Spam comments are the worst. They’re like uninvited guests scribbling nonsense all over your carefully built website.
We’ve helped manage hundreds of WordPress sites over the years, and frustration about spam comments is one of the most common complaints we hear from site owners.
But you don’t have to disable comments altogether just to stop the bots. There’s a better solution: reCAPTCHA.
Think of reCAPTCHA as a security guard for your comment section. It uses smart puzzles and simple challenges to make sure only real people, not bots, can leave comments on your posts.
In this guide, we’ll show you how to easily add reCAPTCHA to your WordPress comment form. This way, you can keep the spam out and let genuine conversations flow. 🛡️
What Is Google reCAPTCHA?
Comment spam is a problem on many WordPress websites. Akismet, the popular spam filtering service for WordPress, blocks about 7.5 million spam comments every hour.
reCAPTCHA is one of the best ways to fight it. reCAPTCHA is an advanced form of CAPTCHA that can distinguish between robots and human users.
In fact, CAPTCHA is an acronym for ‘Completely Automated Public Turing Test to Tell Computers and Humans Apart’.
Google acquired CAPTCHA technology in 2009 and then later rebranded it as reCAPTCHA. They also made it easier for human users to easily pass the test.
To pass the test, users are required to click a checkbox indicating they are not a robot. They will either pass right away or be presented with a set of multiple images where they will need to click on matching objects.
Google has made reCAPTCHA publicly available so that website owners can use it on contact forms, login pages, and comment forms to reduce spam.
It is also super easy to set up and add to WordPress comment forms!
With that said, we’ll show you how to easily add reCAPTCHA to a WordPress comment form with step-by-step instructions. Here’s a quick overview of all the topics we’ll cover in the following sections:
Let’s get started!
Installing a WordPress reCAPTCHA Plugin
The first thing you need to do is install and activate the Advanced Google reCAPTCHA plugin. You can see our step-by-step guide on how to install a WordPress plugin for detailed instructions.
Upon activation, you need to visit the Advanced Google reCAPTCHA page to configure the plugin’s settings.
The plugin will ask you to provide Google reCAPTCHA API keys. You can create these keys for free from the official reCAPTCHA website by clicking the ‘register your domain’ link at the top of the screen.
Registering Your Website to Get reCAPTCHA API Keys
The ‘register your domain’ link will take you to the Google reCAPTCHA website, where you can register your site to work with reCAPTCHA.
You will be asked to sign in with your Google account. After that, you’ll see the ‘Register a new site’ page, where you need to provide some basic information to register your site.
First, you need to type your website name or any name of your choice in the ‘Label’ field. This will help you easily identify your site in the future.
Next, you need to select the ‘Challenge (v2)’ radio button. This will open up 2 new options.
Since you want to add the reCAPTCHA checkbox to your site, you need to select the first option, ‘I’m not a robot Checkbox’.
When you scroll down, you will see the ‘Domains’ textbox. This allows you to add the domain name of your website where you would like to add the reCAPTCHA checkbox.
You can also add multiple domains or subdomains by clicking on the plus (+) icon. This will allow you to use the same API keys on different websites.
Once you have filled out the form, you can click on the ‘Submit’ button to register your site.
Google reCAPTCHA will now show you a success message along with the site key and the secret key on this page.
You can now use these API keys in the plugin settings on your WordPress website.
Adding reCAPTCHA to a WordPress Comment Form
Now, you need to head back to the Advanced Google reCAPTCHA page in your WordPress admin area.
On the settings page, you need to paste the site key and the secret key.
Next, make sure that the ‘Enable for Comment Form’ box is checked.
By default, reCAPTCHA will be used on the login page, registration page, lost password page, and comment form. You can check or uncheck the boxes to enable the options you need.
Once you are done, don’t forget to click the ‘Save Changes’ button at the bottom of the page to store the API keys and enable reCAPTCHA.
Congratulations, you have successfully added reCAPTCHA to your WordPress comment form. You can now check the comment section of your blog posts to confirm that it’s working.
💡 Note: The reCAPTCHA checkbox will be displayed only to logged-out users. To preview reCAPTCHA, you will need to either log out of WordPress or open your website in an Incognito window in your browser.
Bonus Tips: More Ways to Combat Comment Spam in WordPress
reCAPTCHA is just one way to combat comment spam on your website. Here are a few more.
Your first step should be to turn on comment moderation. This will give you the opportunity to view and approve comments before they are displayed on your website.
You can also use the Akismet plugin to automatically catch the most common types of spam comments by checking a global spam database. Akismet comes preinstalled with WordPress, but it is not activated by default.
Better still, the premium Sucuri plugin allows you to block suspicious requests before they even reach your website. This prevents automated bots and scripts from submitting comments at all. We use it on all our websites.
You can also block spam comments using the Antispam Bee plugin. It lets you set rules about which users to trust, such as approved commenters or commenters with a Gravatar. You can also create rules that mark comments immediately as spam, such as when they contain code.
You can learn about these methods and many more in our expert pick of tips and tools to combat comment spam in WordPress.
