How to Add CAPTCHA and reCAPTCHA to WordPress

Implementing a CAPTCHA or reCAPTCHA system is a highly effective way to protect your WordPress website or ecommerce business from spam and bots, which is crucial for ensuring online security.

All that sounds great, but the effort involved in solving a CAPTCHA often results in reduced conversions. According to Moz, including a CAPTCHA could result in a loss of 3.2% of conversions. Yikes!

That’s why today, we’ll explain the problem with the traditional CAPTCHA setup, offer a stand-out alternative, and provide steps to add CAPTCHA and reCAPTCHA to your WordPress site, if that’s still the route you feel most comfortable with.

After following this guide, your website will be safer and more secure for your visitors.

Let’s get started!

The problem with traditional CAPTCHA solutions

While CAPTCHA systems have been widely adopted for their ability to prevent spam and bot activity, they do come with a number of drawbacks. Make sure you’re aware of these downsides before you use a WordPress CAPTCHA plugin. 

1. They’re challenging for those with visual impairments

Traditional CAPTCHA systems often rely on distorted images of text, making it difficult for users with visual impairments to solve them. This can lead to accessibility issues and discourage visitors from interacting with your site.

example of a CAPTCHA asking the user to select squares with red spheres

2. They create a frustrating experience 

CAPTCHAs can be frustrating and time-consuming to solve, particularly when the distorted text is difficult to read. This annoyance can cause people to leave your site without completing their intended action, such as submitting a form or making a purchase. Sometimes, visitors may even have to solve multiple CAPTCHAs — a real test of endurance.

3. They can generate false positives

CAPTCHA systems can sometimes incorrectly identify real human users as bots, preventing them from accessing your site or submitting forms. This can lead to a loss of leads, customers, or subscribers.

4. They’re easily bypassed by sophisticated bots

As bots become more advanced, they’re increasingly able to bypass traditional CAPTCHA systems, rendering them less effective at preventing spam and malicious activity on your site.

5. They can create a negative user experience

Implementing CAPTCHA systems can negatively impact your site’s user experience, particularly when the CAPTCHAs are overly complex or difficult to solve. This can lead to lower visitor satisfaction and, ultimately, decreased engagement and conversions.

6. They can lead to lower conversion rates

As mentioned above, the frustrating experience of solving CAPTCHAs can lead to users abandoning your site before completing their intended actions. This can result in lower conversion rates for your business.

7. They can cause higher page load times

Implementing CAPTCHA systems can also contribute to slower page load times, as they often require additional resources and scripts to load. This can negatively impact your site’s performance and search engine rankings.

Given these challenges, it’s important to find a solution that’s both effective at preventing spam and bots, while also providing a positive user experience. That’s where Akismet comes in to save the day.

How does Akismet address these issues?

Akismet addresses the shortcomings of traditional CAPTCHA systems by employing advanced algorithms and a continuously-updated database of spam signatures. It can effectively identify and block spam and malicious activity without any user input and without annoying barriers for site visitors. 

The result is enhanced accessibility, a superior user experience, and fewer false positives. 

Even the most sophisticated bots can be identified and blocked by Akismet due to its advanced spam detection technology and constantly-updated database. By staying ahead of emerging threats, Akismet ensures your online presence remains secure and your valuable content and data are safeguarded.

The benefits of using Akismet over CAPTCHA

Given the challenges associated with traditional CAPTCHA solutions, Akismet presents several benefits that make it a compelling and superior alternative for WordPress site owners.

1. Greater user-friendliness

Akismet doesn’t require users to solve puzzles or enter codes, ensuring a more pleasant and frustration-free browsing experience. It operates seamlessly in the background, allowing visitors to focus on your content and offerings without any distractions or interruptions.

2. Improved accessibility for all users

Akismet can be used by people with vision impairments because it doesn’t use visual puzzles to block spam and bots. This approach makes sure that your website is user-friendly and welcoming to a diverse audience, creating a positive online environment for everyone.

