WordPress Security How To
WordPress Security How To

How to set up reCAPTCHA

How to set up reCAPTCHA for WordPress and WooCommerce registration, reset password and login forms. Stop spam comments with invisible reCAPTCHA.


What is reCAPTCHA and how does it work?

reCaptcha by Google

reCaptcha widget by Google

reCAPTCHA is a human verification mechanism that provides a free anti-spam service. It can be used along with the WP Cerber anti-spam engine.

When reCAPTCHA is configured for a form on your website, a couple of JavaScript scripts are loaded from Google’s servers every time the web page with the form is being displayed. If you have enabled a visible version, those scripts will display a reCAPTCHA widget inside the form. With invisible reCAPTCHA, those scripts will display a reCAPTCHA badge at the corner of a browser screen.

Every time a user submits the form with reCAPTCHA, the WP Cerber plugin makes an HTTP request to Google’s server to make sure that the form has been submitted by a human, not a bot. If Google’s server replies with negative “No it ‘s a bot”, further processing of the form will be interrupted and the user sees the message: ERROR: Human verification failed. Please click the square box in the reCAPTCHA block below.

By the way: Why reCAPTCHA does not protect WordPress from brute-force attacks.

Configuring reCAPTCHA for WordPress forms

You can easily set up reCAPTCHA on a website having the WP Cerber Security plugin installed. Before you can start using reCAPTCHA on any website, you have to obtain a Site key and a Secret key on the Google website for your website.

Note: currently WP Cerber supports reCAPTCHA v2 only.

Register your website and get both reCAPTCHA keys here: https://www.google.com/recaptcha/admin

Note: If you are going to use an invisible version, you must get and use Site key and a Secret key for the invisible version only.

  1. After keys have been created for you, go to the reCAPTCHA settings page of the WP Cerber plugin. It’s located under the Anti-spam menu.
  2. Copy keys to the appropriate fields in the reCAPTCHA settings.
  3. Check checkboxes for all forms you want to be protected with reCAPTCHA.
  4. Make sure that the reCAPTCHA widget is displayed correctly.
  5. Done!

reCAPTCHA for WooCommerce

Important note for WooCommerce users: you cannot enable and use two visible reCAPTCHA widgets (for two forms) on the same page. Only one widget per page is allowed. So, if you have two forms on the same page, choose only one, more important form or use the invisible version. Alternatively, you can configure Cerber’s anti-spam engine which doesn’t have such limitations.

reCAPTCHA for WordPress comment forms

If you need to align the visible reCAPTCHA widget, use a custom CSS style with site Customizer.

  1. To get to the WordPress Customizer, navigate to Appearance / Customize menu from your WordPress dashboard. You will be taken directly to the Customizer interface, with your theme preview on the right, and the Customizer menu on the left. Scroll down and click
  2. Scroll down and click Additional CSS.
  3. Enter the following CSS code to align the reCAPTCHA widget to the right.
#cerber-recaptcha > div {
 text-align: right;
 width: auto !important;
 height: auto !important;
}

Note: When editing CSS style in the site Customizer, your changes will automatically be applied to the preview window, but they won’t actually be saved until you click the Save & Publish button.

Is there an alternative to reCAPTCHA?

Cerber’s anti-spam and bot detection engine is a great alternative to Google’s reCAPTCHA. This engine protects WordPress comment forms and is capable to protect virtually all contact and registration forms on a website. Unlike reCAPTCHA that sends visitors’ data to Google’s servers, the engine process all data locally on the website, which makes it easier to comply with GDPR and prevents leakage of sensitive and personal data.

The anti-spam engine tested with Caldera Forms, Gravity Forms, Contact Form 7, Ninja Forms, Formidable Forms, Fast Secure Contact Form, Contact Form by WPForms.

Troubleshooting reCAPTCHA

First of all, inspect the Activity tab. If you see the message “reCAPTCHA settings are incorrect”, that means your key and secret are not correct and have not been recognized by Google’s server.

If you see the message “Request to the Google reCAPTCHA service failed”, that means that your web server is unable to connect to Google’s server. Ask hosting your provider for help. Most likely your hosting provider blocks outgoing HTTP requests from your website by using a firewall.

Disadvantages of reCAPTCHA

Some website owners have a negative experience with reCAPTCHA. From time to time we get complains about broken layout on forms. Sometimes the layout of a page conflicts with styles of the reCAPTCHA widget. If you have such an unpleasant experience let us know or enable Cerber’s anti-spam engine instead.

Be aware

Although Google offers this service for free, in fact, it’s not completely free. Google is a huge business and normally doesn’t offer something for free. So, you have to pay something in return and in this case, you share some, known to Google only, details about your visitors’ browsers and your website.

The following explanation has been taken from Google’s website; you can check it when you register your website on the reCAPTCHA service page.

You acknowledge and understand that the reCAPTCHA API works by collecting hardware and software information, such as device and application data and the results of integrity checks, and sending that data to Google for analysis. Pursuant to Section 3(d) of the Google APIs Terms of Service, you agree that if you use the APIs that it is your responsibility to provide any necessary notices or consents for the collection and sharing of this data with Google. For users in the European Union, you and your API Client(s) must comply with the EU User Consent Policy currently located at

What does reCAPTCHA look like?

From time to time, your users come across a bit complicated graphical reCAPTCHA with a set of pictures. That means Google wants to get help with training Google AI (a neural network) to recognize objects on photos which they took on streets. In this case, the user has to select proper images according to the explanation above them.

reCAPTCHA antispam plugin

reCAPTCHA for WordPress

reCAPTCHA antispam woocommerce

reCAPTCHA as anti-spam for WooCommerce

reCAPTCHA antispam WordPress

reCAPTCHA for WordPress comment form

reCAPTCHA plugin WooCommerce

reCAPTCHA plugin for WooCommerce

reCAPTCHA plugin WordPress

reCAPTCHA anti-spam plugin for WordPress

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.

Spotted a bug or glitch?

We’d love to fix it! Share your bug discoveries with us here: Bug Report.


I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments