Installing ReCaptcha on your website can be a great way to protect yourself from spambots. Thanks to this, you can protect your project from spam comments or registrations by bots. In this article you will learn how to install this type of captcha on your website using a WordPress plugin.

ReCaptcha protection technology belongs to Google Corporation. In most cases, such a captcha is much simpler for the user, since it only requires checking a box - the system itself will check whether it is a robot or not. In some cases, the user will be required to take a simple test.

ReCaptcha to a site with the Advanced noCaptcha reCaptcha plugin

To get started, download the Advanced noCaptcha reCaptcha plugin from the link below.

Install the plugin on your website and activate. After this, a new item “Advanced noCaptcha” will appear in the console. Go to it.

You should start by obtaining the “Site Key” and “Secret key”, which must be entered into the appropriate fields in the plugin settings.

To get this data, go to here(you must be logged into Google). You will see a form that you need to fill out: in the “Name” field, write down the name of your project, in the “Domains” field - the website address. I also recommend leaving the “Send notifications to owners” checkbox, this will allow you to receive notifications if there is a suspiciously active bot attack or any errors occur.

After filling out the form, click “Registration”.

On the next page you will receive two codes that you need for the plugin to install ReCaptcha on your site. From the “Keys” section, copy the code from the “Key” field and paste it in the plugin settings into the “Site Key” field.

Then copy the code from the “Secret key” field and paste it in the plugin settings into the “Secret key” field.

• Language. I recommend leaving the ReCaptcha language on the site as default – “Auto detected”, that is, it will be detected automatically.
• Theme. There are two types of ReCaptcha design - light and dark. Choose something to match the color of your website design.
• Size. There are two types of sizes - normal and compact. Also choose regarding your design.
• Error Message. It is better to translate the error message into Russian. For example, instead of what is written there by default, you can specify “ ERROR!: Please complete the captcha correctly." Or something similar at your discretion.
• Show Captcha on. You can configure which forms will display ReCaptcha on the site, for example, login, registration, password reset, comment forms; BBPress and WooComerce plugin forms are also supported.

Captcha or “captcha” is the most common method of protection against spam bots and password guessing in website forms (comment pages, login pages, password changes, etc.) Captcha is quite effective way increasing the security of the entire site as a whole.

WordPress captcha plugins

A WordPress site, similar to sites on other platforms, also contains these pages with forms that require protection from intruders. Please note that standard WordPress tools do not have any security features for these sections of the site. Therefore, dozens of plugins have been developed and successfully used for the engine to ensure captcha functionality. Let's look at the most popular of them among users.

Google Captcha plugin (reCAPTCHA) by BestWebSoft

Detailed review and plugin configuration Google Captcha (reCAPTCHA) by BestWebSoft we discussed in one of our previous articles. It’s only worth adding that the plugin is one of the most popular among WordPress users. Its main advantage is the installation of captcha not only on everything standard pages with shapes, but also those created by hand.

Spam Master plugin

Spam Master is a functional plugin that supports captcha Google (reCapcha). Its responsibilities include protecting against millions of known spam emails, domains, IP-addresses and words, blocking user registration or leaving a comment.

Captcha Bank Plugin: Anti Spam Captcha Plugin

Captcha Bank: Anti Spam Captcha Plugin has powerful tools to protect your site from spammers without conflicting with additional plugins security.

Main features of the plugin:

• simple mathematical operations;
• text codes with the ability to customize their appearance (text color, background, style, etc.);
• complex captchas with lines, distortions, sharpness and transparency;
• regulation of captcha display on login, registration, comment forms;
• support for popular WooCommerce, BuddyPress, Contact Form 7;
• ability to disable captcha for registered users.

Captcha Code plugin

A simple Captcha Code plugin inserts captcha on all required forms. You can select the pages on which you want to install the captcha, and also specify the type of numbers and their appearance. The plugin is completely localized into Russian.

Uber reCaptcha plugin

Uber reCaptcha is a rather interesting plugin that supports audio files and images. Among the features of the add-on, one can highlight the generation of captcha image/sound type Google (reCapcha) in several specified languages. Adds protection to registration, password recovery and commenting forms.

Conditional CAPTCHA plugin

Conditional CAPTCHA is a plugin designed to install a captcha exclusively in the comment form. It works in conjunction with the plugin Akismet by showing commenters a simple captcha if they do not have pre-approved comments, or if Akismet believes their comments are spam.

The plugin can work in 2 modes: basic and Akismet Enhanced. In addition, you can use a duplicate captcha.

The plugin also allows you to customize appearance the page on which the captcha is installed.

Almost all of the plugins in this review are constantly updated, which means they can be used for a long time.

