Search for a plugin or theme

How to Add reCaptcha to WordPress Comments to Prevent Spam Comments

How to Add reCaptcha to WordPress Comments to Prevent Spam Comments

Spam comments that are being left on your blog posts will clog up your database and your email account with false notifications. Believe us, we know all about it here.

For months we received hundreds of spam comments every day. Luckily, we solve the problem by adding a reCaptcha box to the comments form.

In this article, you will learn how to add reCaptcha to your WordPress comment form to prevent spam messages.

What is Google reCaptcha?

reCaptcha is the box that is added to the form, just before the Submit button and asking the user to prove that they are not a robot.

They are very common and come in different verification options:

The most used one is the ‘I’m not a robot’ checkmark just like this one (that’s the one we use).

I am not a robot box

Another popular one is proving that you are not a robot by selecting specific images from the same group like ‘cars’.

Select images

reCAPTCHA uses an advanced risk analysis engine and adaptive challenges to keep malicious software from engaging in abusive activities on your website. Meanwhile, legitimate users will be able to login, make purchases, view pages, or create accounts and fake users will be blocked.

Official Google reCaptcha website

Google reCaptcha Types

There are two versions of Google reCaptcha.

reCaptcha v2 – the box that appears inside the form (comments, login, register, etc). They are the examples that I showed you above and that is the version that we will use in this tutorial.

The user will need to solve a challenge before submitting the form.

reCaptcha v3 – added to every page (or chosen pages) on your website and will analyze your behavior as a visitor. Human users are acting differently than bots (dah!!) and therefore will be tagged as legit. If a robot will try to leave a comment or review, it will be blocked.

reCaptcha v3

Because we only want to add a reCaptcha box to the WordPress comments form specifically instead of all pages, we will use the reCaptcha v2 type.

Why Use reCaptcha?

As mentioned above, spam comments are not fun and can damage your website or admin’s experience.

Spam comments will take space on your database and if not deleted frequently, will clog it and slow it down.

Also, if you get an email notification (like we do) for every comment that is being left on your website, it will pile up quickly. That will slow down your workflow, and hold you down from focusing on the important emails.

Spam notification

Often, we accidentally skipped valuable comments left by legit users because we assumed they were spam comments. After we added the reCaptcha form to our website, it doesn’t happen anymore. Now, when receiving comments, after enabling the reCaptcha option, all comments are legit and approve.

Add reCaptcha to WordPress Comment Form

We can add reCaptcha in two different ways. The first way is by installing a plugin and the second way is by using a function. In this tutorial, we will cover both ways.

No matter which option you’re choosing, first of all, we will need to generate our reCaptcha API keys.

Generate reCaptcha API Keys

To generate the keys, open the Google reCaptcha website and click on the v3 Admin Console link.

Google reCaptcha website

On the next screen, click on reCaptcha v2 and select the ‘I’m not a robot’ checkbox option. Enter your website’s domain name, accept the terms of service and click submit.

generate reCaptcha keys

On the next screen, you’ll have both the public and secret API keys. Keep this window open, we will need to copy them shortly.

reCaptcha API Keys

We can now move on to the second step and use the keys with a plugin or a function.

Add reCaptcha With a Plugin

From inside your WordPress dashboard, navigate to Plugins -> Add New, and install the reCaptcha by BestWebSoft plugin.

add reCaptcha with a plugin

Once activated, navigate to reCaptcha -> Settings, choose Version 2 and enter your site and secret keys we generated on the last step.

Choose the forms that you would like to enable reCaptcha for and scroll all the way to the bottom of the page to save the changes.

reCaptcha plugin settings

All done, visit one of your blog posts, scroll to the comments section and see the added reCaptcha box.

reCaptcha was added to WordPress comment form

If you would like to use a function instead of a plugin, follow the section below.

Add reCaptcha With a Function

With this method, we will use a function to integrate reCaptcha with the comments form.

First, navigate to Appearance -> Theme Editor and open the single.php (or singular.php) file of your child theme.

If you don’t have a child theme, create one after reading our how to create a WordPress child theme article.

Then, copy the code below and paste it just before the get_header(); function in the single.php file and click save.

wp_enqueue_script('google-recaptcha', '');

Once saved, open the functions.php file, scroll to the bottom of it, and paste the code below:

/* Add Google recaptcha to WordPress comment box */
function add_google_recaptcha($submit_field) {
    $submit_field['submit_field'] = '<div class="g-recaptcha" data-sitekey="enter_your_site_key_here"></div><br>' . $submit_field['submit_field'];
    return $submit_field;
if (!is_user_logged_in()) {
/** Google recaptcha check, validate and catch the spammer */
function is_valid_captcha($captcha) {
$captcha_postdata = http_build_query(array(
                            'secret' => 'enter_your_secret_key_here',
                            'response' => $captcha,
                            'remoteip' => $_SERVER['REMOTE_ADDR']));
$captcha_opts = array('http' => array(
                      'method'  => 'POST',
                      'header'  => 'Content-type: application/x-www-form-urlencoded',
                      'content' => $captcha_postdata));
$captcha_context  = stream_context_create($captcha_opts);
$captcha_response = json_decode(file_get_contents("" , false , $captcha_context), true);
if ($captcha_response['success'])
    return true;
    return false;
function verify_google_recaptcha() {
$recaptcha = $_POST['g-recaptcha-response'];
if (empty($recaptcha))
    wp_die( __("<b>ERROR:</b> please select <b>I'm not a robot!</b><p><a href='javascript:history.back()'>« Back</a></p>"));
else if (!is_valid_captcha($recaptcha))
    wp_die( __("<b>Go away SPAMMER!</b>"));
if (!is_user_logged_in()) {
    add_action('pre_comment_on_post', 'verify_google_recaptcha');

Make sure to replace ‘enter_your_site_key_here’ and ‘enter_your_secret_key_here’ with the actual keys we generated earlier. Once replaced, click save.

Finally, visit the comments section on one of your blog posts and verify that the reCaptcha box was added successfully. Go ahead and test the box by leaving a comment.


In this article, you learned how to add a reCaptcha box to the comments form by using a plugin or a function.

Let us know down below which one of the methods you chose to perform this task.

Also, make sure to subscribe to our YouTube channel and like our page on Facebook.

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on email


PluginsForWP is a website specializing in redistributing WordPress plugins and themes with a variety of knowledge about WordPress, internet marketing, and blogging.

Leave a Reply