Captcha or CAPTCHA is a computer-based challenge-response test that is used to determine who exactly visited the site - a person or a bot.

What is a captcha for?

Typically, captchas are used on pages with a login and password, as well as on forms for adding comments. This is why it is done. In the first case, such a check will protect the site login form from guessing passwords, and in the second case, it will prevent spam comments.

Google Captcha plugin (reCAPTCHA) by BestWebSoft

For WordPress, there are many ready-made solutions in the form of plugins that allow you to protect the site from the aforementioned malicious influence. So, among them is a fairly popular plugin. Google Captcha (reCAPTCHA) by BestWebSoft, which uses captcha from Google. It is universal, as it allows you to install a check on most sections of the site. Among them:

• registration form,
• Login form,
• password reminder form
• comment form,
• contact form,
• custom form.

So, after installing and activating the plugin, a message will appear in the admin panel that you need to get the keys for the captcha to work.

In field label you must enter a name for the test (any). You should also select the type of verification. We will use a simple check for the user, which involves confirmation by simply selecting the necessary pictures ( reCAPTCHA V2).

After selecting the type of verification, you must enter the name of the site domain, and then check the box Accept the reCAPTCHA Terms of Service and press the button Register.

After saving the settings, you will be taken to a window where you will need to copy separately (for example, to notepad) field values site key And secret key.

All the necessary keys have been received. Now we return back to the admin panel of the site and go to Google Captcha -> Settings.

Into the fields Site Key And The secret key you should enter the values ​​of the rows you saved earlier ( site key And secret key respectively). Below, in the section Enable reCaptcha for, you need to select the pages on which the check will be enabled, and then click the button Save Changes. After successfully saving the settings, you will be able to test the captcha.

If the testing was successful, then the setup is completed, and now you can go to the page you marked, on which the captcha should appear.

In this article, you will learn how to integrate Google's new reCatcha into WordPress login, comment, registration, and password recovery forms:

There are many different solutions for blocking bots. One of the most popular until recently was ReCaptcha. It displays an image with some text, and the user must enter that text. But bot algorithms are becoming more advanced, and they have learned to break this protection.

Therefore, ReCaptcha was no longer secure. In addition, the method was rather inconvenient for users. Therefore, Google developed a new solution and called it No Captcha ReCaptcha .

In this article, we'll take a look at what No Captcha ReCaptcha is, and how to create a plugin that integrates ReCaptcha into WordPress login, comment, registration, and password recovery forms.

Overview of No Captcha ReCaptcha

No Captcha ReCaptcha displays a checkbox that prompts the user to indicate that they are not a bot. This may not seem like a reliable solution, but Google's internal algorithms and methods allow you to accurately determine whether a user is a bot. The new version is more convenient and safer.

Website registration and getting keys

For users who want to install this plugin, you need to register your site to get the site key and secret key.

You must create a settings page for the plugin that allows the WordPress administrator to set the site key and secret key, which he will receive in the ReCaptcha admin panel:

function no_captcha_recaptcha_menu() ( add_menu_page("reCapatcha Options", "reCaptcha Options", "manage_options", "recaptcha-options", "recaptcha_options_page", "", 100); ) function recaptcha_options_page() ( ?>

You need to register you domain and get keys to make this plugin work.

"); echo __("Enter the key details below"); ) function display_captcha_site_key_element() ( ?> " /> " />

• We are creating a settings page in the WordPress admin panel;
• This settings page displays two fields for entering the site key and secret key;
• These keys are stored as the WordPress site_key and secret_key parameters.

Adding No Captcha ReCaptcha to WP Comment Form

We need to integrate ReCaptcha into the comment form to prevent bots from posting spam.

Create a style.css file in the plugin folder and place the following code in it:

#submit ( display: none; )

The above code hides the button " leave a comment» in the WordPress comment form. Thus, we place the ReCaptcha panel above the button " leave a comment“by inserting the ReCaptcha button and panel manually.

Below is the code for inserting ReCaptcha into the comment form:

function frontend_recaptcha_script() ( wp_register_script("recaptcha", "https://www.google.com/recaptcha/api.js"); wp_enqueue_script("recaptcha"); $plugin_url = plugin_dir_url(__FILE__); wp_enqueue_style("no- captcha-recaptcha", $plugin_url ."style.css"); ) add_action("wp_enqueue_scripts", "frontend_recaptcha_script"); function display_comment_recaptcha() ( ?>

Let's see how the above code works:

• We enqueue in the WordPress interface with the wp_enqueue_scripts action;
• We also include the style.css file with the wp_enqueue_style function;
• In the comment form, we display the checkbox with the comment_form action;
• Once a comment has been submitted, the preprocess_comment filter is called before it is added to the WordPress database. Inside the filter, we check if the user is a human or a bot. If it is a person, then a comment is returned to add it to the database. Otherwise, zero is returned to block the comment from being added to the database.

