WordPress is the most commonly used content management system in the world. It powers about 74.6 million websites. Being so popular it is also a common target for hackers. The most common hacking attempt against WordPress is the brute force attack. This is basically a method where the attacker tries multiple combinations of usernames and passwords until the right combination is obtained. Automated programs known as bots carry out these attacks. These bots also fill in different forms in our website with junk data and submit it. Such requests from the bots may overload our servers. This may slow down or even crash our website.
One of the easiest ways to prevent such attack on our website is to improve WordPress security with Google reCaptcha. In order to provide additional security, we may also consider adding Google Authenticator to our login screen. In this blog, I will explain the step by step process to enable reCaptcha and to add it to the different forms on our website.
Step1: Install the reCAPTCHA plugin by BestWebSoft.
Step2: Before using this plugin we have to first generate reCaptcha keys from Google. These keys are a set of two unique values provided by Google, which is used to identify our website. For obtaining these values got to Google reCaptcha website and sign in using our Gmail credentials.
Step3: Here we have to register our website. The registration form is as shown below.
![Captcha Captcha](https://cdn3.wpbeginner.com/wp-content/uploads/2019/05/activate-google-recaptcha-on-your-site.png)
We have to provide a label name which is just for identifying our reCaptcha. Then we have to choose reCAPTCHA v2 option from the type of reCaptcha. We have to also add our website address to the domains section. After this, we have to accept the terms and conditions option and click the register button.
Step4: Once the registration is complete we will get two unique values Site Key and Secret Key as shown below. Copy these values to a notepad.
Step5: Now we have to go to the settings option of reCaptcha plugin in our admin dashboard.
How to Integrate Google Invisible reCAPTCHA on WordPress Login If you’re looking to protect your WordPress site against brute force attacks, you can add features like a CAPTCHA or honeypot on your login page or enable 2-factor authentication. The code below is an example of how to add Google’s invisible reCAPTCHA to your WordPress login. If you’re like me and like to try avoiding WordPress bloat by avoiding plugins for simple processes, then I have some simple code for you to use to put an extra hurdle in the way of SPAMmers trying to register with your website. Adding a reCAPTCHA form is simple and easy and will take no more than 5 minutes to achieve.
Step6: Here we have to enter the two values that we have noted before.
Step7: A test reCaptcha button will appear as shown below.
Once we click this button a reCaptcha appears.
We have to select the correct images and click verify. Then we have to click test verification button.
After the verification, a success message appears as shown below.
Step8: Now we can choose from the forms listed under general settings to enable reCaptcha. Then we have to save the changes by clicking the save changes button.
That is all we have to do to enable reCaptcha. Now let us check the different forms that we have selected before.
Step9: First let us see the comments form in our blog.
As we can see Google reCaptcha option is now available for this form. Now let us submit this form by filling in all the other required fields but without validating the captcha. An error message screen will appear as shown below.
The same reCaptcha option is now available to login, password reset and registration forms as shown below.
Thus by using the Google reCaptcha plugin, we easily have added an additional layer of security to our blog.
Note: Although the use of this plugin protects our site against spam form submission and comments there are several security threats out there that are not covered. So if we are very serious about our blog’s security then it is better to use a plugin like Sucuri to protect our site from such advanced attacks.
Installing a captcha plugin on your WordPress site is something you can’t overlook otherwise spammers will turn your blogging experience into a nightmare.
In this tutorial, we will see how to protect your blog from spam comments with BestWebSoft captcha WordPress plugin.
Here are the topics we will discuss:
- What is Captcha anyway?
- WordPress Captcha Plugin
- General Settings
- Google Captcha Shortcode
What is Captcha anyway?
Captcha is a utility or code which tests “human activity” by showing math logic, distorted letters to fill in exactly or a combination of pictures. It keeps automated programs or spam bots away from your website to make comments and ruin your website by other means.
Here are some captcha examples from around the web:
WordPress Captcha Plugin
WordPress doesn’t come with a captcha pre-installed. You have to implement a captcha plugin yourself to protect your forms which are exposed to visitors or even subscribed users.
The best captcha plugin we have found for WordPress is by BestWebSoft. Its free, easy to configure and work out of the box. The plugin implements Google reCAPTCHA technology which is a nightmare for spammers and hard to bypass.
It will show the popular I’m not a robot captcha box to let users proceed after filling out forms on your website.
Let’s see a step-by-step process:
1. From your backend admin dashboard, install and activate BestWebSoft captcha plugin. See how to install a plugin in WordPress for more details.
2. Once installed, settings will be available under Google Captcha main menu.
3. To activate captcha box, you need to register your website with Google reCAPTCHA service. In return, Google will provide you two API keys, a Site Key and a Secret Key which you have to fill in back here in the plugin settings.
4. Click Get the API Keys link under Authentication and get your keys by filling in the form on Google reCAPTCHA website.
5. Once you get the API keys, enter them back in the plugin settings and click Save Changes button at the bottom.
Amazingly you are done. You don’t have to touch any other settings.
Save Google reCAPTCHA API keys on your local computer also for later use.
General Settings
Under General settings, you can see that the captcha has already been enabled for the login form, registration form, reset password form and comments form.
External plugins are also supported however you have to upgrade to Pro version.
More settings include hiding captcha for the administrator, editor or other accounts.
Under reCAPTCHA Version settings, keep the value at Version 2 which is simply an I’m not a robot checkbox unlike Version 1 where visitors will be shown distorted letters to fill in a text field.
Keep reCAPTCHA settings at Version 2 which is an easy captcha method for better user engagement.
Here is how your website login page looks like after installing captcha:
Adding captcha in WordPress login page will implement an extra layer of security.
Google Captcha Shortcode
One nice feature of this plugin is to add captcha to your posts or pages using a shortcode [bws_google_captcha]. It is also applicable to those posts and pages where you are taking any input from your visitors.
Additional Reading
Conclusion
We hope the article would be helpful to install and enable captcha plugin in your WordPress blog to protect it from spamming. Installing captcha will not take more than five minutes but save you many hours required to delete spam comments.
Last thing, please don’t forget to share this article and follow us on Twitter and Facebook