How to Use CAPTCHA to Secure Your WordPress Site

How to Use CAPTCHA to Secure Your WordPress Site

Unless you’ve never been online before, you’re sure to have come across CAPTCHA tests – probably each version of them, too. If you’ve ever had to make out squiggly, blurry text to type in a box or click every image with a fire hydrant (or another basic visual) in a grid, you’ve passed a CAPTCHA test. This is one of the most basic – and most effective – ways to keep your WordPress website secure. And with so many dedicated plugins available, keeping your site safe, especially in the spots where hackers go first, is simpler than you may think.

What is CAPTCHA?

CAPTCHA stands for “Completely Automated Turing Test to Tell Computers and Humans Apart.” And that’s exactly what it is – the CAPTCHA computer program can tell the difference between automated and human users. The tests are super easy for humans to pass, but pretty difficult for an automated script to handle. Traditional CAPTCHA tests would ask the user to input the text they saw, which would be distorted.

Today, there are more advanced CAPTCHA types, called reCAPTCHA (and noCAPTCHA, a sort of reCAPTCHA spinoff). Even smart bots can’t recognize distorted text or image fragments, and when they can’t make it through the test, they’re blocked from accessing your site. There’s also the newest version, referred to as Invisible CAPTCHA, but for our purposes, we’re going to mainly talk about version 2.

Is CAPTCHA Different from reCAPTCHA?

Following CAPTCHA, reCAPTCHA became the norm. This looked similar to traditional CAPTCHA – the user had to input the text they saw in a distorted picture – but the technology was used to digitalize books while also providing a layer of safety for websites. In 2009, Google acquired the technology, and between then and now, it’s helped to digitize thousands of books, not to mention New York Times archives.

Today, there’s also something called “No CAPTCHA reCAPTCHA,” abbreviated to noCAPTCHA in some instances, which is a version of reCAPTCHA. It improves the user experience and is highly accessible, a problem that other WordPress CAPTCHA options faced. Instead of having to type in text, the user can simply click a box to confirm “I’m not a robot.” If there’s suspicious activity detected, that simple checkbox doesn’t appear — instead, a harder CAPTCHA, like identifying a specific object in images, will show up in its place.

How Does CAPTCHA Protect My Site?

Login and registration pages are the perfect places for hackers, spammers and bots to attack. Why? Their motivation is usually to get into your site and access the admin area. There’s no better place to do that than where usernames and passwords are entered.

There’s so much that can happen when an unauthorized person gains access to your WordPress admin area. They can:

  • Crash a network of websites
  • Distribute malware
  • Hurt SEO
  • Lower traffic
  • Make threats to collect a ransom
  • Spam the comments section of a blog
  • Steal personal information

WordPress CAPTCHA keeps hackers and spambots away, particularly when it comes to brute force attacks. This is when bots are used to try different credentials in a login form until they can figure out the username and password to get into the site.

How to Install CAPTCHA in WordPress

The quickest and easiest way to install CAPTCHA on your WordPress website is by using a plugin. There are a lot to choose from in the WordPress directory, like reCaptcha by BestWebSoft and Advanced noCAPTCHA and Invisible CAPTCHA, which we’re going to use for our walk-through today. When choosing a WordPress CAPTCHA plugin, here’s what to look for:

  • Google reCAPTCHA is the most user-friendly option, so make sure this type of CAPTCHA is provided.
  • The ability to add CAPTCHA to several places on your site in addition to the login page. You may even want to add multiple CAPTCHAs to the same page.
  • Integrations with other tools you use, like a blog comments section or contact forms.

You should also consider WPForms, which lets you create custom login and registration forms if you want to brand or personalize your website beyond what out-of-the-box WordPress offers. There’s also a reCAPTCHA option if you want to add it to any form you create.

P.S. If you’re using Divi, reCAPTCHA is already included in some of our modules! Find out more in our documentation about spam protection providers.

Using the Advanced noCAPTCHA and Invisible CAPTCHA Plugin

Here’s how to get CAPTCHA on your site using the Advanced noCAPTCHA and Invisible CAPTCHA plugin. First, you’ll need to install and activate it. Log in to your WordPress dashboard, then select Plugins on the left. Click Add New at the top of the Plugins page.

wordpress captcha

In the search bar on the top right, type in “Advanced noCAPTCHA” – the plugin you want should be the first result.

Click Install Now, then Activate when it’s done (which should just take a second). Then, from the Plugins page, click Settings under the WordPress CAPTCHA plugin.

wordpress captcha

Under the Google Keys header, click the Google link. That will bring you to this page.

