Do you currently own or manage a website that is being targeted by spammers and bots? If you answered yes, you’ll want to read on as we will show you how you can implement a CAPTCHA system on your WordPress website.
You might be asking, should you potentially disrupt a legitimate website visitors experience with an annoying CAPTCHA form? While it is a good question, you have to factor in the experience your users would experience without a CAPTCHA system on your website.
For example, if you run a forum and spammers and bots are left unchecked, your forum will be filled with spam posts, junk advertising and even potentially malware. As a result, your website visitors may decide to find a new community to participate in and even worse, browsers such as Google Chrome might flag your website as dangerous.
A CAPTCHA (Or Completely Automated Public Turing Test To Tell Computers and Humans Apart) serve as one of the most effective ways to prevent a bot from registering on your website and causing havoc. The best part, companies know they can be an inconvenience to legitimate users and thanks to advances in technologies such as AI, CAPTCHAs can be implemented in a way that takes seconds to complete.
While no CAPTCHA system is perfect, they do provide a solid line of defense for your website.
CAPTCHAs come in various forms but their end goal is the same, to stop bots in their tracks while allowing legitimate visitors to proceed to your website. One of the more popular reCAPTCHA systems is Google Captcha, which looks something like the image below.
As you can see above, the Google CAPTCHA system, for most users would be a single click before they can proceed with their action (such as registering on your website). If reCAPTCHA can’t determine if the visitor is a bot or not, it will prompt for additional verification.
Alright, so you know what a CAPTCHA is and how it works. Lets make your website secure!
The first step is to decide which CAPTCHA solution you would like to use. This article will focus on reCAPTCHA by Google simply due to its innovative advances into providing the best user experience possible.
The first step is the easiest, you will need to register your website with reCAPTCHA in order to obtain your website keys.
To do so, follow the steps below:
Once you have registered your website with reCAPTCHA and obtained the Site Key and Secret Key, you need to insert the reCAPTCHA script. It is recommended to place this script above the </head>tag of your website.
You will need to ensure the above snippet is reflected on every page you would like reCAPTCHA to load on. If you are using a CMS, such as WordPress, you would typically only need to enter this once and all of your website pages would be covered.
The final step is to enable the CAPTCHA itself on the pages, and in the places of those pages you would like reCAPTCHA to appear. For example, the login and registration page of a website is typically the best go-to places to stop spammers and bots in their tracks.
Paste the following code snippet wherever you would like reCAPTCHA to appear:
<div class="g-recaptcha" data-sitekey="Your site key"></div>
You would need to replace Your site key with your site key obtained in Step 1.
If you decide not to use reCAPTCHA there are plenty of alternatives you can choose from. When choosing a CAPTCHA solution you want to pay special attention to how the CAPTCHA system is triggered, and how legitimate users caught in the net will be asked to complete a CAPTCHA.
Based on the above, we do not recommend hCAPTCHA. Cloudflare recently announced it is replacing Google reCAPTCHA for hCAPTCHA due to financial reasons. While this would typically be fine, the user experience from hCAPTCHA is far inferior to Google as made evident by the many complaints Cloudflare has been receiving. The last thing you want is to turn away both bots AND your legitimate website visitors.
Despite attempts by spammers and networks to bypass CAPTCHA systems, they remain a key line of defense for millions of websites across the globe, including leading technology companies. While they might not stop every spammer and every bot from accessing your website, they are a simple and efficient solution.
Our recommendation for the simplest installation, and best user experience is reCAPTCHA though there are plenty of alternative CAPTCHA systems you can choose from.