BEGINNER'S GUIDE

How to Add CAPTCHA to WordPress Registration & Login Form?

Last Updated: 9 mins By: Akriti Pant

Want to avoid spam registrations and bot attacks using CAPTCHA on your WordPress site? You’re in the right place.

Adding CAPTCHAs to both registration and login forms is easy and effective for securing your site from external attacks. But setting it up can be tricky. Fear not!

This guide will walk you through implementing CAPTCHA using the User Registration plugin. It offers you four powerful options: reCAPTCHA v2, reCAPTCHA v3, hCaptcha, and Cloudflare Turnstile.

Ready to say goodbye to spam? Let’s dive in and secure your site in minutes.

What is CAPTCHA? Why Add it to the Registration and Login Forms?

CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.” It’s a tool designed to determine whether a user is a human or a bot. 

This test analyzes various aspects of user interactions. The way a CAPTCHA works depends on the type of CAPTCHA a system uses. A few popular ones in use today are:

reCAPTCHA v2: reCAPTCHA v2 requests users to tick the “I am not a robot.” checkbox or complete image CAPTCHA challenges. The system analyzes the user’s actions to verify whether the user is a human or a bot.

Add CAPTCHA to Registration Form WordPress reCAPTCHA v2

reCAPTCHA v3: This version of reCAPTCHA evaluates the way users interact with your website. It then generates a score indicating how genuine or fake the user is. A higher score means the user is more likely to be human.

Unlike reCAPTCHA v2, it works in the background. So, your forms won’t display image CAPTCHAs or “I am not a robot.” checkboxes.

Add CAPTCHA to Registration Form WordPress reCAPTCHA v3

hCaptcha: hCaptcha is quite similar to reCAPTCHA. The only difference is that hCaptcha doesn’t sell users’ collected data to third parties.

Add CAPTCHA to Registration Form WordPress hCaptcha

Hence, with CAPTCHA protection in registration and login forms, 

  • You can avoid spam registrations to ensure that only genuine or human users are registered on your site.
  • You can prevent bots from accessing your website’s comment and review section by filtering out spam registrations.
  • You can protect the user accounts of existing human users by blocking malicious login attempts.

Given all these benefits, it’s wise to place CAPTCHAs in registration and login forms.

A good WordPress registration form plugin will provide numerous CAPTCHA options. The choice depends on your specific needs and audience preferences.


How to Add CAPTCHA to WordPress Registration & Login Form?

We’ve chosen the User Registration plugin to demonstrate how to add CAPTCHA to WordPress registration and login forms. 

User Registration Plugin

It’s a brilliant registration form builder plugin with multiple CAPTCHA options. Also, its drag-and-drop interface makes it easy to build registration forms with as many custom fields as you wish.

While at it, we’ll also show you how to create a custom registration form to add the CAPTCHA.

So, let’s get started!

Step 1: Install and Activate the User Registration Plugin

First, you must install and activate the free User Registration plugin on your website.

To do this, log into your WordPress dashboard and open Plugins >> Add New. Please search for the plugin and click the Install Now button once it appears in the search results.

Search User Registration Plugin

After that, Activate the plugin. 

Activate User Registration Plugin

You’ll now see a welcome page that lets you either Skip to Dashboard, Get Started to set up the plugin or Create a First Form directly.

User Registration Setup

No matter which path you decide to take, make sure you’ve turned on the Membership option.

If you continue the setup process, you’ll see the Anyone can register option in the General tab. It’s turned on by default, so keep it as it is and hit Next to proceed with the rest of the setup.

Membership in User Registration Setup

If you’ve already exited from the welcome page to the dashboard, open Settings >> General. Here, tick the checkbox for Anyone can register and click Save Changes.

Turn Membership Option On

This step is essential because only when you enable user registration, your users be able to access the registration form in the frontend and register themselves.

Once you’ve done that, you can move on to the next step.


Step 2: Create a New User Registration Form

Now, navigate to User Registration >> Add New to create a new form. Now, you can use the pre-built form templates or create a new one from scratch.

Proceed on by giving your form a clear name.

Create New Registration Form

You’ll find all the required fields for a custom registration form on the left. To add these fields to the form on the right, you just need to drag and drop them.

Thus, you can add any other field you need to the form.

Here’s a complete guide to creating a user registration form in WordPress using the User Registration plugin.

When the form is ready, click Create Form or Publish form. And there you have it! A simple registration form in a few quick steps.


Step 3: Generate Site and Secret Keys for CAPTCHA

With the form created, it’s time to add the CAPTCHA. To do this, go to User Registration >> Settings >> Captcha.

From Dashboard Navigate to Captcha

Under the CAPTCHA option, you’ll see that the plugin offers four types of CAPTCHAs: reCAPTCHA v2, reCAPTCHA v3, hCaptcha, and Cloudflare Turnstile.

Regardless of which type you choose, you’ll need the Site Key and Secret Key to activate the CAPTCHA. Don’t know how to get the keys? 

In this section, we will show you how to get a site and secret keys for all the CAPTCHA types available with User Registration. You can use any one of them:

A. reCAPTCHA Site Key and Secret Key

First, click on the dropdown icon of reCAPTCHA v2. You’ll see the options to enable reCAPTCHA v2 and place to enter the site and secret keys.

