Title here
Summary here
Google reCAPTCHA
Google reCAPTCHA is the most widely used CAPTCHA service, protecting millions of websites from spam and abuse. This module adds reCAPTCHA to WordPress core forms and integrates with popular form plugins.
Use Cases
- Protect login forms from automated attacks
- Prevent spam user registrations
- Block comment spam without manual moderation
- Secure contact forms from bot submissions
reCAPTCHA Versions
| Version | User Experience | Best For |
|---|---|---|
| v2 Checkbox | User clicks “I’m not a robot” | Visible verification, highest accuracy |
| v2 Invisible | No visible widget, challenge only if suspicious | Clean forms, good accuracy |
| v3 | Completely invisible, score-based | Best UX, requires score threshold tuning |
Getting API Keys
- Go to Google reCAPTCHA Admin
- Click the + button to register a new site
- Choose your reCAPTCHA type (v2 or v3)
- Add your domain(s)
- Copy Site Key and Secret Key
- Paste them in module settings
Make sure to select the correct reCAPTCHA type when registering. v2 keys won’t work with v3 settings and vice versa.
Protected Forms
WordPress Core Forms
| Form | Setting |
|---|---|
| Login | protect_login |
| Registration | protect_registration |
| Password Reset | protect_password_reset |
| Comments | protect_comments |
Switchboard Integrations
| Integration | Setting |
|---|---|
| Simple Forms | protect_simple_forms |
| Magic Login | protect_magic_login |
Third-Party Forms
| Plugin | How to Add |
|---|---|
| Contact Form 7 | Add [switchboard_recaptcha] tag to your form |
| Fluent Forms | Add “Google reCAPTCHA” field from Advanced fields |
Settings
| Setting | Type | Default | Description |
|---|---|---|---|
| Site Key | Text | — | Your reCAPTCHA public site key |
| Secret Key | Text | — | Your reCAPTCHA secret key |
| Version | Select | v2 Checkbox | reCAPTCHA type to use |
| v3 Score Threshold | Number | 0.5 | Minimum score for v3 (0.0-1.0) |
| Theme | Select | Light | Light or dark widget theme |
| Language | Select | Auto | Widget language (auto uses WP locale) |
| Skip Logged-in Users | Toggle | On | Don’t show CAPTCHA to logged-in users |
| Error Message | Text | Custom | Message shown on verification failure |
v3 Score Threshold
reCAPTCHA v3 returns a score from 0.0 (likely bot) to 1.0 (likely human):
| Score | Likely User Type |
|---|---|
| 0.9+ | Very likely human |
| 0.7-0.9 | Probably human |
| 0.5-0.7 | Uncertain |
| 0.3-0.5 | Suspicious |
| Below 0.3 | Likely bot |
The default threshold of 0.5 is a reasonable starting point. Lower it if legitimate users are being blocked; raise it if you’re still getting spam.
Contact Form 7 Integration
- Enable “Contact Form 7” in module settings
- Edit your CF7 form
- Add the tag:
[switchboard_recaptcha] - Place it before the submit button
Example:
[text* your-name]
[email* your-email]
[textarea your-message]
[switchboard_recaptcha]
[submit "Send"]Fluent Forms Integration
- Enable “Fluent Forms” in module settings
- Edit your form in Fluent Forms
- Find “Google reCAPTCHA” under Advanced fields
- Drag it into your form
Badge Position (v3)
For invisible v3 reCAPTCHA, you can choose where the badge appears:
- Bottom Right — Default, floating badge
- Bottom Left — Floating badge on left
- Inline — Badge inline with form (hides floating badge)
If you hide the reCAPTCHA badge, Google requires you to include their branding and links in your privacy policy.
FAQ
Should I use v2 or v3?
v2 Checkbox is more visible but has highest accuracy. v3 is invisible but requires threshold tuning. Start with v2 Checkbox if you’re unsure.Why are legitimate users failing reCAPTCHA?
For v3, try lowering the score threshold. For v2, users on VPNs or with certain browser extensions may trigger challenges more often.Can I use this with Cloudflare Turnstile?
Having both enabled will cause conflicts. Use one CAPTCHA solution, not multiple.Does reCAPTCHA slow down my site?
reCAPTCHA scripts are loaded asynchronously and cached. Impact is minimal, but v3 does load on every page where it’s needed.Is reCAPTCHA GDPR compliant?
reCAPTCHA collects user data and sends it to Google. You should disclose this in your privacy policy. Consider Cloudflare Turnstile for a more privacy-focused alternative.reCAPTCHA requires your site to be publicly accessible. It won’t work on localhost or development environments without special configuration.
PRO
Upgrade to Pro
Get access to all 166 modules with a single license