Website spam is something that every site owner needs to deal with on a daily basis. It may not be much if your site is new, but you'll find that spam grows exponentially, the bigger you get. There are all kinds of spam - from the (mostly) harmless bots that crawl your site looking to scrape e-mail IDs, to the more dangerous kind that attempts to log into your website by taking advantage of known weak links like easy passwords.
The process of determining who is a bot and who isn't is like a nuclear arms race. Hackers are always trying to beat the latest techniques. So whatever method you use, you need to be sure that it's being constantly updated to keep up with the most recent exploits. For this reason, many website owners choose to integrate some form of "captcha" - or in this case, "reCAPTCHA".
Google's reCAPTCHA for Human Verification
The technology was first acquired by Google way back in 2009 - at that time, it was focused on making humans interpret hard to read texts, which also incidentally ended up helping digitize large volumes of previously illegible books and paper based articles. An excellent example of crowdsourcing!
But since 2014, the text based recognition has been replaced. Bots are getting smarter and smarter, and we're now at a point where humans themselves have difficulty recognizing text that would pose a challenge to bots. Now Google simply provides us with a checkbox, and uses a wide variety of parameters to determine the identity of the visitor. In this article, we'll take a look at a simple plugin that allows you to add reCAPTCHA to all forms of WordPress, as well as custom locations!
Installing the Plugin for reCAPTCHA
The plugin we're using is the free version of BestWebSoft's product, called Google Captcha. It has pretty much all the features you're looking for, and the paid version has a few extra perks like being able to change the language manually, as well as the size. But for most website owners, the basic version works just fine.
After downloading and installing the plugin provided in the link above, you'll get a notice on your WordPress dashboard that it needs to be configured with the Google Captcha keys:
To do this, visit the link provided above and scroll down to register a new site. Provide your site with a label, choose whether or not you want an active captcha, or a passive one, and enter your domain name in the box provided below. You can enter multiple domains - one on each line.
Once you've saved your changes, you'll be provided with your site key and secret key. Take a note of these two as shown here:
Now go back and enter these two values in the Google Captcha plugin settings in the appropriate boxes as shown here:
Now scroll down and choose where you want the form to appear. I find it a good idea to select all the checkboxes, except perhaps the comments section. But if you're having an issue with comment spam, this is an easy way to bring that down as well!
The basic settings work pretty well for an average site. Once you save your changes, here's what the captcha looks like on the WordPress login form:
You can also place the captcha form in any place that accepts shortcodes. On the right side of the plugin settings, you'll see the shortcode you can use:
Finally, you can also customize the look and feel of the captcha by adding your own custom CSS code using the "Custom Code" tab as shown here:
The benefit to adding your CSS here instead of in your general CSS settings, is that the code is removed if you uninstall the plugin instead of sitting where it is and cluttering up your custom CSS.
So if you want to add a bit of extra verification to your WordPress forms, reCAPTCHA by Google is a great start. It's easy to install, and easy to use. What's not to like?