higher through. If you see an increase in spam at any point, you can increase the score. We recommend increasing the score by +0.1 at a time.
Load CAPTCHA v3 scripts on
For ReCAPTCHA V3 to assess visitors’ interactions, it needs to load its scripts. Here you can set where scripts are loaded:
- All Pages – Load scripts on all website pages. Improves assessment accuracy
- Form pages – Load scripts on form pages only. May reduce assessment accuracy
Captcha Language
Select the language that the reCAPTCHA should use. You can choose Auto Detect for reCAPTCHA to detect and match the user’s language automatically
Error Message
Enter the message you would like to display when a user does not pass the reCAPTCHA test.
Theme
Select the color scheme that you would like the reCAPTCHA to use. Available options include Light or Dark.
Size
Select the CAPTCHA size.
Recaptcha Domain
Select the reCAPTCHA domain that you would like to use to load reCAPTCHAs. This option allows you to choose a different domain should google.com be blocked. Unless you are experiencing any issues, this should be left as google.com.
Remove CSS
Tick this checkbox to disable the plugin’s CSS. The plugin includes its own CSS file that adjusts the width to fit reCAPTCHA.
Next, configure optional settings
At this stage, the plugin and the reCAPTCHA tests are fully functional. However, the plugin has several other settings that you can configure to customize the plugin to your requirements further.
More configuration options
- Whitelist IP addresses and URLs
- Limit CAPTCHA to failed logins
- Forms and comment submissions geo-blocking
Last step; add CAPTCHA tests to forms
Once the CAPTCHA service has been set up and integrated, and you have configured all the settings and fined tuned CAPTCHA, it is time to add CAPTCHA to your website forms. Below is a list of guides which you can refer to: