Do you want to add CAPTCHA to the login and registration forms on your WordPress site?
Often WordPress login pages and user registration pages are prime targets for hackers, spammers, and brute force attacks. One way to avoid these attacks is by using CAPTCHA which effectively blocks spambots and protects your site from being hacked.
In this article, we will show you how to easily add CAPTCHA in WordPress login and registration form.
What is CAPTCHA?
A CAPTCHA is a computer program used to distinguish between human and automated users. It does that by presenting a test that would be quite easy for a human user to pass but way harder and almost impossible for automated scripts to get right.
In the earlier days of the CAPTCHA, users were asked to enter the text they saw in an image. This image displayed random letters, words, or numbers in a distorted style.
Later, a newer technology called reCAPTCHA was introduced.
It showed random words as a challenge and used user input to help digitalize books.
This technology was acquired by Google in 2009. Since then, it has helped digitalize thousands of books and complete New York Times archives.
However, these new CAPTCHAs were still annoying and ruined the user experience on websites.
To fix this, Google introduced “No CAPTCHA reCAPTCHA” which uses AI and user interactions to catch spambots.
It shows an easier checkbox for human users to click on. For other suspicious traffic, it would show a more difficult CAPTCHA like identifying objects in images.
That being said, let’s take a look at how WordPress websites can improve security with CAPTCHA.
Why Use CAPTCHA for WordPress Login and Registration?
WordPress login and registration pages are an easy target for spammers, wannabe hackers, and brute force attacks.
That’s because WordPress is the most popular website builder in the world, which makes it a common target for malicious attempts.
The attacker’s motivation is often to gain unauthorized access to your WordPress admin area to distribute malware. In other cases, the attacker can crash the entire network of websites hosted with a specific web hosting company to collect a ransom.
Another solution is to add a secondary layer of password protection on WordPress login and registration pages. However, the problem with this method is that you’ll have to share that second password with each user, and this simply doesn’t scale for large multi-author blogs or membership sites.
CAPTCHA provides an easier alternative to those solutions. It uses Google’s AI technologies to detect genuine visitors and present CAPTCHA challenges to suspicious users.
That being said, let’s take a look at how to easily add CAPTCHA to your WordPress site.
Default vs Custom WordPress Login and Registration Form
The default WordPress login and registration form provides a basic set of features.
The login page allows users to access the backend of your website according to their respective user roles and permissions.
The default WordPress registration form lets visitors create an account on your site.
Once they are registered, they can also login to your website’s backend and perform specific tasks allowed by their user role.
A lot of website owners want to customize the default WordPress login and registration page with their own logo, styles, etc. They use one of the many plugins to create their own custom login and registration page to replace the default ones.
Whether you’re using the default pages or custom ones, we have got you covered.
In this guide, we will show you how to set up reCAPTCHA for both default and custom login and registration pages in WordPress.
Let’s get started by adding reCAPTCHA in the default WordPress login and registration form.
Adding reCAPTCHA to Default WordPress Login and Registration Form
Once the plugin is activated, you need to visit Settings » Advanced noCAPTCHA & Invisible CAPTCHA page from your admin panel. Once done, WordPress will take you to the plugin’s general settings page.
From there, you need to choose a Google reCAPTCHA version and find reCAPTCHA API keys to enable the service on your site.
We recommend using v2 because we believe v3 is not as stable just yet.
To obtain these API keys, you need to visit the reCAPTCHA website and click on the ‘Admin Console’ button.
On the next screen, Google will ask you to sign in to your account.
Once you are logged in, you will see the ‘Register a new site’ page.
First, you need to enter your website name in the Label field. After that, you need to select a reCAPTCHA type. For example, we will choose the reCAPTCHA v2 ‘I’m not a robot’ checkbox.
Next, you need to enter your domain name under the Domains section. Make sure to enter your domain name without ‘https://www.’
The Owners section shows your email address and also lets you add a new owner.
After that, you need to check the box next to ‘Accept the reCAPTCHA Terms of Service’. Optionally, you can also check the ‘Send alerts to owners’ box to receive email alerts about suspicious traffic or captcha misconfiguration on your site.
Once done, click on the Submit button.
Next, you will see a success message along with the site and secret keys that you can use on your site.
Now you need to open your WordPress dashboard and go to Settings » Advanced noCAPTCHA & Invisible CAPTCHA page to set up Google reCAPTCHA.
Once you are on the plugin settings page, you need to choose the Google reCAPTCHA version first.
Since we’ve registered our site for Google reCAPTCHA v2 ‘I’m not a robot,’ we will select that option from the dropdown.
After that, you need to enter the site key and secret key provided by Google reCAPTCHA earlier.
Next, you will see the ‘Enabled Forms’ option. Check the box next to the forms where you want to enable the Google reCAPTCHA.
Here, we will choose the Login Form and Registration Form.
After that, you can scroll down the page to review other options. Once you’re done with the customization, click on the ‘Save Changes’ button at the bottom.
