How to Add CAPTCHA in WordPress Forms Free? (Step-by-step)

Frustrated with all the spam on your website? We feel you! That’s why let’s learn how to add CAPTCHA in WordPress forms for free.

Every time you check your dashboard, there’s a new batch of spammy contact form submissions, suspicious login attempts, or fake comments. It’s not just annoying, but it’s also dangerous. 

These bots can compromise your website’s performance, waste your server resources, and even expose you to security threats. 

But, the good news? 

You don’t need to be a developer or spend money to put an end to it. Adding CAPTCHA to your WordPress forms can create a powerful barrier between your site and spam bots.

And the best part? You can do it all with just a few clicks.

So here, we’ll learn how to add CAPTCHA in WordPress forms. 

Why Add CAPTCHA in WordPress Forms?

If you have a website, then you know all the spam issues on your WordPress website, with all the flooding comments, emails, etc. 

Isn’t this scary?

But there is a solution!

One of the most efficient ways to stop spam is to add CAPTCHA in WordPress forms. It helps you:

• Build a barrier against automated bots that flood your forms with spam.
• You’ll protect your site against brute-force attacks and data breaches.
• This will help to gain your users’ trust, as visitors are more likely to engage with your site when they see security measures.
• It also helps save your server resources by filtering out bot traffic so your genuine users have a smooth experience.
• And the real users’ data helps maintain the quality and reliability of your site’s information.

So, why not add CAPTCHA to WordPress forms?

How to Add CAPTCHA in WordPress Forms?

Now, let’s learn how to add CAPTCHA in WordPress forms easily.

1. Add CAPTCHA in WordPress Contact Forms

First, we’ll learn to add CAPTCHA to WordPress contact forms. For this guide, we’ll use WPForms to add a contact form and CAPTCHA. Yes, you’re right, with this form builder, you don’t need an extra plugin to add CAPTCHA.

Moreover, WPForms offers multiple spam protection options, including Google reCAPTCHA, hCAPTCHA, and Cloudflare Turnstile, all available even in the free version. 

If you’re looking for a Custom CAPTCHA tailored to your needs, then that feature is available with the premium version only. 

For this guide, we’ll be using the free version, and we’ll be adding Google reCAPTCHA in our contact form.

So, let’s see how to do it!

To get started, install and activate WPForms in your WordPress dashboard. 

If you’re new to this, then check out our article on how to install WordPress plugins. 

Once done, let’s add a contact form. Go to “WPForms > Form Template”. Choose a contact form and hit the “Create Form” button. 

Now you can add or remove fields and edit their labels. Once done, hit the “Save” button. 

Your simple contact form is ready. Now, to add CAPTCHA, go to “WPForms > Settings > CAPTCHA” option from your dashboard. 

There, you get to choose different types of CAPTCHA: hCaptcha, reCAPTCHA, and Turnstile. 

We’ll go with the reCAPTCHA here. Scrolling down, you get to choose the type of reCAPTCHA. Here, let’s go with the Checkbox reCAPTCHA v2.

Next, you must set up reCAPTCHA in your Google account to generate the required keys. To start this setup process, go to Google’s reCAPTCHA admin console. 

You’ll be asked to sign in to your Google account here. If you’ve never set up reCAPTCHA before, then you’ll be directed straight to the reCAPTCHA setup form.

Now you need to fill out each field in this form.

• Label: This is only visible to you, so enter the website name.
• reCAPTCHA type: Select the version of reCAPTCHA that you’d like to use.
• Domains: Enter the URL where you’ll be using reCAPTCHA. 

Note: Do not include “http://www” at the start (for example, sitenerdy.com would be accepted, but https://sitenerdy.com or www.sitenerdy.com would not).

Once the form is complete, go ahead and click the “Submit” button.

After the registration is complete, you’ll see a page with the keys for your website.

Copy the Site Key and Secret Key. 

Then, go to your WordPress dashboard, “WPForms> Settings”, and click on the “CAPTCHA” tab. 