Adding No Captcha ReCaptcha to WP Login Form

We need to integrate ReCaptcha into the admin panel login form to prevent brute force bots from cracking passwords. Below is the code for integrating ReCaptcha into the login form:

function login_recaptcha_script() ( wp_register_script("recaptcha_login", "https://www.google.com/recaptcha/api.js"); wp_enqueue_script("recaptcha_login"); ) add_action("login_enqueue_scripts", "login_recaptcha_script"); function display_login_captcha() ( ?>

ERROR: You are a bot")); ) ) else ( return new WP_Error("Captcha Invalid", __(" ERROR: You are a bot. If not then enable JavaScript")); ) ) add_filter("wp_authenticate_user", "verify_login_captcha", 10, 2);

Let's see how the above code works:

• We connect Google ReCaptcha JavaScript File on the login, registration and password recovery pages using the login_enqueue_scripts action;
• Before getting the final authentication result, WordPress runs the wp_authenticate_user filter to add an extra validation step. We check if the user is a human or a bot. If it's a person, we return the user object, otherwise we return the error object.

Adding No Captcha ReCaptcha to WP Registration Form

We integrate ReCaptcha into the registration form to prevent bots from creating fake accounts. Below is the code for integration:

function display_register_captcha() ( ?>

add("Captcha Invalid", __(" ERROR: You are a bot")); ) ) else ( $errors->add("Captcha Invalid", __(" ERROR: You are a bot. If not then enable JavaScript")); ) return $errors; ) add_filter("registration_errors", "verify_registration_captcha", 10, 3);

Let's see how the above code works:

• We display the checkbox with the login_form action;
• Before getting the final authentication result, WordPress runs the registration_errors filter to add an extra validation step. Inside this filter, we check if the user is a human or a bot. If it's a human, we return an empty error object, otherwise we add padding to the error object and return it.

Adding No Captcha ReCaptcha in the password recovery form

We need to integrate ReCaptcha into the password recovery form to prevent bots from filling out this form. Below is the code for integration:

function verify_lostpassword_captcha() ( if (isset($_POST["g-recaptcha-response"])) ( $recaptcha_secret = get_option("captcha_secret_key"); $response = wp_remote_get("https://www.google.com/recaptcha /api/siteverify?secret=". $recaptcha_secret ."&response=". $_POST["g-recaptcha-response"]); $response = json_decode($response["body"], true); if (true = = $response["success"]) ( return; ) else ( wp_die(__(" ERROR: You are a bot")); ) ) else ( wp_die(__(" ERROR: You are a bot. If not then enable JavaScript")); ) return $errors; ) add_action("lostpassword_form", "display_login_captcha"); add_action("lostpassword_post", "verify_lostpassword_captcha");

Let's see how the above code works.

Captcha is a special security code that allows you to avoid spam on the site. It is added, as a rule, to various forms on the pages - registration, comments, login, etc. This allows you to weed out most of the bots that fill them automatically. The code consists of letters and numbers, which are sometimes distorted by various effects and transformations. Once I already came across captcha plugins - it was a simple Really Simple CAPTCHA for the Contact Form 7 feedback form. Today I decided to look for something for the user registration page, since one of the projects started spamming it regularly. As a result, we managed to select 5 best plugins, each of which has its own distinctive features and advantages.

Captcha by BestWebSoft

A distinctive feature (link to a detailed review) is the use of different mathematical equations. This will protect your site not only from bots, but also from inadequate and unreasonable users (who sometimes come across). Traditionally, you can set it up for any forms in the system - from registration to comments. Almost all language versions are available, including Russian. Requirements for WordPress - from version 2.9, last release - 02/08/2013 and more than 400 thousand downloads.

The main functions of the Captcha plugin: support for basic mathematical functions - addition, subtraction, multiplication, using both digital and verbal expressions. The installation is traditional, you can see the settings in the picture above. Personally, I really liked this variation of captcha, and you don’t need to peer into some distorted letters, guess what is shown in the picture, but just turn on your brain. Great module!

A great option for when you want to "test" the mental abilities of the audience. The user will have to solve a simple equation in order to pass the protection. Read more about the decision in. Of the advantages of Math Captcha, I would name compatibility with Contact Form 7, as well as the presence of a large number of settings: choosing the place where the captcha appears, the mathematical operations used, displaying the task from numbers or as text, etc.

The module is one of the simplest that I have met. Therefore, I started with it - installing and configuring the captcha took, probably, 2-3 minutes. It adds a security code to various forms of the site - registration, comments and login form. The code is displayed as simple blue characters (numbers and letters) with several lines through. "Noise" protects the picture from being recognized by different software, and it will not be so difficult for users to see the code.

