Using Google reCAPTCHA to secure forms on your site
If you have contact, registration or other forms on your website it's important to try and ensure that they are only used by humans. Robots (or 'bots') search out websites with unprotected forms - to either spam the site owner, or worse, potentially send spam to contacts registered with the site.
Google reCAPTCHA can help to stop this - either via a challenge that a human needs to complete (reCAPTCHA v2) or by monitoring the use of the site to establish human usage by score (reCAPTCHA v3). v3 reCAPTCHA is potentially less invasive as a result of its score based system - most valid human users will never see a challenge.
- To get started you'll need to visit the Google reCAPTCHA site and login - external site opens in a new window.
- You may need to click the Admin Console to view existing and add a new site.
- To add a new site enter the required details
- Label - use a name that'll make it easy for you to recognise in the future - maybe the website name or address
- reCAPTCHA type - select v3 (verify requests by score) or v2 (verify requests by challenge)
- Domains - type the domain(s) for which this reCAPTCHA will be accepted (sub-domains are included for domains entered)
- Owners - valid owner email address(es)
- Accept the terms & conditions
- Send alerts to owners - get alerts if a problem is detected with your site
- You'll then be able to view the reCAPTCHA keys
- The Site Key and Secret Keys are used within your site/plugin/extension to enable communication with Google's reCAPTCHA system. You'll need to input them as required for your circumstance.
We have separate guides on Securing Joomla forms and Securing WordPress forms.