From here, scroll down and paste these keys into the corresponding Site Key and Secret Key fields.

You can also adjust other reCAPTCHA settings optionally.

• Fail Message: This error will display to any user who does not pass reCAPTCHA’s verification test.
• No-Conflict Mode: If reCAPTCHA is being loaded more than once on your site, then it can prevent reCAPTCHA from working correctly. No-Conflict Mode will remove any reCAPTCHA code that WPForms does not load. 

Now, click the “Save Settings” button at the bottom of this page to store your settings changes.

Right after saving, you’ll see the preview of your CAPTCHA in your WordPress contact form. 

Now that you’ve set up your reCAPTCHA keys, you’ll be able to add reCAPTCHA to any of your WPForms. To do this, go ahead and create a new form or edit an existing one.

After you’ve opened the form builder, look under the “Add Fields” section and click on the reCAPTCHA field. Then hit the “Save” button. 

Finally, the reCAPTCHA will be tested to see if it looks and works as expected. For this, you must submit the form for the reCAPTCHA verification process.

As you can see in the image above, we’re asked to check the box to verify whether it’s human. If you see this, then your reCAPTCHA is working correctly.

Do you want a more detailed guide on adding a contact form? Then, check our article on how to add a contact form on a WordPress website.

2. Add CAPTCHA in WordPress Login and Registration Forms

The login and registration form is crucial for any site, and it’s important if your site is a subscription/membership site.

Because think, how much and what kind of spam can harm your site in a day, while you are expecting it to be from your genuine users/customers. 

Therefore, by adding CAPTCHA to registration and login forms, you can block spam registrations. Not just that, it’ll protect user accounts from malicious login attempts.

So, let’s add one today!

For this guide, we’ll use the User Registration plugin. With this plugin, you can add a registration and login form. Plus, it offers various CAPTCHA options to protect your site.

As before, you must install and activate your website’s free User Registration & Membership plugin.

Once you’re done, you’ll now see a welcome page, there, click on the “Get Started” button.

Now you get to choose registration type, we’ll go with the “Normal Registration” option here. 

Now you’ll get started with the Initial Setup Process and finish the setup. 

If you continue the setup process, then you’ll see the option to choose a login option after user registration in the General tab. 

Also, you’ll see the option to choose a user role that will not be allowed to view and access your WP Dashboard area. 

In the “Registration Settings,” enable the strong password option for better security of your user credentials. And then, let’s choose Subscriber for the default role after registration. 

On the next page, you can choose to edit the Default Form or view the Registration Page. And this is how your default registration page looks.

With the form ready, it’s time to add the CAPTCHA. To do this, go to “User Registration & Membership > Settings > Captcha.”

Under the CAPTCHA option, you’ll see that the plugin offers 4 types of CAPTCHAs: reCAPTCHA v2, reCAPTCHA v3, hCaptcha, and Cloudflare Turnstile.

You can use any one of them. We’ll choose reCAPTCHA here.

First, click on the drop-down icon of reCAPTCHA v2. You’ll see the options to enable reCAPTCHA v2 and a place to enter the site and secret keys.

You’ll need to enter the keys copied from the Google reCAPTCHA, as we did for the contact form. 

Finally, hit the “Save Changes” button at the bottom.

But this is not enough. You must still enable CAPTCHA support for the registration form on your WordPress website.

So, go to the “All Forms” option from the User Registration menu in your dashboard. Then open the registration form you created earlier. 

In the “General > Form Settings”, scroll down until you see the “Enable Captcha Support” option. Toggle it on and choose the configured captcha. Next, click “Update Form” at the top of the builder.

Your registration form will now display CAPTCHA, as you can see in the image below.

Additionally, User Registration & Membership already comes with an in-built login form. So, you don’t need to create from scratch.

To access it, go to “User Registration & Membership > All Forms” and go to the “Login Forms” tab, where you’ll see the login form.

Now, click the “General” option and scroll down to “Enable Captcha”. Following that, save the changes. 

