Adding reCAPTCHA to forms on a WordPress website

Please be advised that this guide is general advice only. Following these instructions does not guarantee the prevention of your website forms being used to send spam emails. It’s best to speak with a web developer or website security service for further help on this topic.

Step 1 – Obtaining a key pair from Google reCAPTCHA

1. Create a Google account if you don’t already have one.
2. Log in to the Google reCAPTCHA Admin Console.
3. The page you should land on should be titled Register a new site.
   • If this isn’t showing for you, this means you may have used reCAPTCHA in the past. Click the plus (+) icon to add a new site if you are not already on this page.
4. Fill out this form.
   • Label: Fill this out to help remember the purpose of this key pair. If you’re unsure what to put in here, just enter your website name.
   • reCAPTCHA type: Choose v2 to add a challenge for the user to complete before submitting your forms, or v3 for a CAPTCHA that runs in the background without the user needing to complete extra steps.
   • Domains: Add the domain(s) that your website uses here.
   • Owners: You may add extra email addresses here for others to manage this key pair.
   • Tick to accept the Terms of Service. This is required to continue.
   • Send alerts to owners: This will email alerts if Google detects misconfigurations or an increase in suspicious traffic.
5. Click Submit.
6. The next page titled Adding reCAPTCHA to your site will display a “key pair”. Leave this page open for the next steps so you can copy these keys when needed.

Step 2 – Entering your key pair into the settings of your form plugin

In a separate tab or window, log in to your WordPress website and navigate to your admin panel.

Contact Form 7

1. From the WordPress Admin panel, go to Contact → Integration.
2. From this page, click Setup Integration under the reCAPTCHA heading.
3. Here, copy your Site Key and Secret Key obtained from Google.
4. Click Save Changes.
   • If you have chosen v2 when generating your key pair, you will need to edit your form(s) and add the reCAPTCHA tag to the form.
5. Go to one of the forms on your website and look for the reCAPTCHA logo to see if it is working on your site. Test this out by sending a test submission – if your test does not submit, check that your key pair is entered correctly.

WPForms

1. From the WordPress Admin panel, go to WPForms → Settings.
2. On this Settings page, navigate to the CAPTCHA tab.
3. Ensure reCAPTCHA is enabled for the purpose of this guide, and then enter your Site Key and Secret Key obtained from Google.
4. Click Save Settings.
   • If you have chosen v2 when generating your key pair, you will need to edit your form(s) and add reCAPTCHA to the form.
5. Go to one of the forms on your website and look for the reCAPTCHA logo to see if it is working on your site. Test this out by sending a test submission – if your test does not submit, check that your key pair is entered correctly.

Ninja Forms

1. From the WordPress Admin panel, go to Ninja Forms→ Settings.
2. Under the reCaptcha Settings header, enter your Site Key and Secret Key obtained from Google.
3. Scroll to the bottom of this page and click Save Settings.
   • If you have chosen v2 when generating your key pair, you will need to edit your form(s) and add the reCAPTCHA block to the form.
4. Go to one of the forms on your website and look for the reCAPTCHA logo to see if it is working on your site. Test this out by sending a test submission – if your test does not submit, check that your key pair is entered correctly.

Is your plugin not listed here?

This guide is general advice only and does not cover all types of contact forms and websites. It is best to seek assistance from a professional web developer or a website security service.