This article describes how to install Google reCAPTCHA on a contact form on a WordPress site in order to protect it properly against spambot.
Indeed, it often happens that spambot networks abuse contact pages to flood message sites with spam. This is a serious attack that can potentially affect the stability and performance of your blog.
It may seem simple to install a contact form on your WordPress blog but, in fact, it is a tricky task, especially since the General Data Protection Regulation (GDPR) came into force in May 2018. All webmasters must follow this regulation.
As you will see, we highly recommend using WPForms plugin, as its approach emphasizes ease of use and directly integrates GDPR guidelines and Google’s reCAPTCHA system.
How to Install the WPForms Module
The first step is to install and activate the WPForms module in WordPress.
- Log in to your WordPress Dashboard and choose Plugins -> Add New :
- Search for the term wpforms and install this extension by clicking on the Install Now button:
- Click on the Activate button :
Now that you have installed WPForms, you can create your first contact form.
How to Create the Contact Form in WPForms
Here we explain how to deploy a rudimentary contact form, which includes fields for first and last name, e-mail address and a message.
- In the left-hand pane of your Dashboard, under the WPForms menu, click on Add New:
- Load the WPForms form builder:
- In the Name Your Form field, enter the name you want to give to your contact form:
- Select the Simple Contact Form and click on the Use Template button:
- On the next page, WPForms lets you customize the fields of your chosen form template. Once you have done this, click on the Save button:
How to Configure GDPR Directives
WPForms makes it easy to ensure that your contact form complies with the guidelines of the General Data Protection Regulation. This is done in the WPForms extension settings.
- In the left-hand pane of your Dashboard, under the WPForms menu, click on Settings :
- At the bottom of this page, activate the option named GDPR Enhancements and click on the Save Settings button:
How to Generate reCAPTCHA Keys
Before activating reCAPTCHA in WPForms, you need to generate the set of keys required to operate the Google reCAPTCHA anti-spambot feature.
- Log in or register on the following site: https://www.google.com/recaptcha/.
- Click on the v3 Admin Console button:
- This opens the site registration interface:
- Provide the information:
- Label: reference name you give so that you know which site this key set corresponds to;
- reCAPTCHA type: V2 will ask the user to solve a puzzle. V3 will automatically determine whether the visitor is a robot or not, thanks to sophisticated analyses. In our example, we use V3.
- Domains: indicate the domain name(s) of the site(s) for which you are generating a reCAPTCHA key set.
- Owners: normally, this field is automatically filled in, but you can add one or more additional contacts.
- Click on the SUBMIT button.
- Google will then tell you which set of keys to use in the reCAPTCHA configuration of your contact form. Be sure to take note of the SITE and SECRET keys before moving on to the next step:
How to Enable reCAPTCHA in WPForms
We are now ready to activate the reCAPTCHA feature in the contact form we have just created. This involves two steps: setting up the reCAPTCHA key set in WPForms configuration and enabling the anti-spambots feature in the contact form we have created.
How to Set Up the Key Set in WPForms Configuration
- In the left-hand pane of your Dashboard, under the WPForms menu, click on Settings.
- Click on CAPTCHA tab:
- Click on the reCAPTCHA button:
- This displays the settings form:
- Please fill in the required information:
- Type : indicate the option corresponding to what you chose when creating the key set (in our example, reCAPTCHA v3).
- Site Key : corresponds to the site key obtained when the key set was created.
- Secret Key : corresponds to the secret key obtained when the key set was created.
- Fail Message : the message you want to be displayed if the reCAPTCHA fails.
- Score Threshold : this is the score at which you want users to fail the reCAPTCHA v3 check. Scores can range from 0.0 (most likely a robot) to 1.0 (most likely a good interaction).
- Non-Conflict Mode: to be used only in the event of a problem. This will remove other occurrences of reCAPTCHA to avoid conflicts.
- Click on the Save Settings button.
How to Enable Anti-Spambots in the Form
The anti-spambot function can then be activated in the contact form.
- In the left-hand pane of your Dashboard, under the WPForms menu, click on All Forms.
- Click on the form you have created (Contact in our example) :
- WordPress will then direct you to the WPForms contact form builder. Go to the Settings -> Spam Protection and Security section and check the Enable Google v3 reCAPTCHA button:
- Click on the Save button.
How to Publish a Contact Page Created with WPForms
Although all the steps have been followed correctly, you will notice that the contact form still does not appear on your site. This is quite normal, as you still need to publish a contact page in your WordPress.
- In the left-hand pane of your WordPress Dashboard, under the WPForms menu, click on All Forms.
- Click on the form you have created (Contact in our example).
- Click on the </>Embed button :
- WordPress then suggests that you embed your form into a page. Click on the Create New Page button:
- Fill in the field with the name of the new page and click on the Let’s Go! button:
- Click on the Publish button:
- Click on the View Page button :
- You will then see the contact form with the reCAPTCHA symbol:
Congratulations! The contact form has been successfully published and 100% spam-proof, as well as being compliant with GDPR, the General Data Protection Regulation.