That’s it. This will add the CAPTCHA verification to your site’s login form.

3. Adding CAPTCHA to WooCommerce Checkout Forms

Everyone is fond of online shopping these days, and online stores are growing day by day. With that WooCommerce plugin is one of the best ways to start your eCommerce platform in WordPress. 

However, if you don’t keep it safe, then you have a high risk of getting spam orders every day.  

How to do it?

It’s simple, add CAPTCHA to your WooCommerce checkout form.

Don’t know how to do that, we’ll walk you through the process step-by-step.

First, you need to set up WooCommerce on your WordPress website. So, start by installing and activating the WooCommerce plugin. It’s easy to do, like any other WordPress plugin.

Now, go to the “WooCommerce” menu in your WordPress dashboard, you’ll see a setup wizard, Where you can configure your store’s basic settings, such as payment methods, shipping zones, and currency. 

Also, if you visit your site, then you’ll find that the Checkout page has been created automatically. 

Now, the next step is to install and activate the All In One Captcha plugin. 

Note: This feature is only available in the premium version of the All In One Captcha plugin.

Once active, your WordPress dashboard will show its settings under “Settings > All In One Captcha”.

Before starting to configure the CAPTCHA, don’t forget to get the reCAPTCHA Site Key and Secret Key from Google. Follow the same process as we did before. 

Once done, go back to “Settings > All In One Captcha” on your WordPress dashboard. Then, select the “Google reCAPTCHA” as your CAPTCHA type and paste in the Site Key and Secret Key you copied from Google. 

The plugin also lets you customize the reCAPTCHA widget. You can choose between light or dark themes, set the size (regular or compact), select a language, or enable automatic detection based on the user’s browser.

Following that, in the Captcha Integration tab, navigate to the WooCommerce section and enable the checkbox next to “Checkout Form.” 

After enabling it, click the “Save Changes” button to apply the settings.

Let’s confirm if we’ve done it right!

Visit the website and add a product to your cart. Then proceed to the checkout page, where you should see the reCAPTCHA widget in the form. 

If the CAPTCHA displays and works correctly, then your checkout form is successfully protected.

4. Add CAPTCHA in WordPress Comment Forms

Having a website ourselves, we know how frustrating it is to see all the spam comments flooding the dashboard. 

Therefore, adding CAPTCHA to your WordPress comment forms is an effective way to stop spam and ensure that only genuine users can submit comments. 

Because the record says:

• 31% see spam comments every day. (Source)
• 66% report seeing spam comments regularly. (Source)
• 29% receive spam DMs at least once a week. (Source)

And if this scares you, go for safeguarding your comment forms as well.

For this guide, we’ll add CAPTCHA in the default WordPress comment form. To access this form, go to the “Discussion” settings. Make sure the “Allow people to submit comments on new posts” option is checked. 

We’ll also be using the same All In One Captcha plugin for this section. So make sure you’ve installed and activated this plugin in your WordPress dashboard. 

After that, get your reCAPTCHA from the Google reCAPTCHA Console, like we did for other forms. 

Following that, go to the “Settings > All In One Captcha” option. 

In the CAPTCHA General tab, we’ll add reCAPTCHA v2, so add the site and secret keys. Since we’ve already registered on this site, we’ll use the same keys. Once done, hit the “Save” option.

Then go to the CAPTCHA Integration tab on the same page. There, tick the “Comment Forms’ and hit the “Save” button. 

And that’s it! 

Isn’t it easy to keep your WordPress forms safe from spam?

3 Popular Plugins to Add CAPTCHA in WordPress Forms

Now that you know how to add CAPTCHA in WordPress forms, let’s take a quick look at some of the popular plugins to add CAPTCHA. 

1. All In One Captcha

All In One Captcha is a powerful anti-spam WordPress plugin that helps to protect all types of forms on your site. This plugin offers a comprehensive and flexible approach to form security without compromising user experience.

