How to set up reCAPTCHA on your website/blog


reCAPTCHA uses an advanced risk analysis engine and adaptive challenges to keep malicious software from engaging in abusive and ugly activities on your website, such as malware, spyware, ransomware, and brute force attacks (theses are gnarly). Legitimate users will be able to log in, make purchases, view pages, or create accounts while fake users and bots will be blocked. This will not affect Google’s friendly bot from crawling your site for indexing purposes.

Why use Google reCAPTCHA vs. a self-hosted CAPTCHA system?

The Google version offers the most up-to-date anti-spam and anti-hacking protection. In addition to being the best on the market, it’s free and simple to integrate into your entire site or just pages or forms located on your site.

Before you get started, decide which form of reCAPTCHA is best for your site, page, or form.

 reCAPTCHA v3:

reCAPTCHA v3 allows you to verify if an interaction is legitimate without any user interaction. It is a pure JavaScript API returning a score, giving you the ability to take action in the context of your site: for instance, requiring additional factors of authentication, sending a post to moderation, or throttling bots that may be scraping content. This is a great option if you use forms on your site, or have an e-commerce site. This version of reCAPTCHA will block bots from fake reviews, fake inquires, and annoying fake emails.

reCAPTCHA v2 (“I’m not a robot” Checkbox)

The “I’m not a robot” checkbox requires the user to click a checkbox indicating the user is not a robot. This will either pass the user immediately (with No CAPTCHA) or challenge them to validate whether or not they are human. This is the simplest option to integrate and only requires two lines of HTML to render the checkbox. I would recommend using this version if you are not a programmer, but are looking for a quick and easy way to add a little security to the front end of your site.

reCAPTCHA v2 (Invisible reCAPTCHA badge)

The invisible reCAPTCHA badge does not require the user to click on a checkbox, instead, it is invoked directly when the user clicks on an existing button on your site or can be invoked via a JavaScript API call. The integration requires a JavaScript callback when reCAPTCHA verification is complete. By default, only the most suspicious traffic will be prompted to solve a captcha. To alter this behavior, edit your site security preference under advanced settings.

reCAPTCHA v2 (Android)

The reCAPTCHA Android library is part of the Google Play services SafetyNet APIs. This library provides native Android APIs that you can integrate directly into an app. You should set up Google Play services in your app and connect to the GoogleApiClient before invoking the reCAPTCHA API. This will either pass the user through immediately (without a CAPTCHA prompt) or challenge them to validate whether they are human.

Here is how you get started with reCAPTCHA:

  1. Go to Google’s page.
  2. Click on the “Admin Console” option in the top banner
  3. Fill out the Registration Page. You will need to select the reCAPTCHA type. The options are explained below.
  4. When finished, accept terms and click the “Submit” button.
  5. After you have submitted your registration you will be given two keys. Make sure you write these down or print off the page, you will need them to place the reCAPTCHA on your site.
  6. Before you add any code to any part of your site, BACK UP YOUR ENTIRE SITE.
  7. When you are ready, you will need to either add your snippet of code directly into your header tag or use your new site keys and add them to your firewall plugin (this is the easiest and cleanest way to add reCAPTCHA).

 Helpful Resource: Google for Developers: