Add Google reCAPTCHA to your WordPress sign-up form to prevent spam entries

Prevent malicious bots from abusing your WordPress sign-up form with fake sign-ups by installing Google reCAPTCHA

A simple precaution to prevent fraudulent sign-ups through your WordPress sign-up form is to add Google ReCAPTCHA. This adds an, "I'm not a robot" checkbox to the bottom of your form, which ensures everyone who signs up for your list is a real person.

• Why Google reCATPCHA is a good idea for your sign-up form
• How to install the reCAPTCHA in your sign-up form

Why Google reCATPCHA is good idea for your sign-up form

A bot is just a computer program that performs a repetitive task over the internet. Though not all bots are bad, malicious bots are designed with the intent to disrupt or cause harm. For example, a bot could exploit a contact sign-up form to create hundreds or thousands of fake email list sign-ups to bog down the system and cause you an administrative headache trying to weed out the valid email addresses from the bad ones.

If you're using the Constant Contact Forms plugin in your WordPress account, there is a hidden "honeypot field" included in the form that isn't visible to people, but bots can see it. If the hidden field is filled in, Constant Contact rejects the form submission. The "honeypot field" isn't a foolproof method, but it does a good job of combating false sign-ups. Adding Google reCAPTCHA gives you an extra layer of protection against malicious bots.

How to install Google reCAPTCHA in your sign-up form

You need to have a Google account to use Google reCAPTCHA. If you don't have one, sign up for one: it's free.

1. Go to http://www.google.com/recaptcha/admin.
2. Log into your Google account and click Next.
   
   
    
3. Because you can create multiple reCAPTCHAs for different parts of your website, give your reCAPTCHA a name so you know where it lives.
   Note: If you already connected reCAPTCHA to a website, click the + at the top of the reCAPTCHA Analytics page to add another.
4. Select "reCAPTCHA v3."
5. Enter your website domain. If you have multiple domains, add each one on their own line.
6. (Optional) Add the email addresses for additional website owners.
7. Read the terms of use and check the box to accept them.
8. (Optional) Check the box to send alerts to the email addresses provided in step 6.
9. Click SUBMIT.
   
   
    
10. Copy the Site Key and Secret Key.
    Tip: Having a second browser window open for your WordPress account makes the copying and pasting much easier!
    
    
     
11. In WordPress, open the dashboard for your website and click Contact Form > Settings.
12. Click the Spam Control tab.
13. Select "Version 3."
14. In the Google reCAPTCHA section, paste the Site Key and Secret Key into their fields.
15. Click Save Changes.
    
    
    
     

Your sign-up form now has the "I'm not a robot" reCAPTCHA checkbox at the bottom, and can't be submitted until the box is checked.

To remove Google reCAPTCHA from your WordPress Sign-up Form, return to the Spam Control tab, delete the site key and secret key so that the boxes are blank, and then click Save Changes.

Any links we provide from non-Constant Contact sites or information about non-Constant Contact products or services are provided as a courtesy and should not be construed as an endorsement by Constant Contact.

Questions?