How to add CAPTCHA protection to WordPress

The main reason for adding these features is because the WordPress login pages and user registration pages are a prime target for hackers, spammers and brute force attackers alike. The attackers usually try to gain access to the website’s admin area to distribute malware or disrupt the whole website or even collect a hefty ransom.

Due to the threats mentioned above, most websites have implemented CPTCHAs in their sites. If you encountered a situation where you had to solve a simple math problem or enter a set of letters or “prove you’re human”, – you’ve come across a CAPTCHA.

What is CAPTCHA?

A CAPTCHA or Completely Automated Public Turing test to tell Computers and Humans Apart does exactly what its full name implies. It offers a test designed to distinguish the difference between humans and bots (or other computer programs).

It is a simple test that is easy for humans to pass but almost impossible for automated scripts to get through. CAPTCHA has evolved throughout time, and now it has evolved to have hidden CAPTCHAs that can determine the difference between the user and bots just by the user’s actions.

Initial CAPTCHAs looked something like this (check picture below). It comprised an image displaying random letters and numbers in a distorted style where the user had to enter what they saw.

CAPTCHAs have been used all across the internet for some time, and the above-shown style has been the most common one. While humans can make sense of this image, automated scripts or bots have a hard time figuring this out.

But with the developments in programming, the bots started getting better at understanding this type of images and to tackle that; the pictures became more complex. This made it hard for humans to get through the CAPTCHA (It happened to me also).

While this type can be seen today, there are much simpler CAPTCHAs in place. The simpler ones included basic math problems for the user to solve.

Another type of CAPTCHA is to pick out specific images that meet certain criteria.

All these types of CAPTCHAs can be seen all over the internet today. However, there is a new, much easier CAPTCHA developed and implemented by Google known as reCAPTCHA. Here you need to check a box, and you will be approved entry to the site.

reCAPTCHA uses artificial intelligence, which monitors your mouse’s movement to determine if you’re a human or an automated script. This is easy to use for the user and provides much higher security towards the website.

Pros and Cons of using CAPTCHA

Advantages:

• Provides an extra layer of security
• Stops malicious bots from creating spam
• Stops attackers from accessing personal information

Disadvantages:

• It might come across as “annoying” to users
• Not all CAPTCHAs are foolproof.
• Negatively impact the user experience.

What is Google reCPATCHA?

In 2014, Google released its No CAPTCHA reCAPTCHA, a successor to the distorted word and image tests it had been using since 2007. The new system requires users to select a checkbox next to the words “I’m not a robot” to confirm their legitimacy:

This is far easier and faster than more traditional CAPTCHAs and accessible to a wider range of users. What’s more, Google has continued to improve this technology. In 2018, it also released what’s been termed an “invisible CAPTCHA “, which can detect bots without requiring any deliberate action on the part of users.

In this tutorial, we will add the reCAPTCHA plugin to your WordPress site. Implementing Google reCAPTCHA v2 or v3 should help to make your site more enjoyable and accessible for users.

How to add reCAPTCHA protection to your WordPress site

Step 1: Log in to WordPress as the administrator.

Step 2: On the left-hand menu, scroll down to Plugins and click on Add new

Step 3: In the search box, type in “google captcha”

Step 4: Press Enter.

Step 5: Find the Google Captcha (reCAPTCHA) plugin and click on Install Now.

Step 6: Once the plugin is installed successfully, head over to the menu on the left-hand side. Scroll down to Plugins and select Installed Plugins.

Step 7: Find the Google Captcha (reCAPTCHA) plugin, and click Activate.

Step 8: Click on Settings, as shown in the picture below.

Step 9: To use Google-captcha, you will need to create a public and private key. To get these keys to click on Get the API Keys.

Step 10: Now, you will be redirected to Google. On the appeared page, enter an optional name on the first text box and then enter your domain name in the second text box.

Step 11: After you receive your keys from Google, type the site key into the Site Key text box and type the secret key into the Secret Key text box.

Step 12: Under Options, select the settings that you want, and then click Save Changes.

Step 13: CAPTCHAs are now activated on your site. To test this, go to your WordPress site’s login page WordPress displays a CAPTCHA on the login page.

Summary

We hope that this tutorial helped you in setting up reCAPTCHA on your WordPress website. As a user, the CAPTCHAs can come across as annoying (especially when implemented poorly), but the benefits outweigh the slight inconvenience.

To make the most of your CAPTCHAs, you’ll want to use them sparingly on sensitive pages like registration and login forms. If you can leverage the advantages of CAPTCHAs without negatively impacting your site’s user experience, you’ll be adding a valuable layer of security.