In this Blog, you’ll find out how to add reCAPTCHA to WordPress comment forms, and get rid of spam.

Besides cluttering a page’s comments section, spam comments can also drag down a website’s search engine rankings.

In this guide, we’ll show you how this essential WordPress plugin can help prevent this, and ensure that spam bots can’t target pages on your website.

What is Google reCAPTCHA?

According to a study published in 2022, almost half of all internet traffic comes from bad bots. Spam bots are particularly concerning for WordPress website owners as they’re trained to leave messages in the comments section that can affect the page’s authority.

Google introduced the CAPTCHA or reCAPTCHA technology in 2009 to prevent spam bots from posting comments automatically.

However, this feature isn’t automatically added to a custom comment form on WordPress after you publish a website, and you must install the Advanced Google reCAPTCHA plugin or a similar WordPress plugin to enable it.

CAPTCHA stands for ‘Completely Automated Public Turing Test to Tell Computers and Humans Apart,’ so once you install this plugin, your website visitors will have to pass the test and prove that they are human before they can log in to their account or post comments on your site.

They can either do this by clicking the ‘I’m Human’ checkbox, or by taking a quick test during which they have to click on images containing the same type of object.

How to Install Advanced Google reCAPTCHA Plugin?

Although it doesn’t entirely eliminate the spam bot activity from your website, installing the Advanced Google reCAPTCHA plugin can drastically reduce spam commenting on all comment forms you add to the pages you publish on your website.

The plugin is free and easy to install, so let’s see what you need to do to add it to your site.

Open the WordPress dashboard, slide down to the ‘Plugins’ menu, click on it, and choose the ‘Add New’ option.

Type Advanced Google reCAPTCHA into the search bar. The plugin will appear in the search results, so just click the ‘Install Now’ button next to it.

Click Activate after the installation is complete, and head over to the Advanced Google reCaptcha menu that appears on the dashboard.

Open the ‘Features’ tab to learn more about the plugin’s capabilities before navigating back to the Settings tab.

Obtaining reCAPTCHA API Keys

The reCAPTCHA feature won’t be active on your website after you install the plugin, as there are a few additional steps you must take to add reCAPTCHA to WordPress comment forms.

Click on the ‘register your domain’ link in the Settings tab under the Key Settings section.

The link will take you to the Google reCAPTCHA page, where you can register your site, and obtain the reCAPTCHA API keys.

Enter the site’s label into the box at the top of the page. This can be your site’s name or any other term that makes it easy to identify your site.

You can choose between V3 (Score Based) or V2 (Challenge) reCAPTCHA variants.

Click the checkbox next to the V2 option, and then choose the ‘I’m Not a Robot Checkbox’ option if you want this checkbox to appear whenever someone tries to add a comment on your site, and proceed to enter your domain name into the box.

Scroll down to the bottom of the page, agree to the ‘Google Cloud Platform Terms of Service,’ and hit the Submit button.

Google will generate Site and Secret keys for you, so copy each key to the appropriate field in your dashboard’s Advanced Google reCAPTCHA tab.

Using reCAPTCHA with WordPress Comment Forms

Make sure that the V2 reCAPTCHA type option is selected before copying the secret, and site keys to the plugin’s main tab.

Scroll down to the Status Settings section to choose when the reCAPTCHA checkbox will appear on your website. The following options will be enabled by default:

  • Enable for Login – for default, WooCommerce and Easy Digital logins
  • Enable for Register
  • Enable for Lost Password
  • Enable for Comment Form

Optionally, you can also enable reCAPTCHA for WooCommerce registration, checkout, or BuddyPress registration.

Click the ‘Save Changes’ at the bottom of the screen to add reCAPTCHA to the comment form on your blog, or any other pages where commenting is enabled.

Please remember that you must log out of your WordPress, or view a page in the web browser’s incognito mode to see the reCAPTCHA checkbox.

Adding reCAPTCHA to WordPress Themes without a Plugin

You don’t necessarily have to add reCAPTCHA to WordPress comment forms via plugin, as you can insert the reCAPTCHA code into the theme files.
The process starts with obtaining the site and secret keys from the Google reCAPTCHA site. Click on the V3 Admin Console option on the site’s home page and log in to your account.

Register your site, and obtain the site and security keys before going back to the WordPress dashboard, and navigating to the Appearance menu. Click on the ‘Theme File Editor’ option in this menu, and head over to the Single.php folder.

Locate the Get Header line, and the following line of code below it:
<script src=”” async defer></script>

Doing so will enable you to load the reCAPTCHA api.js from Google, so when done, click the ‘Update File’ button at the bottom of the screen to save the changes.

The next step is adding code to the functions.php folder located near the top of the theme files in the Theme File Editor.

You should then add the appropriate code to the bottom of the folder, and insert the site and secret keys to the submit_field variable and the captcha_postdata array.

Check if the reCAPTCHA was successfully added to comment forms after clicking the ‘Update File’ button by signing out of your WordPress account, and viewing the website as a visitor.

Other Ways of Blocking Spam Comments

Although helpful, the Advanced Google reCAPTCHA plugin doesn’t eliminate spam comments because some bots can bypass it.

Fortunately, WordPress offers a variety of options that allow you to control who and under which conditions can post comments to your website.

You can find these options in the Discussions submenu of the Settings menu. So, to tighten up your site’s security, you should check if the ‘Users must be registered and logged in to comment’ option is enabled in the Other comments settings section.

In addition, you can scroll down to the Before the comment appears section on the same page, and enable the Comment must be manually approved option to prevent spam bots from posting comments on your website.

Installing the Akismet Spam Protection plugin is also an option if you want to block spam comments entirely. However, this anti-spam solution involves subscribing to one of Akismet’s plans.

The Importance of Adding reCAPTCHA to WordPress Comment Forms

The easiest way to prevent spam bots from wreaking havoc on your WP comment form is to install the Advanced Google reCAPTCHA plugin.

Still, this isn’t the only free WordPress plugin that lets you add reCAPTCHA to comment forms, as you can use reCaptcha by BestWebSoft, Google reCAPTCHA by Hizzle, and countless other plugins to filter out spam comments from your website.

Hopefully, this tutorial has given you all the information you need to add reCAPTCHA to WordPress comment forms.

Take a look at our Contact Form 7 guide to find out how this plugin can help you collect, and manage contacts safely and effortlessly.