Are you looking to prevent spam on your website? Then, maybe Google Invisible reCAPTCHA is something for you. WordPress is one of the fastest growing CMS and therefore has a quickly growing community. With community, we mean everything from blog comments, forums as well as social media websites, all based on WordPress CMS. This is, of course, great but also makes it very attractive for spammers. Security companies have been working since the start of the web to prevent and control spam on websites.
In 1997 CAPTCHA was invented to block bots by requiring a number or text to be entered before continuing a login or posting a comment. CAPTCHA has been very common ever since. The past years Google also jumped into blocking spam with their own CAPTCHA which is even more advanced than the classic ones.
Ever since CAPTCHA appeared, it’s been very appreciated and used widely. Below we will list a few improvements that CAPTCHA made the past years.
At first, when CAPTCHA released back in 1997 all it did was asking people to solve a puzzle, mostly distorted text which was hard for bots to identify.
Little later bots could not be stopped just by basic CAPTCHA, it found out how to solve the puzzles which only humans could solve before. At this time Google released their version of reCAPTCHA V2. While reCAPTCHA made it harder for bots to continue by adding a required check box, “I’m not a robot”. If Google still notices unusual behavior it will show a box with a pictorial puzzle that will ask you to select an amount of images like rivers, cars, traffic sign and more.
Google Invisible reCaptcha
To make it less frustrating for humans, Google invented another kind of CAPTCHA with the name Invisible reCAPTCHA. This CAPTCHA only displays when Google suspect that the user isn’t a human.
In this article, we will explain for you how you can integrate Google Invisible reCAPTCHA to WordPress.
If you are asking yourself “should I really install Invisible reCAPTCHA?” I would say YES, as there are no reasons not to. It’s one of the best CAPTCHAs around and the less harming one for your users as it only appears if Google thinks you’re a bot.
If you choose to install it, follow the steps below.
In this guide, we will be using the most used Invisible reCAPTCHA plugin for WordPress.
Features of the Invisible reCAPTCHA plugin
Sign-up form protection
Sign-in form protection
Comment spam protection
Forgot & reset form protection
Review form protection
Support for contact forms like Gravity Forms and Contact Form 7
Custom form protection
Install Invisible reCAPTCHA Plugin to WordPress
To install the Invisible reCAPTCHA plugin to WordPress we need to first go to WordPress Dashboard, then click Plugins > Add New and in the search box enter “Invisible reCAPTCHA“, the plugin should appear in the list, now hit “Install Now” and once done hit “Activate“.
You can now find the plugin and configure it under Settings -> Invisible reCAPTCHA.
To complete the setup of WordPress Invisible ReCAPTCHA plugin you must configure a few settings as shown below:
The settings are quite simple to setup, but one question you might ask yourself is “What are my site and secret key?”, but don’t worry, let me explain how you get that.
Site Key: This is your public key that you will generate in the next step. Secret Key: A secret key used to connect to the public key. This will also be generated in the next step. Language: There is a long list of different languages that can be used with the Invisible reCAPTCHA plugin. Badge Position: This is the position of the Invisible reCAPTCHA bag. Badge Custom CSS: You will have the option to change the layout of the badge by using custom CSS, to suit your theme as required by you.
How to get the Public Key and Secret key for Invisible reCaptcha by Google
Invisible reCAPTCHA is a product created by Google, and therefore requires a connection between your website and Google so they can communicate with each other.
To create this connection you need to login to your Google account and visit the reCAPTCHA website. Once there you will be asked to register your WordPress website with them.
Enter a label name for the connection, select Invisible reCAPTCHA and last enter the domain name of the website you want to run Invisible reCaptcha on.
Now at the bottom, accept the reCAPTCHA terms of service and hit Register.
Once done you will be redirected to a new page that contains the site and secret key for your domain.
Copy these and paste them into the correct field on the settings page for the Invisible reCAPTCHA plugin.
Change the other settings as you need and once done click Save Changes.
Okay, all set! You just connected Invisible reCAPTCHA to your WordPress website, now let’s select where you want it to work!
WordPress Invisible reCAPTCHA
On a basic WordPress website, there are a few places you can pick to run the reCAPTCHA on, such as register page, log in, comments and forgot password page.
WooCommerce Invisible reCAPTCHA
On a WooCommerce website, you can also protect product reviews as well as the regular form protection.
UltraCommunity Invisible reCAPTCHA
If you are running a community WordPress website and are using the Ultra community plugin you can enable reCAPTCHA on the login and sign-up page.
BuddyPress Invisible reCAPTCHA
On BuddyPress, only register form is supported as of today (August 31, 2017).
Google Invisible reCAPTCHA on Contact Forms
Contact Form 7 and Gravity Forms are supported, but we suggest you check the official documentation for support of other forms.
After installation of Invisible reCAPTCHA
So once you finished configuring reCAPTCHA I suggest checking so it actually works. So in this tutorial, we install it on a clean WordPress website and checked the option to run the reCAPTCHA plugin on the Login form.
Once we visit the login URL, this is what shows up:
If it looks like this for you, congrats! You just finished the Google Invisible reCAPTCHA integration.
Hide the Google Invisible reCAPTCHA badge.
If you want to hide the reCAPTCHA bag that is possible but remembers it breaks the terms and privacy conditions you approved once you signed up to use it.
Add the following line to your style.css or if you use a custom CSS file, add it there:
CAPTCHAs don’t secure your WP website, all it does it protect it from spam and bots, but bots always finds new ways to work around it so always keep the plugin up to date and run it on most common places for login attacks and spam such as Login form, Register form, comments, contact forms and more.
If you had any problems setting it up or if you have any suggestions for this tutorial, don’t mind leaving a comment.
Oskar Edin runs a web development company in Sweden, Northern Web, where he constantly works and learns new things which he later on shares with the community, here at CodeEnlightened.com. When he is not working you probably find him in his car driving around or hanging around with friends.