That’s it! You have successfully added reCAPTCHA in the default WordPress login and registration form. To preview it, you can open your WordPress login URL on your browser. For example; www.example.com/wp-login.php.
If you want to check the reCAPTCHA on the registration form, then click on the Register link below the login form.
After that, the WordPress registration form will open, and you can see how reCAPTCHA works.
Setting Up reCAPTCHA in Custom WordPress Login and Registration Form
As we mentioned earlier, custom WordPress login and registration forms offer more user-friendly membership options to your website visitors.
First, you can allow users to register or login to your website from the frontend. This improves user experience and lets you keep the same overall design experience across the website.
Next, it lets you add your website logo and customize the login and registration page in your style.
Creating a custom WordPress login form and user registration form is easy with the most user-friendly WordPress form plugin, WPForms.
To get started, install and activate the WPForms plugin on your WordPress site. For more details, see our step-by-step guide on how to install a WordPress plugin.
Upon activation, head over to WPForms » Settings page to enter your WPForms license key. You can get this key from your account area on the WPForms website.
After that, click on the reCAPTCHA option at the top to configure reCAPTCHA for your custom-made WordPress forms. First, you need to choose a reCAPTCHA type.
Since we chose v2 earlier, we will choose reCAPTCHA v3 here in this example, but please know that our recommendation is still v2.
After that, you will see the site key and secret key field. To get these keys, you need to register your site on the Google reCAPTCHA website.
Go to the Google reCAPTCHA website and then click on the Admin Console button at the top right corner.
After that, Google will ask you to sign in to your account.
Once done, you will see the ‘Register a new site’ page.
Enter your website name and then select reCAPTCHA v3 from the reCAPTCHA type option.
Next, you need to enter your domain name (without https://www.) as shown in the screenshot below.
If you want to add another Gmail user as the owner of the reCAPTCHA, then you can add the email address under the Owners section.
After that, you need to accept the reCAPTCHA terms of service. You can also check the box next to ‘Send alerts to owners’ option to get notification emails from Google about suspicious traffic on your site.
Once done, click on the Submit button.
After that, Google will show a success message along with the site key and the secret key to add reCAPTCHA to your site.
Now that you have the Google reCAPTCHA API keys, you need to open WPForms » Settings page in your WordPress dashboard.
Next, simply go to the reCAPTCHA tab.
On the WPForms reCAPTCHA settings page, enter the site key and secret key. Once done, save your settings.
Now that you have successfully added reCAPTCHA on WPForms, you can easily enable reCAPTCHA in your custom login form, user registration form, or any form built with WPForms.
So now let’s go ahead and create a custom WordPress registration form.
Visit WPForms » Addons page. Locate ‘User Registration Addon’ and click on the ‘Install Addon’.
After that, WPForms will download and install the addon. Once you see the User Registration Addon’s status ‘Active,’ you are ready to add a new user registration form.
Now you need to go to WPForms » Add New to launch the WPForms Builder. On the WPForms setup page, select the ‘User Registration Form’ template.
This will launch the WPForms drag-and-drop form builder.
After that, WPForms will automatically build a custom user registration form and open the Form Setup page.
Now, you can customize your form by adding new fields or editing the field options. If you like the default form, then you can use it without making any changes.
Next, you need to click on the Settings option to configure your form settings and enable the Google reCAPTCHA.
On the General Settings page, you can edit your form name, add a form description, edit the Submit button text, and more.
At the bottom, you can see checkboxes including Enable Google v3 reCAPTCHA box.
Simply check the box to enable Google reCAPTCHA in your user registration form.
Once done, click on the Save button at the top right corner.
After that, you can close the form builder by clicking on the Close button next to the Save button.
That’s it! You have created a custom WordPress user registration form and also added reCAPTCHA to it.
The next thing you need to do is add the custom user registration form on your site. You can add the form to your posts, pages, or any widget-ready area easily. For example, we will create a new page and add the form to it.
Go to Pages » Add New page from your WordPress dashboard to build a new page. On your page edit screen, click on the ‘+’ icon and select the WPForms block.
Next, you can see the WPForms widget added to your page edit screen. You just need to select the Custom User Registration Form you created earlier.
After that, the widget will automatically load the form in the page editor.
Now you can open the page on your web browser to see the custom user registration form with Google reCAPTCHA in action.
Since we chose reCAPTCHA v3 in this example, you won’t see a Google reCAPTCHA checkbox like ‘I’m not a robot’. This is because reCAPTCHA v3 works in the background, but you will still see a small badge at the bottom right corner.
The process of creating a custom login form is almost the same.
The only difference is that you need to choose the User Login Form template from the WPForms setup page.
After that, the whole process is the same. For more details, you can see our guide on how to create a custom login page in WordPress.
We hope this article helped you to learn how to add CAPTCHA in WordPress login and registration forms. You may also want to see our ultimate WordPress security guide to strengthen your overall website security.