Overview

If you do require user registration, one of the easiest fixes is to ensure your site has a CAPTCHA enabled to detect if the form is being filled out by a human or via a script. This will then limit WordPress and WooCommerce Registration Spam and also help prevent brute force login attempts on your website.

One way to do this is to integrate Google’s reCAPTCHA v3 for your site, which is detailed below.

Information

As an alternative, we also have a guide on integrating hCaptcha with WordPress.

Instructions

  1. Firstly, follow our guide on how to Create a reCAPTCHA API Key.
  2. Next, login to your WordPress website.
  3. Go to Plugins -> Add New:
    wordpress login and registration bot protection via recaptcha
  4. In the right-hand search box, search for “reCaptcha by BestWebSoft“. You should see the following result:
    wordpress login and registration bot protection via recaptcha
  5. Install the plugin then click Activate.
  6. Once it’s been activated, it’ll return you to the WordPress plugin page. Find the reCapcha by BestWebSoft and select settings:
    wordpress login and registration bot protection via recaptcha
  7. Select Version 3 for the reCaptcha version:
    wordpress login and registration bot protection via recaptcha
  8. Next, paste in the Site Key and Secret Key generated in step 1:
    wordpress login and registration bot protection via recaptcha
  9. Then, ensure it’s enabled for the Registration Form:
    wordpress login and registration bot protection via recaptcha
    (We also recommend for login as well)
  10. Click Save Changes at the bottom of the page.
  11. If required, you can also use the Test reCaptcha button to verify that the credentials work. This will display a green tick beside the Site Key and Secret Key.
  12. To test that the reCAPTCHA is working, open a different browser (or incognito window) and go to your user registration page. This will be your usual website URL with /wp-login.php?action=register at the end. In the bottom right-hand corner, you should see the Google reCAPTCHA logo:
    wordpress login and registration bot protection via recaptcha

Advice

The Google reCAPTCHA v3 is recommended as there’s no annoyance for users to click “I’m not a robot” or similar requests. They will only see the logo in the bottom right unless Google’s system suspects they’re not a human user. This can occur if they’re using a VPN or highly restrictive browser.

Was this article helpful?

Related Articles