Want to avoid spam registrations and bot attacks using CAPTCHA on your WordPress site? You’re in the right place.
Adding CAPTCHAs to both registration and login forms is easy and effective for securing your site from external attacks. But setting it up can be tricky. Fear not!
This guide will walk you through implementing CAPTCHA using the User Registration plugin. It offers you four powerful options: reCAPTCHA v2, reCAPTCHA v3, hCaptcha, and Cloudflare Turnstile.
Ready to say goodbye to spam? Let’s dive in and secure your site in minutes.
What is CAPTCHA? Why Add it to the Registration and Login Forms?
CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.” It’s a tool designed to determine whether a user is a human or a bot.
This test analyzes various aspects of user interactions. The way a CAPTCHA works depends on the type of CAPTCHA a system uses. A few popular ones in use today are:
reCAPTCHA v2: reCAPTCHA v2 requests users to tick the “I am not a robot.” checkbox or complete image CAPTCHA challenges. The system analyzes the user’s actions to verify whether the user is a human or a bot.
reCAPTCHA v3: This version of reCAPTCHA evaluates the way users interact with your website. It then generates a score indicating how genuine or fake the user is. A higher score means the user is more likely to be human.
Unlike reCAPTCHA v2, it works in the background. So, your forms won’t display image CAPTCHAs or “I am not a robot.” checkboxes.
hCaptcha: hCaptcha is quite similar to reCAPTCHA. The only difference is that hCaptcha doesn’t sell users’ collected data to third parties.
Hence, with CAPTCHA protection in registration and login forms,
- You can avoid spam registrations to ensure that only genuine or human users are registered on your site.
- You can prevent bots from accessing your website’s comment and review section by filtering out spam registrations.
- You can protect the user accounts of existing human users by blocking malicious login attempts.
Given all these benefits, it’s wise to place CAPTCHAs in registration and login forms.
A good WordPress registration form plugin will provide numerous CAPTCHA options. The choice depends on your specific needs and audience preferences.
How to Add CAPTCHA to WordPress Registration & Login Form?
We’ve chosen the User Registration plugin to demonstrate how to add CAPTCHA to WordPress registration and login forms.
It’s a brilliant registration form builder plugin with multiple CAPTCHA options. Also, its drag-and-drop interface makes it easy to build registration forms with as many custom fields as you wish.
While at it, we’ll also show you how to create a custom registration form to add the CAPTCHA.
So, let’s get started!
Step 1: Install and Activate the User Registration Plugin
First, you must install and activate the free User Registration plugin on your website.
To do this, log into your WordPress dashboard and open Plugins >> Add New. Please search for the plugin and click the Install Now button once it appears in the search results.
After that, Activate the plugin.
You’ll now see a welcome page that lets you either Skip to Dashboard, Get Started to set up the plugin or Create a First Form directly.
No matter which path you decide to take, make sure you’ve turned on the Membership option.
If you continue the setup process, you’ll see the Anyone can register option in the General tab. It’s turned on by default, so keep it as it is and hit Next to proceed with the rest of the setup.
If you’ve already exited from the welcome page to the dashboard, open Settings >> General. Here, tick the checkbox for Anyone can register and click Save Changes.
This step is essential because only when you enable user registration, your users be able to access the registration form in the frontend and register themselves.
Once you’ve done that, you can move on to the next step.
Step 2: Create a New User Registration Form
Now, navigate to User Registration >> Add New to create a new form. Now, you can use the pre-built form templates or create a new one from scratch.
Proceed on by giving your form a clear name.
You’ll find all the required fields for a custom registration form on the left. To add these fields to the form on the right, you just need to drag and drop them.
Thus, you can add any other field you need to the form.
Here’s a complete guide to creating a user registration form in WordPress using the User Registration plugin.
When the form is ready, click Create Form or Publish form. And there you have it! A simple registration form in a few quick steps.
Step 3: Generate Site and Secret Keys for CAPTCHA
With the form created, it’s time to add the CAPTCHA. To do this, go to User Registration >> Settings >> Captcha.
Under the CAPTCHA option, you’ll see that the plugin offers four types of CAPTCHAs: reCAPTCHA v2, reCAPTCHA v3, hCaptcha, and Cloudflare Turnstile.
Regardless of which type you choose, you’ll need the Site Key and Secret Key to activate the CAPTCHA. Don’t know how to get the keys?