After installation, in the module settings, the administrator can choose which characters and how many to use in the captcha, as well as for which forms to display. There is a localization of the plugin, so everything is easy to understand. Definitely the biggest advantage is the simplicity and speed of setup + captcha, in principle, normal. To work, you need a version of WordPress older than 3.0, the module has been downloaded about 10 thousand times, and the last update was on 01/16/2013.

WP-reCAPTCHA (closed)

In general, reCAPTCHA is a public captcha, which was once acquired by Google (if I understand correctly) and is already being developed under the wing of this online giant. This is one of the most popular scripts, which is used in many CMS and services, it is also almost the most protected from bots.

To integrate this captcha into the wordpress system, the WP-reCAPTCHA module is used. Its installation is classic, but after activation in the system you will need to get a special key. On the same page, by the way, you will find all the necessary information for developers regarding reCAPTCHA.

In the settings of the WP-reCAPTCHA module, you can choose: activation of captcha for comments and / or registration forms, appearance (theme) of captcha, language, HTML standard of the displayed code, texts of error messages. The only thing that confused me was support for WordPress version 2.9.2 and the last update at the beginning of 2012, but there were almost 400 thousand downloads.

SI CAPTCHA Anti-Spam (closed)

The SI CAPTCHA Anti-Spam plugin was most often found in different collections - as I understand it, this is the most popular captcha module. It allows you to add a security code to all (or selected) forms in WordPress - registration, forgotten password, login, comments. Works seamlessly with Akismet and also works in WPMU and .

This module uses a free Open-source development (library) called PHP CAPTCHA. The image has an abstract background, colored, distorted symbols, as well as various "noise" in the form of curves over the text. There is an "update captcha" button if it is difficult to read it.

As for the features of the SI CAPTCHA Anti-Spam plugin itself, you will find there: different settings, valid HTML code, display / display of a security code for different forms or logged in or not users (relevant when commenting). Localization supported. The module works with WordPress from 2.9 to the latest versions, the current update is 01/06/2013 and only 1.5 million downloads.

Secure CAPTCHA (not relevant)

Finally, I saved a more or less new captcha for me, which I have not yet seen - Secure CAPTCHA. The security code image uses handwritten text. Because of this, it is difficult for decryption programs to separate different letters to crack captcha, which will be understandable only to a person. In addition, for the whole word, you can use some other transformation in order to further confuse the bots.

According to the developers, due to the fact that the letters stand out well from the background, you don’t need to look too hard into the image. Although, to be honest, in some places it is still difficult for me to understand what is written there. To use this captcha, after installation and activation, you will need to register on the developers' website and get special keys. Next, in the settings, select which form you want to protect from spam. Not so many people downloaded the module - only 5200, although in general the idea is quite interesting. To work, you need a version of WordPress 3.1 and higher.

Of course, these are not all captcha plugins in WordPress, there are many more of them, and there are much more sophisticated and unusual ones - folding pictures from parts (like in puzzles), choosing a special image from those presented in captcha, etc. I mentioned in the post only those that were most often mentioned in the collections of different modules + were immediately found during the search. The first 4 are definitely a godsend, I would safely use each of them on my own and developed sites.

Hello reader! Until recently, my blog was running the Math Comment Spam Protection plugin, which implements mathematical captcha for WordPress. I must say, the plugin is very reliable and protects comments not only from spam, but also from people. Recently, a couple of letters came to the mail, written through the feedback form with complaints about the captcha in the comments. Users were asked how much would be 7 + 10? It would seem 17, but no! The WordPress captcha rejected this option and didn't skip the comment.

I did not succeed in recreating the conditions under which the captcha stopped working correctly, and therefore it was not possible to fix it. There was only one option left - to abandon Math Comment Spam Protection and start looking for a new spam protection. We'll talk about this today.

Captcha plugins for WordPress comments

1. DCaptcha - I first added this captcha to my blog right after . A very simple captcha, which boils down to the fact that a person must check the box next to the phrase "This is not spam." Only the complete absence of captcha is easier, but more on that later. Unfortunately, over time, spam began to seep in. I won't say it's a lot, but it's still not pleasant.

Installing DCaptcha in WordPress:

• Download the latest version of the plugin from the developer's site.
• Extract the archive to the current directory and upload the resulting folder to the server in the wp-content/plugins/ directory using .
• Go to the WordPress admin panel and in the "Plugins" section, activate DCaptcha.
• Set permissions to 777 on the /wp-content/plugins/dimoning.ru-captcha/num directory on the server using the same FileZilla ftp client.
• Launch your browser and enter the following in the address bar: http://vash_site.ru/wp-content/plugins/dimoning.ru-captcha/install.php (of course, substitute your website address instead of your_site.ru), press Enter.
• That's it, the DCaptcha plugin is ready to go, and the captcha will automatically appear under the comment form.