Captcha Options for reCAPTCHA v2

So, visit the official Google reCAPTCHA page

Official Google reCAPTCHA Page

Click the v3 Admin Console menu in the header and log into your Google account.

After that, you’ll be taken to the Create page to register a new site. This should be the site where you want to integrate the CAPTCHAs.

Register a New Site

Type your website’s name in the Label and choose the reCAPTCHA type between v2 and v3. 

Add Label and Domain

Choosing v2 comes with 3 more options:

  • “I’m not a robot” Checkbox 
  • Invisible reCAPTCHA badge
  • reCAPTCHA Android

After choosing the type of reCAPTCHA, add your site’s domain, accept the reCAPTCHA Terms of Service and click on the Submit button.

Submit New Site for reCAPTCHA

That’s it! Your site is now registered for Google reCAPTCHA. 

All that’s left to do is copy the Site Key and Secret Key for later use.

Copy Site Key and Secret Key

You’ll need them to integrate the CAPTCHA into your forms.


B. hCaptcha Site Key and Secret Key

Similar to reCAPTCHA, go to the official hCaptcha page. Next, open the sign-up page by pressing the Sign Up button.

hCaptcha Official Site

hCaptcha offers several types of plans to companies and individuals. For now, choose the free service for your website.

Then, create a new account and get your Site Key and Secret Key.

Get hCaptcha Site Key and Secret Key

C. Cloudflare Turnstile Site Key and Secret Key

For the Cloudflare Turnstile site key and secret key, visit its official website and sign up for free using your email address.

Cloudflare Official Page

Now, navigate to Turnstile >> Add widget.

Turnstile Interface

Next, enter your website’s Widget name and Domain and hit the Create button.

Add Widget and Domain in Cloudflare

You’ll now get the Site Key and Secret Key from Cloudflare Turnstile.

Site Key and Secret Key from Cloudflare

Copy and keep them safe.


Step 4: Enable reCAPTCHA v2, v3, hCaptcha or Cloudflare Turnstile

Now that you have the keys, go back to your WordPress dashboard >> User Registration>> Settings >> Captcha

Based on your preference for CAPTCHA, please enable it and paste the site and secret keys.

reCAPTCHA v2

If you’re adding reCAPTCHA v2, paste the Site Key and Secret Key you generated for reCAPTCHA v2.

Enter reCaptcha Site Key and Secret Key

You can also make the CAPTCHA invisible. Finally, hit the Save Changes at the bottom.

reCAPTCHA v3

If you want to add reCAPTCHA v3 to your form, enable reCAPTCHA v3 and paste the Site Key and Secret Key. Then, set the Threshold score for validating requests. 

reCaptcha V3 Settings

Here, the default is 0.4, meaning users who get 4 out of 10 total scores are validated as genuine users. You can increase the Threshold score to ensure a strict user evaluation.

hCaptcha

Next, for hCaptcha, enable HCaptcha and paste the keys you generated from your hCaptcha account.

hCaptcha Settings

Cloudflare Turnstile

Similarly, if you want to add Cloudflare Turnstile, enable it and paste the site and secret keys.

Cloudflare Turnstile Settings

Don’t forget to Save Changes at the end. 

Note: You can enable all four CAPTCHAs and use anyone in the registration and login form later.

Let’s proceed to add them to your registration and login forms.


Step 5: Enable CAPTCHA in the Registration Form

Just integrating reCAPTCHA with User Registration isn’t enough. You still need to enable CAPTCHA support for the registration form on your WordPress website.

So, open the custom registration form you created earlier and go to its Form Setting. Scroll down the General tab to see the Enable Captcha Support option. 

Enable Captcha in Registration Form

Toggle it and choose the configured captcha. Next, click Update form at the top of the builder.

Note: If you enable all four CAPTCHAs, you’ll see all the options in the dropdown. Meanwhile, we have only enabled reCAPTCHA v2, so this option is only displayed in the image above.

Your registration form will now display CAPTCHA depending on the type of CAPTCHA you’ve enabled in the previous steps.


Step 6: Enable CAPTCHA in Login Form

Since User Registration already comes with an in-built login form, you don’t have to create another one from scratch.

Simply navigate to User Registration >> All Forms and open the Login Forms.

Check for User Registration Login Form

Next, go to User Registration >> Settings and open the Login Options under the General tab.

Enable Captcha in Login Form

Here, tick the Enable Captcha checkbox and save the changes. This should add the CAPTCHA verification to your site’s login form.


Wrapping Up

We hope you have mastered adding CAPTCHA to your WordPress registration and login form using the User Registration plugin.

With its four CAPTCHA options, you can significantly reduce spam registrations and bot attacks.

Moreover, you can also use this incredible plugin to enable strong passwords, assign user roles at registration, and let admins approve users after registration

Learn more about User Registration through our blog, where we’ve covered its various features and how you can implement them for your site.

Also, follow us on X (formerly Twitter) and Facebook to stay updated.

How to Add CAPTCHA to WordPress Registration & Login Form?
Scroll to top

Pin It on Pinterest