Protecting a WordPress Contact Form with reCAPTCHA

Having a contact form is one of the most important pages a web site can have. It enables you to receive communication for your audience or customers without having to provide a specific email address. Publishing an email address on your site while simple to implement and low-tech makes it easy for the email address to be harvested by site scraping tools used by spammers. A web based contact form solves this but it too can be exploited by automated bots or malicious visitors unless you implement an interactive mechanism like reCAPTCHA to validate form submissions. In this walk-through I will demonstrate how to setup a WordPress contact form using the free plugin Contact Form by WPForms and Google reCAPTCHA which is free too.

image

 

Setting up Google reCAPTCHA

Before setting up Contact Form by WPForms you should first configure a free reCAPTCHA account at Google reCAPTCHA. Click the Admin console button on the welcome page. After you login to your Google account you will be prompted to register the site where you plan to utilize reCAPTCHA.  Enter a name your site, select which version of reCAPTCHA you want to use, enter your domain name, accept the Terms of Service, and then click Submit.  ReCAPTCHA v2 will display series of pictures for validation to anyone attempting to submit your contact form. ReCAPTCHA v3 does not present any pictures during the validation process.

image

 

Once you have registered your domain name in the reCAPTCHA system you will be able to copy the reCAPTCHA site key and secret key. These keys will need to entered into the WPForms plugin settings from the WordPress admin Dashboard. Copy them into the Windows clipboard or Notepad to keep them handy.

image

 

Configuring Contact Form by WPForms with reCAPTCHA

Before you can configure a WordPress contact form you need to ensure your site’s SMTP settings are properly configured. Using  the free plugin WP Mail SMTP by WPforms makes it incredibly easy to configure WordPress SMTP settings.  This walk-through assumes you already have your SMTP settings configured.

image

 

Both Contact Form by WPForms and WP Mail SMTP by WPforms can be installed from your WordPress admin Dashboard. Simply search for them them in the WordPress Plugin Directory and then click Install Now for each. After they have been installed click the Activate button on the plugin properties.

image

 

After you activate Contact Form by WPForms click on the plugin settings menu. Do this before you configure your first form.  From there you will see another menu item for reCAPTCHA. Click on it.

image

 

Now you can cut and paste the reCAPTCHA keys you saved earlier. Match the Type of reCAPTCHA you originally configured and then click Save.

image

 

Create a new contact form

After closing the reCAPTCHA settings, click on the WPForms menu. You should see something like the image below. Click Add New.

 

image

 

On the form’s Setup screen click Create Simple Contact Form.

image

 

On the next screen you will manage the various properties of the new contact form. Click the Settings menu. At the bottom of the General settings you will see the option to Enable Google Checkbox v2 reCAPTCHA. Click the checkbox next to it and then save the form. The contact form is ready for action. Simply embed the form’s shortcode in a WordPress page start using it.

image

 

Testing the contact form with reCAPTCHA

When you browse your site’s new contact page you will be required to prove you’re not a robot by clicking the reCAPTCHA checkbox before you can submit the form.

image

 

If there is any question about your authenticity you will be prompted to manually select a series of photos before continuing. If the validation isn’t completed properly the form will not be submitted.

image

Once the reCAPTCHA process is satisfied that you’re a real person the contact form will be allowed to be submitted.

 

In Summary

Having a contact form on your web site is great way to receive communication from your audience or customers however you have to make sure it’s not misused by automated bots or malicious visitors. The free WordPress plugin Contact Form by WPForms makes it easy to protect your contact form using Google reCAPTCHA to ensure only real people are using it. Thanks for reading!

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website