How to Enable reCAPTCHA in WordPress: A Comprehensive Guide

Recaptcha is the security facility of Google that distinguishes human users from malicious bots. The previous versions used puzzles like deformed words or images to filter traffic, while the new background runs automatically.

In WordPress, recaptcha usually appears on the login page to help prevent online dangers such as cruel force attacks and spam entries. This feature is less infiltrated than other safety tests, ensuring a smooth user experience.

In this WordPress tutorial, we will provide detailed instructions to configure Recaptcha using a plugin and code. To ensure optimal website safety, you will also learn its benefits and best practices.

What Is WordPress reCAPTCHA?

WordPress Recaptcha is a security facility that filters human and automatic traffic on your website. It does so by showing a simple puzzle or by investigating an automatic background.

There are two ways to add recaptcha to WordPress sites – using a plugin or embedding Google API using the code within the file of your theme.

Why You Should Use reCAPTCHA on WordPress

Here are several advantages of installing Google CAPTCHA on WordPress sites:

  • Security. Google CAPTCHA blocks brute force attacks that might compromise your website uptime. It also helps prevent spam comments and protect contact form submissions from malicious bots.
  • User experience. Unlike other security check-in features, Google CAPTCHA is more user-friendly and can run in the background, improving the user experience.
  • Website integrity. Spam and bot filters help ensure your WordPress site data is reliable and legitimate to preserve integrity.
  • Easy implementation. WordPress users can integrate Google CAPTCHA for free using a plugin without coding.

In addition to installing Google Captcha, make sure your web host provides strong security features. For example, Hostinger’s managed WordPress hosting schemes include unlimited SSL certificates, DDOS security and a vibrant scanner.

How to Enable Google reCAPTCHA on a WordPress Site

In this section, we will explain two ways to add recaptcha to a WordPress site. Both approaches have the same results but there is a variation in difficulty.

How to Enable Google reCAPTCHA for WordPress Using a Plugin

The easiest way to enable recaptcha is using a plugin and Google account. This method is suitable for beginners because it does not require coding.

Note which stages will be different from the WordPress captcha plugins you choose.

1. Install a WordPress reCAPTCHA Plugin

Set a WordPress captcha plugin through your administrator dashboard. There are various options, but we will use advanced Google recaptcha as it is simple and provides a free version.

Follow these steps to download and install WordPress plugin:

  1. Log in to hPanel then head to Websites. Click Admin Panel on the website you want to manage.
  2. On the WordPress dashboard, navigate to the sidebar → Plugins Add New.
  3. Search Advanced Google reCAPTCHA and press Enter. Then, click Install Now on the plugin.
  4. After the installation process is complete, click Activate.
The plugin installation page in WordPress

2. Set Google Recaptcha and configure

Set a Google Captcha account to get API key to connect the service with your plugin. To do this, log in to your Gmail account and open the recaptcha administrator panel.

Enter the following information in the register form:

  • Label. The name for your reCAPTCHA.
  • reCAPTCHA type. The verification method to implement on your website.
  • Domains. Your website domain name. It’s possible to add multiple domains.
  • Owners. The reCAPTCHA administrator. It is automatically set to your current email address.
reCAPTCHA API key generation page

Tick the terms of services, click on checkbox and submit button. Google API will generate secret key and site key for connection. Store them to a safe place as we will use them later.

3. Configure Recaptcha on WordPress dashboard

Return to your WordPress dashboard and navigate on settings → Advanced Google Recaptcha on Sidebar. In the captcha tab, select the Captcha type according to the configured on Google.

Advanced Google reCAPTCHA plugin's CAPTCHA configuration page

This plugin includes a feature to check if your credentials are valid. When you paste the captcha site key and captcha secret key to their areas, click verify the captcha. Then, hit the sev change to complete the setup process.

Where to show the tab, click on the togal to display recaptcha in the selected location. This plugin consists of pre-determined areas for inserting Google Captcha, such as a login page or registration form.

Click on the Save Change, and the safety check-in should be shown on the specified areas. Ensure that it works by navigating on the live web page and following login or registration.

reCAPTCHA in WordPress login page

How to Enable Google reCAPTCHA for WordPress Manually

If you do not want to install a plugin, enable Google Captcha manually by modifying your subject function. PHP File Code. We do not recommend this method for individuals because misunderstandings can harm the purpose of your website.

After creating Google Captcha account and copy API Keys, open websites. Click the management for the target site and select the file manager.

/WP-content/theme/theme/navigate on the name. Right-click Function.php and select Edit. Enter your code below the file and click on the disc icon in the top right corner to save changes.