What is Captcha

CAPTCHA is a special check to remotely distinguish a person from a machine, program or script created to pass registration forms, commenting, etc. In other words, the lowest level of verification of a person on the site.

Why is Captcha needed?

In fact, captcha is becoming obsolete. Modern features allow you to cut off cars according to behavioral factor without inserting simple or complex additional tests. However, captcha is far from completely replaced. Moreover, the resources that are most susceptible to attacks only complicate the types of captchas.

Captha species

Rebus

The most complex, rarely seen species of captha. Everyone is familiar with Google services. In the captcha picture you will be asked to choose three pictures with a car or fruit.

Letter

An alphabetic or alphanumeric captcha will force you to repeat a set of numbers and/or letters in the captcha window. The numbers may be skewed.

Numbers

Same as letters.

Mathematics

Here, the user will be asked to solve a mathematical example, often a simple one. To make it more difficult, the numbers can be Roman or written in words (one plus three).

Where is captcha needed?

For global protection, which can be called paranoid, Captcha is needed in all forms of site interaction with the user. Namely

• During registration;
• Comments in forms;
• In authorization forms;
• In third-party plugin subscription forms;
• In feedback;
• In the form of a password and username reminder;
• Custom form.

WordPress system captcha

The WordPress CMS does not have an internal Captcha tool. All forms of user interaction are open to machine registration.

Note: Do not confuse machine registration with attempts to hack a site. These are different actions, although more often related to each other.

As a rule, mass, machine registration of a pseudo user is a prelude to hacking aimed at.

Captcha plugins for WordPress

I repeat, the WordPress system does not have a Captcha tool, so the desire to protect yourself from machine registration of captchas must be formalized by installing a profile plugin.

It is worth noting. You can protect yourself from machine registration without Captcha plugins by installing more serious security plugins that cut off suspicious users (one of them is below). The most famous Akismet plugin, it is recommended by WordPress.org. Read about other serious security plugins

In this article you will learn how to integrate the new reCatcha Google into WordPress login, comment, registration and password recovery forms:

There are many different solutions for blocking bots. One of the most popular until recently was ReCaptcha. It displays an image with some text and the user has to enter that text. But bot algorithms are becoming more advanced, and they have learned to break this protection.

Therefore, ReCaptcha was no longer secure. In addition, the method was quite inconvenient for users. Therefore, Google developed a new solution and called it No Captcha ReCaptcha.

In this article, we'll look at what No Captcha ReCaptcha is and how to create a plugin that integrates ReCaptcha into WordPress login, comment, registration, and password recovery forms.

Review of No Captcha ReCaptcha

No Captcha ReCaptcha displays a checkbox that prompts the user to indicate that they are not a bot. This may not seem like a foolproof solution, but Google's internal algorithms and methods can accurately determine whether a user is a bot. A new version is more convenient and safe.

Registering a site and receiving keys

For users who want to install this plugin, you need to register your site to get the site key and secret key.

You must create a settings page for the plugin that allows the WordPress admin to set the site key and secret key, which they will receive in the ReCaptcha admin panel:

function no_captcha_recaptcha_menu() ( add_menu_page("reCapatcha Options", "reCaptcha Options", "manage_options", "recaptcha-options", "recaptcha_options_page", "", 100); ) function recaptcha_options_page() ( ?>

You need to register you domain and get keys to make this plugin work.

"); echo __("Enter the key details below"); ) function display_captcha_site_key_element() ( ?> " /> " />

• We are creating a settings page in the WordPress admin panel;
• This settings page displays two fields for entering the site key and the secret key;
• These keys are saved as the WordPress site_key and secret_key parameters.

Adding No Captcha ReCaptcha to WP Comment Form

We need to integrate ReCaptcha into the comment form to prevent bots from posting spam.

Create a style.css file in the plugin folder and place the following code in it:

#submit ( display: none; )

The above code hides the button " leave a comment” in the WordPress comment form. So we place the ReCaptcha panel above the " leave a comment“by inserting the ReCaptcha button and panel manually.

Below is the code to insert ReCaptcha into the comment form:

function frontend_recaptcha_script() ( wp_register_script("recaptcha", "https://www.google.com/recaptcha/api.js"); wp_enqueue_script("recaptcha"); $plugin_url = plugin_dir_url(__FILE__); wp_enqueue_style("no- captcha-recaptcha", $plugin_url "style.css"); ) add_action("wp_enqueue_scripts", "frontend_recaptcha_script"); function display_comment_recaptcha() ( ?>

Let's look at how the above code works:

• We enable it in the WordPress interface using the wp_enqueue_scripts action;
• We also include the style.css file using the wp_enqueue_style function;
• In a comment form, we display the checkbox using the comment_form action;
• Once a comment has been submitted, the preprocess_comment filter is called before it is added to the WordPress database. Inside the filter, we check whether the user is a human or a bot. If it is a person, then a comment is returned to add it to the database. Otherwise, zero is returned to block the comment from being added to the database.