In this section, we will show you how to get a site and secret keys for all the CAPTCHA types available with User Registration. You can use any one of them:
A. reCAPTCHA Site Key and Secret Key
First, click on the dropdown icon of reCAPTCHA v2. You’ll see the options to enable reCAPTCHA v2 and place to enter the site and secret keys.
So, visit the official Google reCAPTCHA page.
Click the v3 Admin Console menu in the header and log into your Google account.
After that, you’ll be taken to the Create page to register a new site. This should be the site where you want to integrate the CAPTCHAs.
Type your website’s name in the Label and choose the reCAPTCHA type between v2 and v3.
Choosing v2 comes with 3 more options:
- “I’m not a robot” Checkbox
- Invisible reCAPTCHA badge
- reCAPTCHA Android
After choosing the type of reCAPTCHA, add your site’s domain, accept the reCAPTCHA Terms of Service and click on the Submit button.
That’s it! Your site is now registered for Google reCAPTCHA.
All that’s left to do is copy the Site Key and Secret Key for later use.
You’ll need them to integrate the CAPTCHA into your forms.
B. hCaptcha Site Key and Secret Key
Similar to reCAPTCHA, go to the official hCaptcha page. Next, open the sign-up page by pressing the Sign Up button.
hCaptcha offers several types of plans to companies and individuals. For now, choose the free service for your website.
Then, create a new account and get your Site Key and Secret Key.
C. Cloudflare Turnstile Site Key and Secret Key
For the Cloudflare Turnstile site key and secret key, visit its official website and sign up for free using your email address.
Now, navigate to Turnstile >> Add widget.
Next, enter your website’s Widget name and Domain and hit the Create button.
You’ll now get the Site Key and Secret Key from Cloudflare Turnstile.
Copy and keep them safe.
Step 4: Enable reCAPTCHA v2, v3, hCaptcha or Cloudflare Turnstile
Now that you have the keys, go back to your WordPress dashboard >> User Registration>> Settings >> Captcha.
Based on your preference for CAPTCHA, please enable it and paste the site and secret keys.
reCAPTCHA v2
If you’re adding reCAPTCHA v2, paste the Site Key and Secret Key you generated for reCAPTCHA v2.
You can also make the CAPTCHA invisible. Finally, hit the Save Changes at the bottom.
reCAPTCHA v3
If you want to add reCAPTCHA v3 to your form, enable reCAPTCHA v3 and paste the Site Key and Secret Key. Then, set the Threshold score for validating requests.
Here, the default is 0.4, meaning users who get 4 out of 10 total scores are validated as genuine users. You can increase the Threshold score to ensure a strict user evaluation.
hCaptcha
Next, for hCaptcha, enable HCaptcha and paste the keys you generated from your hCaptcha account.
Cloudflare Turnstile
Similarly, if you want to add Cloudflare Turnstile, enable it and paste the site and secret keys.
Don’t forget to Save Changes at the end.
Note: You can enable all four CAPTCHAs and use anyone in the registration and login form later.
Let’s proceed to add them to your registration and login forms.
Step 5: Enable CAPTCHA in the Registration Form
Just integrating reCAPTCHA with User Registration isn’t enough. You still need to enable CAPTCHA support for the registration form on your WordPress website.
So, open the custom registration form you created earlier and go to its Form Setting. Scroll down the General tab to see the Enable Captcha Support option.
Toggle it and choose the configured captcha. Next, click Update form at the top of the builder.
Note: If you enable all four CAPTCHAs, you’ll see all the options in the dropdown. Meanwhile, we have only enabled reCAPTCHA v2, so this option is only displayed in the image above.
Your registration form will now display CAPTCHA depending on the type of CAPTCHA you’ve enabled in the previous steps.
Step 6: Enable CAPTCHA in Login Form
Since User Registration already comes with an in-built login form, you don’t have to create another one from scratch.
Simply navigate to User Registration >> All Forms and open the Login Forms.
Next, go to User Registration >> Settings and open the Login Options under the General tab.
Here, tick the Enable Captcha checkbox and save the changes. This should add the CAPTCHA verification to your site’s login form.
Wrapping Up
We hope you have mastered adding CAPTCHA to your WordPress registration and login form using the User Registration plugin.
With its four CAPTCHA options, you can significantly reduce spam registrations and bot attacks.
Moreover, you can also use this incredible plugin to enable strong passwords, assign user roles at registration, and let admins approve users after registration.
Learn more about User Registration through our blog, where we’ve covered its various features and how you can implement them for your site.
Also, follow us on X (formerly Twitter) and Facebook to stay updated.