The codes differ depending on where you want to display the CAPTCHA. For example, this snippet will show a security check-in on the WordPress login page:// Call the Google reCAPTCHA verification API on the login form page function login_style() { wp_register_script(‘login-recaptcha’, ‘ false, NULL); wp_enqueue_script(‘login-recaptcha’); } add_action(‘login_enqueue_scripts’, ‘login_style’); // Add Google CAPTCHA on login form page function add_recaptcha_on_login_page() { echo ‘<div class=”g-recaptcha brochure__form__captcha” // Replace the placeholder with your site key data-sitekey=”INSERT_YOUR_SITE_KEY_HERE”></div>’; } add_action(‘login_form’,’add_recaptcha_on_login_page’);

Replace the placeholder with your actual site key. Modify the code if you want to display reCAPTCHA in other areas. For example, we’ll display it on the WordPress comment form of a post:// Add CAPTCHA on a WordPress post’ comment form function add_google_recaptcha_to_comment_form() { echo ‘<script src=” async defer></script>’; echo ‘<div class=”g-recaptcha” data-sitekey=”YOUR_SITE_KEY”></div>’; } function verify_google_recaptcha_comment($commentdata) { $recaptcha_response = $_POST[‘g-recaptcha-response’]; $response = wp_remote_post( ‘ array( ‘body’ => array( ‘secret’ => ‘YOUR_SECRET_KEY’, ‘response’ => $recaptcha_response, ), ) ); $data = json_decode(wp_remote_retrieve_body($response)); if (!$data->success) { wp_die(‘reCAPTCHA verification failed. Please try again.’); } return $commentdata; } add_action(‘comment_form’, ‘add_google_recaptcha_to_comment_form’); add_filter(‘preprocess_comment’, ‘verify_google_recaptcha_comment’);

reCAPTCHA on a WordPress post comment form

Note that these codes are for snippet Illustrative purposes. Depending on the specific WordPress setup and version, minor amendments may be necessary.

Best Practices to Implement Google reCAPTCHA in WordPress

In this section, we will explain the best practices of Google Recaptcha to secure your WordPress site.

Choose the Right reCAPTCHA

Google uses various verification methods based on the Captcha version. Choosing the right is important to ensure that visitors can easily navigate your site without repeatedly completing the security check.

Recaptcha V3 uses JavaScript API to automatically assess traffic, allowing your WordPress site to verify visitors without human contact. Depending on the score, this device will allow either any other action to access or trigger. For example, it can send an alert or start additional verification.

Its V2 has two types – an invisible badge and a checkbox. Recaptcha badge V3 works similar to one. In addition to an automated JavaScript API call, it can also run on one click.

Meanwhile, recaptcha checkbox motivates visitors to click on a verification box for verification. Depending on the evaluation, they may need to complete the additional checks or proceed on the website.

To ensure an optimal user experience, we recommend using V3 or V2 invisible badge Ricapa as they are less intruders. Visitors are less likely to complete safety verification tasks, allowing them to navigate your website basically.

However, visitors will not know that your website uses its data for verification since running in automatic recaptcha background. Provide a replication or privacy statement to ensure compliance with your WordPress site with GDPR data security laws.

Protect Multiple Site Areas

Owners of WordPress website usually add captcha to the login page to avoid brut-form attacks. However, we recommend adding it to many areas for optimal security.

He said, you should not keep it on all pages, especially if you use a recaptcha checkbox that requires user interactions. This will cause an unpleasant experience as visitors will have to complete several security checks to navigate your website.

The best practice is to keep Google Captcha in areas with significant action or a form submission. The ideal place also depends on the type of your website.

For example, the owners of the online store usually add captcha to the checkout area to avoid fake orders, while the blog is one on the blog WordPress comment form to prevent spam entries. Other general areas include registration and reset password forms.

Test Your reCAPTCHA Implementation

Improperly applied captcha can obstruct the interaction and damage your website navigation. To ensure the purposeful, always test the security facility in a development area.

This lets you check whether your captcha works without affecting the live WordPress site. There are various ways to create WordPress development sector. In hostinger, you can easily create a staging area through HPANEL with our underlying tool.

In addition, test the compatibility of safety facilities on various browsers and equipment, especially on mobile phones with small screen.


Google recaptcha is a security facility that distinguishes between humans and bot traffic. This helps your website protect from spam comments and online dangers such as brut-form attacks.

In this tutorial, we have explained how to add recaptcha to WordPress using advanced Google Recaptcha plugin and code. Both have similar results but vary in process and complexity levels.

After installing the plugin, navigate the Google Recaptcha Settings page to generate API keys. Paste credentials in plugin settings and choose where to put captcha on your website. Don’t forget to save changes.

Alternatively, more technical users can enable recaptcha by modifying the tasks of the child’s subject. PHP file. Write the code to call Google API using secret keys and specify the location of the security check on the contact form.

Ensure that you choose the right recaptcha type to maintain a spontaneous user experience and comply with data security laws such as GDPR. In addition, keep it in several areas, including important actions, such as lost password form page. In addition, test your captcha in a staging area to ensure the purposeful.


To help deepen your understanding, we will answer many common questions about WordPress Recaptcha.

How Does reCAPTCHA Protect WordPress Website?

Traditionally, recaptcha inspires users to solve a puzzle or clicks on a verification checkbox to separate from malicious bot. New versions like recaptcha badges do not require interactions and verify the request automatically based on users’ behavior.

Why Is reCAPTCHA Not Showing Up on My Website?

Ensure that your browser is updated and JavaScript is enabled in it. In addition, check if your captcha plugin causes issues of conflict or incompatibility. If you set the captcha manually, verify that the code is written correctly and secret keys are accurate.

How Do I Add Google reCAPTCHA to WordPress Without Plugins?

Open Google Recaptcha registration page and enter the necessary information like your domain. Click on submit button to generate site key and secret key. Create a WordPress child theme and edit its function. Write the code to call API using keys and insert recaptcha in your desired page.

My name is Megha, A computer science student with a passion for digital marketing and SEO, enjoys helping beginners build impressive WordPress websites.

Leave a Comment