Setup Google reCAPTCHA or hCaptcha for use across Shield

Note: The option to use Google reCAPTCHA and hCAPTCHA for login/lost password/registration forms has been deprecated. This option is replaced with the AntiBot Detection Engine and completely removed since Shield v18.5.

CAPTCHA works by offering a checkbox that the visitor needs to click. For example, Google reCaptcha sends off various data to Google who then respond with success or failure. In the event that they’re "not sure", you’ll get a popup window that asks you to complete a simple question.

After answering the question provided, you’ll be verified and you’ll be able to submit the form as normal.

Example: How to enable Google reCAPTCHA for use across Shield

There are 2 steps necessary to complete before you can make full use of Google reCAPTCHA across Shield:

  1. Register for Google reCAPTCHA keys
  2. Enter your "Site" and "Secret" keys for use throughout the Shield

Register for Google reCAPTCHA keys

To register for Google reCAPTCHA keys, follow these steps:

  1. Go here
  2. Enter a label for these keys – something that you will recognise
  3. Select reCAPTCHA type V2
    Important: We currently do not support reCAPTCHA V3
  4. Enter all your WordPress domains in the large text area – 1 per line
    Important: You must specify a list of domains for each set of reCAPTCHA keys and then click Submit.

You’ll then be presented with a screen displaying your reCAPTCHA Secret and reCAPTCHA Site Keys.

Enter your reCaptcha "Site" and "Secret" keys for use throughout the Shield

After creating your keys, go to Config > General Settings > CAPTCHA > Select reCaptcha v2 and style > and enter your registered "Site" and "Secret" keys:

You are now ready to turn on Google reCAPTCHA across your site. 

For login protection, look under the Login Guard module > Depreciated > CAPTCHA, and you’ll see the option to enable reCAPTCHA for login protection.

Note: Apart from the standard Google reCAPTCHA, you are able to choose your own theme/style ("dark theme", "light theme", "invisible recaptcha").

Important: Some forms are more dynamic than others so if you experience problems, please use non-Invisible reCAPTCHA.

If you plan to use "Invisible reCAPTCHA" style it might happen that you see this error message when you try to login:

This message will be displayed at the bottom right corner of the screen and you will be unable to login. To prevent this, when registering for Google reCAPTCHA keys make sure you choose Google reCAPTCHA type that supports invisible reCAPTCHA:

Another error you could get is this:

This error suggests that you haven't added the domain name of your site into your reCAPTCHA dashboard for those particular set of keys. You must specify a list of domains for each set of reCAPTCHA keys, for example:

Important: To setup CAPTCHA to use across Shield and to avoid CAPTCHA errors, always make sure that

  1. Your keys are correct (valid)
  2. You have not mixed-up the site key and the secret key Order
  3. You don't use Google reCAPTCHA V3, which is not supported by Shield
  4. You specified a list of domains for each set of captcha keys

Note: If you get locked out due to CAPTCHA, please follow the guide outlined in the article here

For more information on Google reCAPTCHA, visit Google Blog here.