Since hacking attacks have been on the rise, most websites have ramped up their security measures. Captcha has been around for quite some time and is a crucial measure, but its use has been mostly supplanted by reCAPTCHA. In this article, we will examine what reCaptcha is and why it is better.
About CAPTCHA and reCAPTCHA
CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. The purpose of the CAPTCHA is to determine whether or not a user is a human being or a computer program.
How Does CAPTCHA Work?
Traditional CAPTCHA requires users to pick specific letters from a list. Bots won’t be able to read the jumbled letters. Passing the test requires correctly interpreting distorted text, typing the correct letters, and submitting the form. If the letters don’t match, users can retry. Online login forms, account signup forms, online polls, and shopping cart checkout pages often have these tests. CAPTCHA asks users to do something a bot can’t. If the user can complete the task correctly, the service knows they’re not a spambot and lets them continue.
What is reCAPTCHA?
In 2009, Google introduced reCAPTCHA as a replacement for traditional CAPTCHAs. It is a free service and, like CAPTChA, is purposed to protect websites from spam and abuse by distinguishing between human and automated access to websites.
Try our Award-Winning WordPress Hosting today!
The first version of reCAPTCHA was a simple OCR (Object Character Recognition) and it was popular until 2018 when it was replaced by version 2.
ReCAPTCHA v2 has three subtypes: Invisible reCAPTCHA, reCAPTCHA Android, and the “I’m not a robot.” badge.
The latter is the most popular of the three, since it just requires the user to click the “I’m not a robot” box.
The invisible reCAPTCHA, on the other hand, requires no user interaction whatsoever. Google accomplishes this by analyzing user behavior and, if unsure whether a user is a human, prompting the user to complete a CAPTCHA test.
Why Is It Better than CAPTCHA?
What it does better compared to the traditional CAPTCHA is that users have to identify text from real-world images that are much more difficult for computers to decipher.
Because it uses screenshots of street addresses, text from printed books, text from old newspapers, and so on, it is simpler for humans to understand but more challenging for bots to do so.
How To Add reCAPTCHA To Your WordPress Site
Like in most cases, the WordPress Plugin Directory offers many free solutions that will help you add a CAPTCHA to WordPress easily. Before you choose, it is wise that you read carefully and whether they can apply the protection on all your website’s forms efficiently. But before anything, obtaining API keys for your domain name is the first thing on the list to do.
How to Create a Google reCAPTCHA
When you visit the Google reCAPTCHA console, you see the options for the reCAPTCHA type you can choose.
The next thing to do is get the site key and secret key:
Setting up a reCAPTCHA using a plugin
Now you’ve got the information needed (in the form of a site and secret key) you can begin implementing your reCaptcha. The easiest way to do this is by using a plugin.
reCaptcha by BestWebSoft
As you can see for yourself in the plugin directory, the most popular is the reCaptcha by BestWebSoft with over 200K downloads at the time this article is written. Let’s see what it provides.
The installation and usage are both very straightforward and quick. With this plugin installed and activated you force users to confirm they’re not robots before submitting. You can add reCaptcha to registration and login forms, reset password forms, comment forms, contact forms, and testimonials. It also includes reCAPTCHA Version 3, Version 2, and Invisible.
In its free version, it offers many options, including hiding reCaptcha for the allow listed IP addresses, disabling the submit button, validity checks, hiding reCaptcha for certain user roles, and more.
How To Add WordPress reCAPTCHA To Your Login, Registration and Reset Password Form
Spammers and brute force assaults often target WordPress login and registration sites. That is why adding a second layer of password protection to the WordPress login and registration pages is an excellent solution. You may want to consider the Login no Captcha reCaptcha plugin.
The plugin takes advantage of Google’s captcha system and allows you to use the Captcha on your Login, Registration and Reset Password Form.
Once you install and activate it, find the related menu item (under Settings -> Login NoCaptcha) to go to its admin screen.
There you can find the fields where you enter the site key and secret key from the Google console process.
Once you fill in the keys, you are all set. Now if you logout and go to the login page you should see something like this:
Something similar will appear in the Registration form, or when you try to reset your password, and of course, in the WooCommerce login form if used.
Unfortunately, there is no control over what forms to use reCaptcha on. If you want to include it in some of the forms and not all, you can install and activate the Advanced Google reCAPTCHA plugin. Then go to its settings page and select only the desired checkboxes.
And that’s it. Ready and protected!
How To Use reCAPTCHA On a Contact Form
Using reCaptcha on your contacts forms, depends on which plugin you have installed. Regarding some of the most popular form plugins, the solution is right at hand as it is already part of the plugin settings.
If you are using Forminator, you have this at your fingertips, as the plugin already provides options for reCaptcha in its admin settings page. The same goes for Contact Form 7. Under the integrations menu item of the plugin menu, you can find the necessary fields and options.
When it comes to WordPress security, adding a CAPTCHA is one of the simplest ways to make it harder for bots to infiltrate your site. Fortunately, incorporating one is also easy. You can set yours up in just three simple steps on any part of your WordPress website.