Do you currently own or manage a website that is being targeted by spammers and bots? If you answered yes, you’ll want to read on as we will show you how you can implement a CAPTCHA system on your WordPress website.
You might be asking, should you potentially disrupt a legitimate website visitors experience with an annoying CAPTCHA form? While it is a good question, you have to factor in the experience your users would experience without a CAPTCHA system on your website.
For example, if you run a forum and spammers and bots are left unchecked, your forum will be filled with spam posts, junk advertising and even potentially malware. As a result, your website visitors may decide to find a new community to participate in and even worse, browsers such as Google Chrome might flag your website as dangerous.
A CAPTCHA (Or Completely Automated Public Turing Test To Tell Computers and Humans Apart) serve as one of the most effective ways to prevent a bot from registering on your website and causing havoc. The best part, companies know they can be an inconvenience to legitimate users and thanks to advances in technologies such as AI, CAPTCHAs can be implemented in a way that takes seconds to complete.
While no CAPTCHA system is perfect, they do provide a solid line of defense for your website.
The Benefits of CAPTCHAs on Your Website
CAPTCHAs come in various forms but their end goal is the same, to stop bots in their tracks while allowing legitimate visitors to proceed to your website. One of the more popular reCAPTCHA systems is Google Captcha, which looks something like the image below.
As you can see above, the Google CAPTCHA system, for most users would be a single click before they can proceed with their action (such as registering on your website). If reCAPTCHA can’t determine if the visitor is a bot or not, it will prompt for additional verification.
How to Implement CAPTCHAs on Your Website
Alright, so you know what a CAPTCHA is and how it works. Lets make your website secure!
The first step is to decide which CAPTCHA solution you would like to use. This article will focus on reCAPTCHA by Google simply due to its innovative advances into providing the best user experience possible.
Step 1: Register Your Website on reCAPTCHA
The first step is the easiest, you will need to register your website with reCAPTCHA in order to obtain your website keys.
To do so, follow the steps below:
- Start by visiting the reCAPTCHA signup form and click on the blue Get Started button located in the top right corner of the page.
- You may need to log in with a Google account before you are able to add your website.
- Label – Enter a label that will enable you to easily identify your Site Key to your website. We recommend entering your website name here.
- reCAPTCHA Type – reCAPTCHA v3.
- Domains – Enter your website URL address. For example, for HostDash we would enter hostdash.com.
- Click on the checkbox confirming you accept the Terms and Conditions.
- Once ready, click on the blue Submit button.
- You should now be presented with a Site Key and a Secret Key. Copy / note both of these for a later step.
Step 2: Adding the reCAPTCHA Script to Your Website
Once you have registered your website with reCAPTCHA and obtained the Site Key and Secret Key, you need to insert the reCAPTCHA script. It is recommended to place this script above the </head>tag of your website.
You will need to ensure the above snippet is reflected on every page you would like reCAPTCHA to load on. If you are using a CMS, such as WordPress, you would typically only need to enter this once and all of your website pages would be covered.
Step 3: Enabling the CAPTCHA on Your Website
The final step is to enable the CAPTCHA itself on the pages, and in the places of those pages you would like reCAPTCHA to appear. For example, the login and registration page of a website is typically the best go-to places to stop spammers and bots in their tracks.
Paste the following code snippet wherever you would like reCAPTCHA to appear:
<div class="g-recaptcha" data-sitekey="Your site key"></div>
You would need to replace Your site key with your site key obtained in Step 1.
Which CAPTCHA Don’t We Recommend?
If you decide not to use reCAPTCHA there are plenty of alternatives you can choose from. When choosing a CAPTCHA solution you want to pay special attention to how the CAPTCHA system is triggered, and how legitimate users caught in the net will be asked to complete a CAPTCHA.
Based on the above, we do not recommend hCAPTCHA. Cloudflare recently announced it is replacing Google reCAPTCHA for hCAPTCHA due to financial reasons. While this would typically be fine, the user experience from hCAPTCHA is far inferior to Google as made evident by the many complaints Cloudflare has been receiving. The last thing you want is to turn away both bots AND your legitimate website visitors.
Despite attempts by spammers and networks to bypass CAPTCHA systems, they remain a key line of defense for millions of websites across the globe, including leading technology companies. While they might not stop every spammer and every bot from accessing your website, they are a simple and efficient solution.
Our recommendation for the simplest installation, and best user experience is reCAPTCHA though there are plenty of alternative CAPTCHA systems you can choose from.