3. Greater accuracy in spam detection

Akismet uses advanced algorithms and a vast database of spam signatures to minimize false positives. This means that genuine users can access and interact with your site without being mistakenly identified as bots. This accurate spam detection helps build a trustworthy online presence and improve user experiences.

4. Robust effectiveness against malicious activity

Akismet is highly effective at identifying and blocking spam and malicious activity, including sophisticated bots that can bypass traditional CAPTCHA systems. Its constantly-updated database and advanced spam detection technology ensure your website remains secure and protected from emerging threats.

5. Optimized performance and load times

Akismet runs in the background and won’t slow down your website by using extra data or running unnecessary scripts. This means your website will stay fast and responsive for your visitors, which can help improve your search engine rankings and create a great browsing experience.

If this sounds like a solid prospect, you’ll be delighted to hear that we’re discussing how to install and set up Akismet on WordPress next.

How to add Akismet to WordPress

Incorporating Akismet into WordPress comment and contact forms is a breeze, and you can accomplish it in just a few steps. However, the procedure might differ slightly depending on the contact form or plugin you’re using. Let’s explore how it’s done!

Step 1: Install the Akismet plugin

Akismet can be used for free to get rid of spam comments and harmful form submissions on your non-commercial site. Websites run for commercial purposes can choose from several affordable premium options.

First, install and activate the plugin.

To do this, log in to your WordPress dashboard, go to the Plugins tab, click Add New, and search for it. The plugin is usually included in the top “Featured” list.

finding Akismet in the WordPress repository

To install the plugin, click on Install Now and then Activate. After activation, go to Settings and select Akismet Anti-Spam. Under Settings, locate the API key field.

You can get the key by going to the Akismet website and creating an account. 

Aksimet homepage with the text, "Spam shall not pass"

Once you finish the signup process on the website, log in to your new account then locate My Account and choose Add Subscription.

You can select your desired plan next. The Personal plan is free for individual website use if your site is considered “non-commercial.”

After registering, you’ll receive an API key in the My Account section. Copy this key and then navigate to the WordPress dashboard’s Settings → Akismet Anti-Spam screen. Next, paste the key into the API Key field.

Akismet settings in WordPress

Click on Save Changes to finish.

Akismet will automatically filter comment spam and put it in a queue for review on the dashboard. But if you want it to work on your contact form(s), you’ll need to complete another step.

Step 2: Add Akismet to your contact form

By default, WordPress does not have a contact form feature. Therefore, you’ll need to use plugins to include contact forms on their sites. The method to add these forms will vary based on the plugin being used.

Some popular contact form plugins, including Jetpack, already have Akismet support built-in. 

Other plugins necessitate setting up Akismet add-ons to incorporate spam protection into their forms. Gravity Forms is the most popular example of this.

Still other WordPress plugins like Contact Form 7 require a code snippet to add Akismet support.

Thankfully, it’s easy to configure Akismet on your contact forms, no matter which method you choose.

Step 3: Set up the anti-spam settings in Akismet

Akismet is very much a set-it-and-forget-it type of tool. Just install, activate, and you’re basically done. But it also allows you to control how to handle contact form spam a bit more precisely.

The plugin is configured, by default, to send flagged comments to a holding queue located in the Comments section of the WordPress dashboard so that you can review them later. You can also set up Akismet to delete spam entirely.

If this sounds appealing, just go to Settings → Akismet Anti-Spam and locate the Settings

Scroll down to the section called Strictness.

Strictness settings for Akismet

Akismet is good at identifying which messages are spam and which ones are legitimate, which means you can delete the spam messages from your contact form without worry. However, if you want to keep all messages, you can select the option to Always put spam in the Spam folder for review.

Remember that Akismet stores spam comments for 15 days before they’re deleted. So, if you go for this option, review your queue regularly.

Still want to use CAPTCHA?

