Setup Google reCAPTCHA or hCaptcha for use across Shield
CAPTCHA works by offering a checkbox that the visitor needs to click. For example, Google reCaptcha sends off various data to Google who then respond with success or failure. In the event that they’re “not sure”, you’ll get a popup window that asks you to complete a simple question.
After answering the question provided, you’ll be verified and you’ll be able to submit the form as normal.
Example: How to enable Google reCAPTCHA for use across Shield
There are 2 steps necessary to complete before you can make full use of Google reCAPTCHA across Shield:
- Register for Google reCAPTCHA keys
- Enter your "Site" and "Secret" keys for use throughout the Shield
Register for Google reCAPTCHA keys
To register for Google reCAPTCHA keys, follow these steps:
- Go here
- Enter a label for these keys – something that you will recognise
- Select reCAPTCHA type V2
Important: We currently do not support reCAPTCHA V3
- Enter all your WordPress domains in the large text area – 1 per line
Important: You must specify a list of domains for each set of reCAPTCHA keys and then click Submit.
You’ll then be presented with a screen displaying your reCAPTCHA Secret and reCAPTCHA Site Keys.
Enter your reCaptcha "Site" and "Secret" keys for use throughout the Shield
After creating your keys, go to the Shield => Configuration => General Settings => CAPTCHA => Select reCaptcha v2 and style => and enter your registered "Site" and "Secret" keys:
You are now ready to turn on Google reCAPTCHA across your site.
For comment SPAM, look under the "Comments SPAM" module => CAPTCHA, and you’ll see the option to enable reCAPTCHA for comments.
For login protection, look under the "Login Guard" module => CAPTCHA, and you’ll see the option to enable reCAPTCHA for login protection.
Note: Apart from the standard Google reCAPTCHA, you are now able to choose your own theme/style ("dark theme", "light theme", "invisible recaptcha").
Important: Some forms are more dynamic than others so if you experience problems, please use non-Invisible reCAPTCHA.
If you plan to use "Invisible reCAPTCHA" style it might happen that you see this error message when you try to login:
This message will be displayed at the bottom right corner of the screen , and you will be unable to login. To prevent this, when registering for Google reCAPTCHA keys make sure you choose Google reCAPTCHA type that supports invisible reCAPTCHA:
Another error you could get is this:
This error suggests that you haven't added the domain name of your site into your reCAPTCHA dashboard for those particular set of keys. You must specify a list of domains for each set of reCAPTCHA keys, for example:
Important: To setup CAPTCHA to use across Shield and to avoid CAPTCHA errors, always make sure that
- Your keys are correct (valid)
- You have not mixed-up the site key and the secret key Order
- You don't use Google reCAPTCHA V3, which is not supported by Shield
- You specified a list of domains for each set of captcha keys
Note: If you get locked out due to CAPTCHA, please follow the guide outlined in the article here.
For more information on Google reCAPTCHA, visit Google Blog here.