Last updated on November 27th, 2024 at 12:01 pm
Protecting my website’s contact form from spam is a fundamental practice for WordPress security. But I had let it sit on my to-do list for years, to the point of embarrassment. Running a website business but not taking the time to do the basic thing right? What kind of a developer am I?
The kind that needs to practice what I teach more–obviously! So, here I am.
I sat down and set up reCAPTCHA v3 in one sitting. It has helped protect my contact form from spam since. This post will explain what reCAPTCHA is, how it works, why it matters, reCAPTCHA alternatives, and I’ll share the 2 steps I took to install it on my website.
What the heck is reCAPTCHA?
Here’s the mouthful full name of CAPTCHA, “Completely Automated Public Turing test to tell Computers and Humans Apart.” That’s self-explanatory enough. How about reCAPTCHA? reCAPTCHA is a free (up to 1 million assessments/month) CAPTCHA service provided by Google that blocks spam and other attacks off of websites.
How does reCAPTCHA work?
As of March 2024, there are two versions of reCAPTCHA: reCAPTCHA v2 and reCAPTCHA v3. reCAPTCHA v2 verifies a submission by providing a checkbox asking whether you’re a robot. Meanwhile, reCAPTCHA v3 verifies the submission in the background using a score. This means it won’t disrupt user experience like v2. However, if reCAPTCHA v3 can’t determine if the submission is from a human or a robot, it will present the user with a challenge. These challenges are easy for humans to solve but difficult for automated systems like bots.
Why does reCAPTCHA matter?
Cyberattacks have grown alongside the advancement of technology. They will always take advantage of weak and vulnerable platforms. If your website has a contact form that is not guarded with proper security layers, such as having reCAPTCHA to block spam, it becomes an easy target.
Note: Besides the contact form, many other entry points to your website should be protected, such as the login page, registration form, etc. In this post, I’ll focus on the contact form as it’s the most common one we tend to overlook.
The impact of spam attacks can range anywhere from annoyance to serious legal issues. For example, it could clutter up the website and drain your server storage. It could inject malware or phishing links that lead to data breaches. Or it could gain control of your website and database through a brute force attack (using bots or scripts to guess usernames and passwords until the correct ones are found).
reCAPTCHA adds a layer of security against spam submissions and other cyberattacks, helping to make your website trustworthy.
Are there other alternatives to reCAPTCHA?
Yes, there are plenty of them such as hCAPTCHA, MTCaptcha, etc. Not all of them are free. If you’re curious about the differences between reCAPTCHA and these services, I recommend reading this article by BlogVwant.
How to set up reCAPTCHA on your WordPress Contact Form 7? (2 steps)
Step #1: Register your site and get keys from Google’s reCAPTCHA to connect it to your site.
Go to reCAPTCHA Admin Console (sign in with your Google account) > Follow a few prompts (I always go with reCAPTCHA v3.) > submit your registration. Then you will get a site key and a secret key.
Note: The site key is used to trigger reCAPTCHA on your site. The secret key is used to analyze your user’s submission by communicating between your site and the reCAPTCHA server.
Step #2: Connect Google’s reCAPTCHA with your Contact Form 7.
On your WordPress Dashboard, go to Contact > Integrations. Insert the keys from your reCAPTCHA Admin Console and integrate.
Note: You can view visual instructions by following this guide: Contact Form 7’s reCAPTCHA (v3) setup guide or dive deeper into Google’s reCAPTCHA v3 doc.
Lastly…
Now that you’ve set up reCAPTCHA on your contact form, you can feel a bit more relieved knowing it’s protected. Your inbox would appreciate your action. Have you already set up reCAPTCHA on your contact form? Do you use reCAPTCHA or another CAPTCHA service? How did it go? Let me know 🙂