Although we suggest using Akismet due to its ease-of-use and success in blocking spam and bots, we realize that certain users may still want to learn how to add CAPTCHA to WordPress. This section will provide clear instructions on how to integrate both CAPTCHA and reCAPTCHA into a WordPress contact form.

1. How to add CAPTCHA to a WordPress contact form

Although most well-known contact form plugins include CAPTCHA functionality, you can also manually incorporate CAPTCHA into any form element on WordPress that’s being misused. This not only includes contact forms, but also comment forms, user registration pages, login pages, and opt-in forms.

Step 1: Install and activate the Friendly CAPTCHA for WordPress plugin

For the purposes of this tutorial, we’re using the Friendly CAPTCHA for WordPress plugins, though there are other options available. 

Go to your WordPress dashboard then to Plugins → Add New and search for the plugin by name.

Friendly Captcha for WordPress plugin

Once you locate it, click Install → Activate.

Step 2: Add the site key and secret key

To input your Site key and Secret key, locate Friendly Captcha in the dashboard, then click Settings.

Then go to the Friendly Captcha website and create an account. Pick a plan, then copy your site key. 

creating a Friendly Captcha account

Go back to your WordPress installation and paste in the Site key in the appropriate field. Then go back to your account on the website and generate an API key by typing in a name for it then clicking Create API Key. 

creating an API key

Step 3: Finish configuring settings

For this tutorial, please select the comment form box to enable forms and keep all other settings at their default values to configure the remaining options based on your preferences.

Step 4: Save and view

Once you’re done making changes, click Save Changes, then visit a live blog post to verify the comment form is working as intended.

2. How to add reCAPTCHA to a WordPress contact form

Google reCAPTCHA adds an extra layer of protection to your contact forms, using a two-step verification process. This tool can help stop bots and spammers, as they’ll need to pass the reCAPTCHA test. You can use a WordPress CAPTCHA plugin to get the job done. Here’s how you can incorporate it into your WordPress contact form:

Step 1: Install and activate a WordPress reCAPTCHA plugin

First, install and activate the Simple Google reCAPTCHA plugin. Just search for it by name under Plugins → Add New. Then click Install → Activate.

the Simple Google reCAPTCHA plugin

After activation, navigate to Settings → Google reCAPTCHA to configure the plugin settings.

Step 2: Configure the plugin settings

The plugin will prompt you to enter Google reCAPTCHA keys. You can obtain these keys for free from the official reCAPTCHA website by clicking the register your domain link at the top of the page.

warning to register your domain

Step 3: Obtain reCAPTCHA API keys by registering your website

The register your domain link directs you to the Google reCAPTCHA website, where you can register your site to work with reCAPTCHA.

Sign in with your Google account, and you’ll see the Register a new site page. Enter the necessary basic information to register your site.

registering a site with Google

In the Label field, input your website name or any name of your choice to help you identify your site later.

Step 4: Add a new site

Next, choose the reCAPTCHA V2 radio button to reveal two new options.

options for reCAPTCHA type

To add the reCAPTCHA checkbox to your site, select the first option, I’m not a robot checkbox.

In the Domains text box, add the domain name of your website.

You can also add multiple domains or subdomains by clicking the plus + icon, enabling you to use the same API keys across different websites.

Step 5: Add domain and email to your reCAPTCHA site

Google will automatically add your email address under Owners. You can also add another email if desired. Then accept the terms of service.

Select the Send alerts to owners checkbox to allow Google to send emails if they detect any misconfigurations or suspicious activity.

Step 6: Submit and register your WordPress site

After completing the form, click Submit to register your site.

Google reCAPTCHA will display a success message, along with the site key and secret key.

Use these API Keys in your website’s plugin settings.

Navigate to Settings → Google reCAPTCHA from your WordPress dashboard.

On the Settings page, paste the site key and secret key.

creating Google reCAPTCHA keys

The plugin will incorporate reCAPTCHA verification into the WordPress comment form, registration form, reset password form, new password form, and login form.

