How to
How to

How to set up reCAPTCHA

How to set up reCAPTCHA for WordPress and WooCommerce registration, reset password and login forms. Stop spam comments with invisible reCAPTCHA.

What is reCAPTCHA and how does it work?

reCaptcha by Google

reCaptcha widget by Google

reCAPTCHA is a human verification mechanism which created and maintained by Google as a free web service.

When you enable reCAPTCHA for a form on your website, a couple of JavaScript scripts will be loaded from Google’s servers every time a web page with the form is being displayed. If you have enabled visible version, those scripts will display a reCAPTCHA widget inside the form. With invisible reCAPTCHA, those scripts will display a reCAPTCHA badge at the corner of the screen.

Every time when a user submits the form with reCAPTCHA, the WP Cerber plugin makes an HTTP request to the Google server to make sure that the form has been submitted by a human, not a bot. If the Google server replies with negative “No it ‘s a bot”, further processing of the form will be interrupted and user see the message: ERROR: Human verification failed. Please click the square box in the reCAPTCHA block below.

By the way: Why reCAPTCHA does not protect WordPress from brute-force attack.

Let’s set up reCAPTCHA for WordPress forms

You can easily set up reCAPTCHA on a website having the WP Cerber plugin installed. But before you can start using reCAPTCHA on any website, you have to obtain a Site key and a Secret key on the Google website. To get the keys you have to have Google account.

Register your website and get both keys here:

Note: If you are going to use an invisible version, you must get and use Site key and a Secret key for the invisible version only.

  1. After keys have been created for you, go to the reCAPTCHA settings page of the WP Cerber plugin.
  2. Copy keys to the appropriate fields in the reCAPTCHA settings.
  3. Check checkboxes for all forms you want to be verified with reCAPTCHA.
  4. Make sure that reCAPTCHA widget is displayed correctly.
  5. Done!

reCAPTCHA for WooCommerce

Important note for WooCommerce users: you cannot enable and use two visible reCAPTCHA widgets (for two forms) on the same page. Only one widget per page is allowed. So, if you have two forms on the same page, choose only one, more important form or use the invisible version.

reCAPTCHA for WordPress comment forms

If you need to align the visible reCAPTCHA widget, use the custom CSS style with site Customizer.

  1. To get to the WordPress Customizer, navigate to Appearance / Customize menu from your WordPress dashboard. You will be taken directly to the Customizer interface, with your theme preview on the right, and the Customizer menu on the left. Scroll down and click
  2. Scroll down and click Additional CSS.
  3. Enter the following CSS code to align reCAPTCHA widget to the right.
#cerber-recaptcha > div {
 text-align: right;
 width: auto !important;
 height: auto !important;

Note: When editing CSS style in the site Customizer, your changes will automatically be applied to the preview window, but they won’t actually be saved until you click the Save & Publish button.

Troubleshooting reCAPTCHA

First of all, inspect the Activity tab.

If you see the message “reCAPTCHA settings are incorrect”, that means that your key and secret are not correct and have not been recognized by Google server.

If you see the message “Request to the Google reCAPTCHA service failed”, that means that your web server is unable to connect to external servers. Ask hosting provider for this issue. Sometimes hosting providers block outgoing HTTP requests from websites.

Be aware

Although Google offers this service for free, it’s not completely free. Because Google is a huge business and doesn’t offer something for free. So, you have to pay something in return and in this case, you will share some, unknown to us, details about your browser and your website.

The following explanation has been taken from Google website, you can check it when you register your website on reCAPTCHA service page.

You acknowledge and understand that the reCAPTCHA API works by collecting hardware and software information, such as device and application data and the results of integrity checks, and sending that data to Google for analysis. Pursuant to Section 3(d) of the Google APIs Terms of Service, you agree that if you use the APIs that it is your responsibility to provide any necessary notices or consents for the collection and sharing of this data with Google. For users in the European Union, you and your API Client(s) must comply with the EU User Consent Policy currently located at

What does reCAPTCHA look like?

Sometimes you might see a bit complicated graphical reCAPTCHA with a set of images.

reCAPTCHA antispam plugin

reCAPTCHA for WordPress

reCAPTCHA antispam woocommerce

reCAPTCHA antispam wooCommerce

reCAPTCHA antispam WordPress

reCAPTCHA antispam WordPress

reCAPTCHA plugin WooCommerce

reCAPTCHA plugin WooCommerce

reCAPTCHA plugin WordPress

reCAPTCHA plugin WordPress

Last posts from WordPress security blog

I’m a self-employed developer who builds software products and services using WordPress for more that seven years. I enjoy partnering with others for interesting and challenging projects. If you’re interested in, feel free to contact me.

View Comments