The standard inscription "This is not spam" can be changed. To do this, open the /wp-content/plugins/dimoning.ru-captcha/dimoning.ru-captcha.php file for editing. Using the standard search (ctrl + f), find the line

Replace the text with any other. In addition, styles can be added to it to make it stand out and more visible to users.

is one of the best character captchas for WordPress. As follows:

As you can see, it is not difficult for a person to recognize symbols. What are the advantages of Captcha Code:

• Very simple captcha installation: download the Captcha Code plugin, upload it to the server and activate it through the WP admin panel. In the settings, we tick off where the captcha will be used - on the Login, Registration and Password Recovery pages, in the form of comments. No additional code needs to be added to the templates of the WP theme you are using.
• There are few settings and they are all in Russian.
• Adjustable captcha difficulty — set the number of characters and what kind they are (lowercase and uppercase letters, numbers).

3. WP-reCAPTCHA - captcha from Google. Very reliable, but very difficult. It will scare away not only bots, but also all users. Although, it is found on many sites on the Internet, so I personally have already got used to it. As follows:

For the plugin to work, you must register on the service. www.google.com/recaptcha and get private and public keys. Note that you need to have a Google account to do this. You can create it. It does not take a lot of time.

Getting the treasured keys is very simple, just take three small steps:

1. Use the "USE reCAPTCHA ON YOUR SITE" button to start registration.

2. On the next page, click on the "Sing up Now!" button.

3. Specify the address of your blog and generate keys by pressing the "Create key" button. You can also check the box next to "Enable this key on all domains (global key)", this will allow you to use the received keys on all sites, and not just on one specified.

4. - not quite a standard captcha, it is a simple logical task - all pictures must be placed vertically.

The plugin is installed by default. The only condition for the captcha to work is that the following line of code is used in the comments.php template:

ID); ?>

It is to her that the captcha is attached, therefore, by changing its location in the template, you will change the place where the captcha is displayed in the comment form. If the captcha is still not displayed, you should set permissions to 777 on the folder with pictures.

Unfortunately, the plugin will have to be Russified manually, although this should not take much time. Open the plugin file not-captcha.php for editing and replace the English expressions with similar Russian ones.

5. - another alternative captcha with pictures, only in it you need to select an image that matches the question being asked.

The plugin supports both English and Russian, which is a definite plus. After activating the plugin, captcha in WordPress comments is added automatically. If this does not happen, then in the CheckBot settings, in the "The method of connecting plugin" item, select "Manual". In the comments.php template, in the place where you want to see the captcha, add the following line of code:

Personally, captchas with pictures terribly annoy me, I am much more tolerant of standard captchas, where you need to enter characters from an image.

Installing ReCaptcha on your website can be a great way to protect yourself from spambots. Thanks to this, you can protect your project from spam comments or registrations by bots. In this article, you will learn how to install this type of captcha on your website using a WordPress plugin.

ReCaptcha security technology is owned by Google Corporation. In most cases, such a captcha is much easier for the user, since it only requires a check mark - the system will check whether it is a robot or not. In some cases, the user will be required to pass a light test.

ReCaptcha to a site with the Advanced noCaptcha reCaptcha plugin

To get started, download the Advanced noCaptcha reCaptcha plugin for yourself from the link below.

Install the plugin on your site and activate. After that, a new item "Advanced noCaptcha" will appear in the console. Go into it.

You should start by getting the "Site Key" and "Secret key", which you need to enter in the appropriate fields in the plugin settings.

To get this information, go to here(you must be logged into Google). You will see a form that you need to fill out: in the "Name" field, write down the name of your project, in the "Domains" field - the website address. I also recommend leaving the “Send notifications to owners” checkbox, this will allow you to receive notifications if there is a suspiciously active bot attack or some errors occur.

After filling out the form, click "Register".

On the next page, you will get the two codes you need for the plugin to install ReCaptcha on your site. From the "Keys" section, copy the code from the "Key" field and paste it in the plugin settings in the "Site Key" field.

Then copy the code from the "Secret key" field and paste it in the plugin settings in the "Secret key" field.

• language. I recommend leaving the ReCaptcha language on the site by default - “Auto detected”, that is, it will be detected automatically.
• theme. There are two types of ReCaptcha design - light and dark. Choose something to match the color of your website design.
• size. There are two types of sizes - normal and compact. Also choose according to your design.
• error message. The error message is better translated into Russian. For example, instead of what is written there by default, you can specify " ERROR!: Please complete the captcha correctly. Or something similar at your discretion.
• Show captcha on. You can configure which forms will display ReCaptcha on the site, for example, forms for authorization, registration, password reset, commenting, forms of BBPress and WooComerce plugins are also supported.