Moreover, it supports multiple CAPTCHA types, including Google reCAPTCHA v2 & v3, hCaptcha, and Cloudflare Turnstile. So you’ll have the freedom to choose the best method for your site’s needs. 

Key Features:

• Offers form protection for WordPress default forms, WooCommerce, Elementor, Contact Form 7, and more.
• Allows you to customize CAPTCHA size, theme (light/dark), and language.
• Easy-to-use dashboard with form-specific CAPTCHA settings.
• No coding required, which is ideal for beginners.

Pricing:

All In One Captcha offers a free version available on the WordPress.org plugin directory.

For more features and integrations, you can opt for one of their premium plans from the official website:

• Pro: Costs $19/year for 1 site.
• Business: Costs $49/year for 5 sites.
• Agency: Costs $99/year for 50 sites.

2. Advanced Google reCAPTCHA

Advanced Google reCAPTCHA is a robust and user-friendly WordPress plugin. Using which you can protect your website forms from spam and abuse using Google’s advanced reCAPTCHA technology.

Also, this plugin not only enhances your website’s security but also preserves user experience by allowing flexible CAPTCHA configurations. You can easily choose between the checkbox challenge or invisible verification, depending on how visible you want the CAPTCHA to be.

Key Features:

• Supports reCAPTCHA v2 (checkbox and invisible) and reCAPTCHA v3.
• Protects login, registration, comment, WooCommerce, and contact forms.
• Offers custom error messages and auto language detection.
• Lets you change the max number of login attempts, change the login URL, etc.
• You can use a built-in captcha that doesn’t require an API key.

Pricing:

Advanced Google reCAPTCHA is a freemium plugin available for free and premium versions. The free version is easy to download from the official WordPress.org plugin directory.

You can also get advanced protection features from the premium version available from its official website:

• Personal: Costs $49/year for 1 site.
• Agency: $99/year for 5 sites.
• Team: $119/year for 100 sites.

3.  CAPTCHA 4wp

Lastly, CAPTCHA 4WP is a widely trusted WordPress CAPTCHA plugin with over 100,000 active installations. It enables you to add Google reCAPTCHA (v2, v3, and Invisible) to various forms of your website.

Additionally, you can customize your CAPTCHA appearance to match your site’s branding. Whether you want to prevent fake registrations or protect your WooCommerce store from spam orders, CAPTCHA 4WP makes it easy with just a few clicks.

Key Features:

• Works with default WordPress forms and major plugins like WooCommerce, WPForms, and Contact Form 7.
• Add Geoblocking on forms and WordPress comments form.
• It automatically detects visitors’ language and shows CAPTCHA in that language.
• Includes CAPTCHA logs and failed attempt tracking for better security monitoring.
• You can whitelist users or IP addresses and exempt your trusted users from CAPTCHA tests.

Pricing:

CAPTCHA 4WP is available in both the free and premium versions. You can easily download the free version from the official plugin repository of WordPress.org.

However, to get additional features and advanced configurations, you can choose from the following premium plans from its official website:

• Premium: $39/year for 1 site license.
• Enterprise: 459/year for 1 site license.

Both the pricing plan above depends on the number of sites you choose. 

Best Practices for Using CAPTCHA in WordPress Forms

Having said that, let’s take a sneak peek at some of the best practices to add CAPTCHA in WordPress forms effectively.

• First, choose a CAPTCHA solution that best suits your site’s security and user experience. 
• Make sure to add CAPTCHA to all forms that are an easy target for spam.
• Also,  customize your CAPTCHA’s theme, size, and language settings to align with your website’s design.
• Always test the CAPTCHA on different devices and browsers.
• Choose CAPTCHA solutions accessible to users with disabilities. Like Google reCAPTCHA, offers audio challenges for visually impaired users.
• Most importantly, update your CAPTCHA plugins for new CAPTCHA versions and features. 

And this should be enough for you to add CAPTCHA in WordPress forms effectively.

Frequently Asked Questions (FAQs)