How can I add reCAPTCHA to my WordPress comment form?

If you're tired of dealing with spam comments on your WordPress website, Google reCAPTCHA is a great solution. Google reCAPTCHA v3 scores visitors based on how they interact with your website, showing challenges only to users who get a low score.

This article will guide you through the process of adding Google reCAPTCHA to your WordPress comment form.

Did you know? 
Our reCAPTCHA Installation service can help you set up reCAPTCHA on your website, enhancing security and preventing spam.

Use the contact form for Premium Care to get details, pricing, and priority assistance.

Step 1 - Install the Advanced Google reCAPTCHA plugin

Note: Since Google reCAPTCHA v3 collects personal data from your visitors, we recommend that you look into its compliance with your regional privacy laws like GDPR, and use a consent management solution such as Termly to make your website more compliant.

Install and activate the Advanced Google reCAPTCHA plugin on your WordPress site. 

  1. In your WP Admin, click Plugins and then Add New Plugin in the menu to the left.
  2. Use the search bar to find the Advanced Google reCAPTCHA plugin.
  3. Click Install now when you have found the plugin.
  4. After the installation is finished, click Activate. The Activate button will appear in the same place where the Install now button was previously.
  5. Once activated, click Settings in the left hand menu and click Advanced Google reCAPTCHA to configure the plugin's settings.

In this guide, we will activate Google reCaptcha v3.
Screenshot of Advanced Google reCAPTCHA plugin in WP Admin, with reCaptcha v3 highlighed.

Step 2 - Register your website for reCAPTCHA API keys

The plugin requires your Google reCAPTCHA API keys, which you can get for free by registering your domain on the official website.

  1. Visit the reCAPTCHA website.
  2. Sign in with your Google account.
  3. On the Register a New Site page, provide basic information about your website.
  4. Type a (website) name in the Label field to easily identify your website in the future.
  5. Select the Score based (v3) radio button.

  6. In the Domains field, enter the domain of the website where you will use reCAPTCHA.

    Note: You can add multiple domains or subdomains by clicking on the + icon, which allows you to use the same API keys on different websites.

  7. Agree to the terms and click the Submit button to register your site.
    Screenshot of Google reCaptcha's registration page.
  8. Done! A page containing the site key and the secret key will appear.
    Screenshot of Google reCAPTCHA website showing API keys, which are provided after registration.

Step 3 - Add reCAPTCHA to Your WordPress comment form

  1. In your WP Admin, navigate back to Settings > Advanced Google reCAPTCHA page via the menu to the left.
  2. Scroll down and select Google reCaptcha v3 by clicking it.
  3. Scroll back up to Captcha and paste the site key and the secret key.
  4. Click Verify Captcha to verify that you are not a robot.
  5. Confirm with the Save Changes button.
    Screenshot of the reCAPTCHA plugin in WP Admin highlighting the fields where API keys should be entered.

  6. Open the Where to Show tab and ensure the toggle for the Comment Form is activated.

    Note: By default, reCAPTCHA is set up for login, registration, lost password, and comment form. You can turn it on or off for these areas as needed.

  7. Click the Save Changes button if you have made any changes.
    Screenshot of the "Where to show" settings in reCAPTCHA plugin.

Step 4 - Check if reCAPTCHA is working

Congratulations! You have successfully integrated reCAPTCHA into your WordPress comment form.

To confirm if it is working properly, you need to log out of WordPress or open your site in an Incognito window and then navigate to a blog post's comment section. If you selected reCAPTCHA v3 and it is working, you should see a small notification in the bottom right corner of the page. reCAPTCHA will now score users based on their interactions on your website, requiring verification only from those who get a low score.

Screenshot of a WordPress website's comment form and the reCAPTCHA notification.

Additional tips

While reCAPTCHA is a powerful tool, there are other measures you can take to combat spam further:

  • Enable comment moderation to manually approve comments before they appear on your site.
  • Consider using the Akismet plugin to automatically detect and filter spam comments.
  • Utilize premium security plugins like Sucuri to block suspicious requests before they reach your site.
  • Enhance spam filtering with plugins like Antispam Bee, which allows you to set customizable rules for spam detection.

Related articles:

Was this article helpful?

Can’t find what you are looking for?

Start a chat

It's the quickest way to get in touch, every day of the year.

Start chat

Give us a call

Available on weekdays from 10am to 2pm (UTC).

Call +44 20 8106 0910