Adding No Captcha ReCaptcha to WP Login Form

We should integrate ReCaptcha into the admin login form to prevent bots from brute-force cracking passwords. Below is the code to integrate ReCaptcha into the login form:

function login_recaptcha_script() ( wp_register_script("recaptcha_login", "https://www.google.com/recaptcha/api.js"); wp_enqueue_script("recaptcha_login"); ) add_action("login_enqueue_scripts", "login_recaptcha_script"); function display_login_captcha() ( ?>

ERROR: You are a bot")); ) ) else ( return new WP_Error("Captcha Invalid", __(" ERROR: You are a bot. If not then enable JavaScript")); ) ) add_filter("wp_authenticate_user", "verify_login_captcha", 10, 2);

Let's look at how the above code works:

• We connect Google ReCaptcha JavaScript File on login, registration and password recovery pages using the login_enqueue_scripts action;
• Before receiving the final authentication result, WordPress runs the wp_authenticate_user filter to add an additional validation step. We check whether the user is a human or a bot. If it is a person we return a user object, otherwise we return an error object.

Adding No Captcha ReCaptcha to WP Registration Form

We integrate ReCaptcha into the registration form to prevent bots from creating fake accounts. Below is the code for integration:

function display_register_captcha() ( ?>

add("Captcha Invalid", __(" ERROR: You are a bot")); ) ) else ( $errors->add("Captcha Invalid", __(" ERROR: You are a bot. If not then enable JavaScript")); ) return $errors; ) add_filter("registration_errors", "verify_registration_captcha", 10, 3);

Let's look at how the above code works:

• We display the checkbox using the login_form action;
• Before receiving the final authentication result, WordPress runs the registration_errors filter to add an additional validation step. Inside this filter, we check whether the user is a human or a bot. If it is a person we return an empty error object, otherwise we add padding to the error object and return it.

Adding No Captcha ReCaptcha to the password recovery form

We need to integrate ReCaptcha into the password recovery form to prevent bots from filling out this form. Below is the code for the integration:

function verify_lostpassword_captcha() ( if (isset($_POST["g-recaptcha-response"])) ( $recaptcha_secret = get_option("captcha_secret_key"); $response = wp_remote_get("https://www.google.com/recaptcha /api/siteverify?secret=". $recaptcha_secret ."&response=". $_POST["g-recaptcha-response"]); $response = json_decode($response["body"], true); if (true = = $response["success"]) ( return; ) else ( wp_die(__(" ERROR: You are a bot")); ) ) else ( wp_die(__(" ERROR: You are a bot. If not then enable JavaScript")); ) return $errors; ) add_action("lostpassword_form", "display_login_captcha"); add_action("lostpassword_post", "verify_lostpassword_captcha");

Let's look at how the above code works.

Captcha or CAPTCHA is a computer test of the challenge-response type, which is used to determine who exactly visited the site - a person or a bot.

What is captcha for?

Typically, captchas are used on pages where you enter your login and password, as well as on forms for adding comments. This is why this is done. In the first case, such a check will protect the site login form from password guessing, and in the second case, it will prevent spam comments.

Google Captcha plugin (reCAPTCHA) by BestWebSoft

For WordPress, there are many ready-made solutions in the form of plugins that allow you to protect your site from the above-mentioned malicious influence. So, among them we should highlight a fairly popular plugin Google Captcha (reCAPTCHA) by BestWebSoft, which uses Google's captcha. It is universal, as it allows you to install the check on most sections of the site. Among them:

• registration form,
• Login form,
• password reminder form,
• form for adding comments,
• contact form,
• custom form.

So, after installing and activating the plugin, a message will appear in the admin panel that you need to obtain keys for the captcha to work.

In field Label You must enter a test name (any). You should also select the type of verification. We will use a simple verification for the user, which involves confirmation by simply selecting the required pictures ( reCAPTCHA V2).

After selecting the type of verification, you must enter the name of the site domain, and then check the box Accept the reCAPTCHA Terms of Service and press the button Register.

After saving the settings, you will be taken to a window where you will need to copy it separately (for example, to Notepad) field values Site key And Secret key.

All necessary keys have been received. Now go back to the site’s admin panel and go Google Captcha -> Settings.

Into the fields Site key And The secret key you should enter the values ​​of the lines you saved earlier ( Site key And Secret key respectively). Below, in the section Enable reCaptcha for, you need to select the pages on which the check will be enabled, and then click the button Save changes. After successfully saving the settings, you will be able to test the captcha.

If the testing was successful, then the setup is complete, and now you can go to the page you marked, where the captcha should appear.