Expert Guides on Improving the Comment Experience in WordPress
We hope this tutorial helped you learn how to add reCAPTCHA to the WordPress comment form of your website. You may also want to see some other articles related to improving the comment experience in WordPress:
- How to Create a Recent Comments Page in WordPress
- How to Make Blog Post Comments Searchable in WordPress
- How to Allow Your Users to Subscribe to Comments in WordPress
- How to Allow Users to Like or Dislike Comments in WordPress
- How to Highlight Author’s Comments in WordPress
- How to Allow Users to Edit Their Comments in WordPress
- How to Add Custom Fields to the Comments Form in WordPress
- How to Remove Website URL Field From WordPress Comment Form
- How to Completely Disable Comments in WordPress
- Best Plugins to Improve WordPress Comments
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Jiří Vaněk
I used to use WP Armour before, but unfortunately, some spams started getting through which I had to delete. So, I also set up reCAPTCHA following your instructions. However, I would like to ask: Will it cause any problems on the website if I use two anti-spam solutions? One was insufficient and occasional spams got through. The situation improved after implementing reCAPTCHA, but I’m concerned it might block legitimate comments or forum discussions.
WPBeginner Comments
It shouldn’t conflict, but it may be a good idea to test this kind of setup on you site to make sure it works properly.
Jiří Vaněk
Thank you for your response. I tested everything and also consulted with the plugin support, and it seems to have worked. Both solutions are cooperating and have mutually strengthened the website’s security against spam. I feel that after several months, regular comments are coming through fine, and the spam has stopped. So, for me, the functionality is great. Thank you for your time, response, and answer.
THANKGOD JONATHAN
Easy setup and it just works! reCAPTCHA has significantly reduced spam on my blog.
Spam comments are a thing of the past thanks to reCAPTCHA! My comment section is finally clean and engaging.
Ahmed Omar
it is really an important point in site protection against spam comments and subscription.
I faced this problem few days ago, and the only solution was to put recaptcha.
Thank you
WPBeginner Support
You’re welcome, glad our guide could help include it!
Admin
Ralph
I have Akismet plugin and it is great. Over 5 years of blogging on current blog and over 2200 comments i have little to no spam. And even if, it always go to the spam folder, so i don’t have to worry about it, as noone can see it.
reCAPTCHA can be annoying for readers as it sometimes lag and doesn’t work. I prefer tip you provided with content must be manually approved. I must aprove first comment from particular e-mail and then it accepts that person every time. Never had problems with that.
WPBeginner Support
It is always a question of personal preference but as long as you have found the way that works for you
Admin
afdhal
thanks for the tips! no more bot in my comment.
WPBeginner Support
Glad you found this recommendation helpful
Admin
Moh
Why don’t you have CAPTCHA here on your website?
WPBeginner Support
We are trying other tools on our site, there’s nothing wrong with using CAPTCHA but it is personal preference if you use it.
Admin
Simon Griffiths
The plugin you recommend looks like it’s not supported anymore. Are there any others?
WPBeginner Support
We will be sure to take a look and update our suggestion should we find an alternative we would recommend.
Admin
Jack
Perfect! One huge WordPress annoyance will be gone!
WPBeginner Support
Glad our guide was helpful
Admin
jodarove
Thank you! very helpful!
WPBeginner Support
You’re welcome
Admin
Duncan McCormack
re the reCAPTCHA section when you visit the plugin it says at the top: This plugin hasn’t been tested…
Is this still the best Plugin to use? Is it safe? Or is there now a better one out there?
Cheers, Duncan.
WPBeginner Support
For the not tested warning, you would want to take a look at our article below for our recommendations on this:
https://www.wpbeginner.com/opinion/should-you-install-plugins-not-tested-with-your-wordpress-version/
Admin
Steve
I followed the instructions exactly and the reCaptcha button will not appear on my site at all. Signed out of WP. Incognito window. nothing.
WPBeginner Support
Please reach out to the plugin’s specific support to see if this could be due to a conflict between your specific theme and the plugin itself.
Admin
Desi
This plugin is no longer working. I have installed it and none of the buttons will toggle.
WPBeginner Support
You would want to reach out to the plugin’s support and let them know to help remove the issue.
Admin
DonDee
FYI… The new v3CAPTCHA does not provide a clickable “I am not a Robot” conformation. The only way to tell if it’s running on the site is a CAPTCHA icon floating in the lower right hand side of the screen on the site you’re on.
WPBeginner Support
Thanks for sharing this for anyone using v3
Admin
Pradeep Singh
Hello
If I am using Akismet antispam plugin still I need to use reCaptcha technology?
Thanks
WPBeginner Support
That would be a personal preference question, both are tools to help prevent spam and will work together.
Admin
pepe
The recaptcha is not showing!
help!
WPBeginner Support
You may want to check your site in an incognito browser where you’re not logged into your site to make sure it isn’t hiding for your admin user.
Admin
bob martin
Help! I clicked on save api keys button like tutorial said and now my site isn’t working at all.
WPBeginner Support
It would depend on what your error is for the cause and possible solution, for a starting point you would want to take a look at our guide here: https://www.wpbeginner.com/beginners-guide/beginners-guide-to-troubleshooting-wordpress-errors-step-by-step/
Admin
Eva Live
Does this mean if I use this, I don’t really need to moderate all comments? I don’t like that comments don’t show up as soon as they are posted, it has to wait until I get around to reviewing comments.
WPBeginner Support
You would still need to moderate comments, reCAPTCHA is a way to prevent spam from bots but there can be other comments you don’t want on your site
Admin