Skip to main content

Combat WordPress website form spam with Google reCAPTCHA

Getting website form submissions with garbled text or spam content? Spambots scour the web, filling in site forms and trying to get you to click spurious links in email notifications.

Adding reCAPTCHA by Google to your site can help combat spam submissions.

Verification options (we recommend v3):

  1. v3: Using the reCAPTCHA v3 that verifies requests with a score.
  2. Checkbox (V2): Using the reCAPTCHA v2 that validates request with the “I’m not a robot” checkbox.
  3. Invisible: Using the reCAPTCHA v2 that validates requests in the background with the Invisible reCAPTCHA badge.

Option A: Done for you

Follow steps 1-4, then:

  • Use reCAPTCHA v3
  • Provide us with the Site Key and Secret Key
  • Let us know if it is a checkbox or invisible validation
  • Please put these details in Basecamp (if you have an active project), open a support ticket or send via Privnote.comDo not send via email.

Option B: Do it yourself

Follow steps 1-9


  1. Create a free account for Google reCAPTCHA.
  2. Click the v3 Admin Console link at the top menu.
    Google reCaptcha Admin Console
  3. Register the site where you want to use reCAPTCHA. To identify your site, insert a label, which could be a nickname or the website URL. Google reCaptcha Register site
  4. Choose reCAPTCHA v3, and you will receive a Site key and a Secret key for the site.
  5. Go to your site’s Forms → Global Settings → reCAPTCHA. Insert your Site key and Secret key.
    Add Spam Google reCaptcha key
  6. Set the reCAPTCHA type to v3.
  7. Set the default language for your reCAPTCHA.
  8. If you are using multiple reCAPTCHA fields on one page, you must check the option for Allow multiple reCAPTCHAs to be used on a single page.
  9. Add the reCAPTCHA field to each form you would like protected.
    Add Spam Google reCaptcha field
    If this is a multi-paged form, place the reCAPTCHA on the last page.