You can disable reCAPTCHA on the login form by selecting the appropriate checkbox.

Remember to click Save Changes to store the API keys and activate reCAPTCHA.

You have now successfully added reCAPTCHA to your WordPress comment form. Check the comment section of your blog posts to ensure it’s working correctly.

So now you know how to add CAPTCHA or reCAPTCHA to your WordPress contact forms. Although these options can reduce spam and bot activity, we suggest using Akismet instead because it is easy to use, more accessible, and effective against advanced bots.

Regardless of the solution you choose, however, keeping your WordPress site secure from spam and malicious activity is crucial for maintaining a positive user experience, safeguarding your online presence, and protecting your reputation.

Frequently asked questions about CAPTCHA and reCAPTCHA

Still curious about CAPTCHA, reCAPTCHA, and how to safeguard the contact forms on your website? Let’s take a look at some answers to the most commonly asked questions on the subject.

What is CAPTCHA?

CAPTCHA, which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”, is a security measure used on websites to prevent automated bots from submitting forms, leaving comments, or performing other actions that should only be done by human users. CAPTCHAs typically require users to solve visual puzzles — such as identifying distorted text or selecting specific images — to prove that they’re not bots.

What is reCAPTCHA?

reCAPTCHA is a more advanced version of CAPTCHA developed by Google. It improves upon traditional CAPTCHA systems by incorporating machine learning and advanced risk analysis techniques to better differentiate between human users and bots. reCAPTCHA is designed to be more user-friendly, with some versions requiring people only to click a checkbox.

I'm not a robot checkbox

What is Akismet?

Akismet is a powerful anti-spam solution for WordPress websites, developed by Automattic, the company behind It uses advanced algorithms and a continuously-updated database of spam signatures to identify and block spam comments and form submissions, without requiring user input or creating accessibility barriers. Akismet operates in the background (kind of like an invisible CAPTCHA, in a sense), providing a seamless and user-friendly browsing experience.

Is Akismet better than CAPTCHA and reCAPTCHA?

While each solution has its own advantages, Akismet is generally considered more user-friendly and accessible compared to CAPTCHA and reCAPTCHA. It doesn’t require users to solve puzzles or enter codes, making it easier for those with visual impairments and providing a smoother browsing experience overall. Akismet is also highly effective at blocking spam and bots, even as they evolve and become more sophisticated.

Does Akismet integrate with contact form plugins like Contact Form 7?

Yes, Akismet integrates with many popular WordPress contact form plugins, including Contact Form 7. By connecting Akismet to your contact form plugin, you can effectively protect your forms from spam submissions without the need for CAPTCHA or reCAPTCHA.

What are real-world examples of sites using Akismet?

Akismet is trusted by over 100 million websites worldwide, including well-known enterprise brands such as Microsoft, ConvertKit, and Bluehost. Its widespread adoption and use by major companies serve as strong social proof for its effectiveness in preventing spam and ensuring a secure, user-friendly online experience. 

Should you choose Akismet for your contact and registration forms, you’ll be in good company, joining millions of other websites that have successfully protected their online presence from spam and malicious activity.

Akismet: Non-intrusive spam protection for WordPress 

To keep your WordPress site free from spam and bots while ensuring a good user experience and accessibility, you should use Akismet. It offers an effective way to combat spam that doesn’t disrupt your site visitors’ browsing experience.

If you add Akismet to your WordPress site, it will use complex calculations and a big collection of spam markers to keep your site safe from unwanted content. In addition, it integrates smoothly with well-known tools for contact forms, making sure that everyone can use your website securely and without hassle.

While CAPTCHA and reCAPTCHA may still be preferred by some, Akismet stands out as a user-friendly, effective, and accessible alternative for securing your WordPress contact forms against spam and bots. And by choosing Akismet, you’re investing in the success of your online presence and ensuring a pleasant experience for your visitors, which is definitely worth prioritizing.