Protect your WordPress forms from spam and bot submissions by integrating Google reCAPTCHA with Everest Forms. This comprehensive guide walks you through the entire setup process, from obtaining API keys to testing your implementation.

Prerequisites:
- Everest Forms Free or Pro installed and activated. 

Understanding reCAPTCHA Versions #

Everest Forms supports both major reCAPTCHA versions, each offering different user experiences and security levels:

reCAPTCHA v2 Options #

Checkbox Version (“I’m not a robot”):

• Requires users to click a checkbox actively.
• Provides clear visual confirmation of human interaction.
• Ideal for sites where explicit user verification is desired.

Invisible Version:

• Operates silently in the background.
• Only presents challenges when suspicious activity is detected.
• Perfect balance between protection and usability.

reCAPTCHA v3 (Score-Based) #

• Analyzes user behavior patterns continuously.
• Assigns risk scores from 0.0 (bot) to 1.0 (human).
• Recommended for high-traffic sites prioritizing seamless user experience.

Step 1: Obtain Google reCAPTCHA API Keys #

Access the reCAPTCHA Console

1. Navigate to the Google reCAPTCHA and sign in with your Google account.
2. Click the Get Started button to register a new site.

Register Your WordPress Site #

Complete the registration form with the following details:

• Label: Enter a recognizable name for your project (e.g., “EVF”)
• reCAPTCHA Type: Choose between:
  • reCAPTCHA v3 (Score-based analysis)
  • reCAPTCHA v2 (Challenge-based verification)
• Domains: Add your website domain(s) without protocol.
  • Example: yoursite.com and www.yoursite.com

Project Settings

• Google Cloud Platform Project: Create or select an existing project.

Click Submit to complete the registration process.

Retrieve Your API Keys #

After successful registration, you’ll receive two essential keys:

• Site Key (Public): Used in your website’s frontend code.
• Secret Key (Private): Used for server-side verification.

Important Security Note: Never expose your Secret Key in frontend code or public repositories. Copy and keep these keys safe to use later.

Step 2: Configure reCAPTCHA in Everest Forms #

Log in to your WordPress admin dashboard and navigate to Everest Forms > Settings. Click on the CAPTCHA tab and configure reCAPTCHA:

1. CAPTCHA Type: Select “reCAPTCHA” from the dropdown menu.
2. reCAPTCHA Version: Choose the version matching your Google setup.
3. Site Key: Paste your public Site Key.
4. Secret Key: Paste your private Secret Key.

For reCAPTCHA v2 #

• Invisible reCAPTCHA: Enable this option to use the invisible version of v2.
  • When enabled, the reCAPTCHA runs in the background.
  • Users only see challenges when the system detects suspicious behavior.
  • Provides a better user experience compared to the checkbox version.

With this invisible reCAPTCHA, no user interaction is required at all. Like the “I’m not a robot” reCAPTCHA, Google also analyzes the user’s activity, like typing patterns, mouse movements, and browsing history. The reCAPTCHA can be invoked directly when the user clicks on a native button on the page or via a JavaScript API call.

For reCAPTCHA v3 #

• Threshold Score: Set the minimum score required (0.1 to 1.0):
  • 0.1-0.4: Strict filtering (may block legitimate users).
  • 0.5: Balanced approach (recommended for most sites).
  • 0.6-1.0: Lenient filtering (may allow some spam).

If the score is low, indicating potential bot activity, reCAPTCHA may prompt the user to complete additional challenges, like selecting specific pictures. Conversely, if the score is high, close to 1, it’s likely a genuine human interaction, and reCAPTCHA allows the user to continue without further interruption.Therefore, the lower the score, the more likely the user will need to prove they’re human.

Additional Settings:

• CAPTCHA Language: Select from the dropdown for a consistent experience.

Review all settings for accuracy and click Save Settings.

Step 3: Add reCAPTCHA to Your Forms #

1. Navigate to Everest Forms > All Forms.
2. Select the form you want to protect.
3. In the form builder, locate the Advanced Fields section.
4. Find the reCAPTCHA field and drag and drop it into your form layout.

Click Save to update your form.

If you try to use the reCaptcha field, before setting up the site keys, you might encounter an error message like below:

Field Positioning Best Practices

• Place reCAPTCHA near the end of your form.
• Ensure it appears before the submit button.
• Leave adequate spacing for visibility.

Step 4: Test Your reCAPTCHA Implementation #

1. Open your website in an incognito/private browsing window.
2. Navigate to the form page with reCAPTCHA enabled.
3. Verify the reCAPTCHA element loads correctly.
4. Check for console errors in browser developer tools.

Functionality Testing

1. For reCAPTCHA v2 Checkbox: Ensure the checkbox appears and responds to clicks.
2. For reCAPTCHA v2 Invisible: Submit the form and verify background processing.
3. For reCAPTCHA v3: Test form submission and check score validation.

In the Google reCAPTCHA admin console, you can view the overall traffic records on your forms.

Select the project you have created and watch for the activities:

Troubleshooting Common Issues #

reCAPTCHA Not Appearing

• Verify API keys are correctly entered.
• Check domain registration matches your site URL.
• Ensure JavaScript is enabled in browser.
• Clear browser cache and cookies.

Form Submission Failures

• Confirm Secret Key is properly configured.
• Check server error logs for API communication issues.
• Verify threshold scores aren’t too restrictive (v3).
• Test with different browsers and devices.

Performance Considerations

• Monitor page load times after implementation.
• Consider lazy loading for forms below the fold.
• Test with various internet connection speeds.

Please visit the link below to integrate the hCaptcha on your forms:
https://docs.wpeverest.com/everest-forms/docs/how-to-integrate-hcaptcha/