Under reCAPTCHA Type, select the second option, reCAPTCHA v2, then choose “I’m not a robot” Checkbox. You’ll also want to fill out the Label and Domains sections, then check the terms of service box. Click Submit when you’re done.

wordpress captcha

This will generate two CAPTCHA keys. Copy and paste them into the appropriate boxes on the plugin’s Settings page in WordPress.

wordpress captcha

Next to Enabled Forms, select where you want WordPress CAPTCHA tests. Further down the page, you can make more tweaks, like customizing the error message, choosing a light or dark theme and hiding the CAPTCHA for logged-in users.

That’s it! Check out your site to make sure the CAPTCHA boxes are where they should be. This is what my login page looks like now:

wordpress captcha

Where Should You Enable CAPTCHA in WordPress?

It’s a good idea to use WordPress CAPTCHA to protect any part of your website where users input information. These areas are particularly vulnerable to attacks. Consider adding CAPTCHA to the following:

  • Contact forms
  • Content submissions
  • Email signup forms
  • Login pages
  • Password recovery pages
  • Surveys
  • User registration forms

If an authorized user can access your site or if a visitor can submit information, that’s a gateway for hackers, too.

Final Thoughts About WordPress CAPTCHA

For how important CAPTCHA is to protecting the most vulnerable sections of your website, it’s remarkably easy to set up. You basically have to do three things:

  • Add a WordPress CAPTCHA plugin to your site.
  • Get Google reCAPTCHA keys to use with the plugin.
  • Adjust the settings to protect the forms and login areas on your site.

That’s it! Few security measures are as easy to implement as CAPTCHA, not to mention no-cost, and considering it can provide a lot of protection from hackers and spammers, we can’t think of a reason not to add it.

Want to test those new forms you’re putting up? We’ve got you covered.

The post How to Use CAPTCHA to Secure Your WordPress Site appeared first on Elegant Themes Blog.

WP Tavern’s 2021 Year in Review

WP Tavern’s 2021 Year in Review

Abstract Lights by Marcus Kazmierczak

A friend prompted me to fix an issue with the WP Tavern archives page a few days ago. Not all of 2021’s posts were visible. As I glanced over the updated list, I realized our team put in a lot of work for the year.

In the day-to-day mix of things, it is easy to forget how much you have written during the year. Some of the articles are memorable and stick with you for a while. Much passes by in a blur. But, I felt a sense of pride in the work our team has put in as I scrolled through the posts.

These year-in-review posts tend to take about two days’ worth of work, gathering up all of the stats and notes and formatting them so that they are presentable. However, they are always one of my favorite articles to put together every year.

We should always take some time to remind ourselves where we have been on this journey. This makes sure we are better informed before taking our next steps. At the Tavern, that means paying attention to what content people are reading and how they are engaging with it.

So, let us just dive right into some of the 2021 highlights.

The Year in WordPress

WordPress turned 18 years old in 2021. That is a massive feat for any software, especially a CMS that consistently faces competition from newer web technologies.

Unlike last year’s three, the platform only saw two major releases this year. WordPress 5.9 was initially slated to land in early December, but it was postponed until January 25, 2022. This should give contributors more time to smooth out several wrinkles with new features.

The Gutenberg plugin was a consistent force, driving new features that would eventually make their way into core WordPress. We have covered its releases throughout the year here at the Tavern.

Matt Mullenweg recorded his annual State of the Word before a live audience in New York City in mid-December. The address focused on WordPress’s growth in the past year, a decentralized web, and version 5.9 features. He also focused on contributing to the commons. He introduced Openverse, formerly Creative Commons Search, and noted the beta launch of the WordPress photo directory.

Favorite Plugin

Newsletter theme design screen from the Newsletter Glue plugin.
Newsletter Glue’s theme designer.

One of the best things about writing for WP Tavern is covering a range of new plugins every year. Unfortunately, we cannot get to them all. However, there are always a few projects that stand out in the crowded field.

Maybe it was nostalgia for a bygone era of printed family newsletters. Perhaps it is just a neat idea, but my favorite plugin of the year is Newsletter Glue.

It showcases how a small team can get a complex project off the ground via the block editor. Newsletter Glue is just over a year old, and Lesley Sim and Ahmed Fouad have created a solid product.

Favorite Theme

Homepage of the Eksell WordPress theme, showcasing a three-column portfolio grid with the site navigation/sidebar to the left and an intro and category nav above.
Eksell theme homepage

This should come as no surprise to Tavern readers. I have touted its well-rounded design and architecture on multiple occasions. Eksell by Anders Norén is my favorite theme of the year. Twenty Twenty-Two would be a close second, but it has not officially launched yet. Maybe it will reign in the year to come.

I have been on the lookout for a block theme to win this for the entire year, but none of them quite lived up to Eksell. Not even Noren’s own attempt with Tove.

Eksell plays well with blocks, supporting all current, stable advancements in WordPress theming. It is far more modern than many other classic-supported themes. And, it is just beautiful.

WP Tavern Stats

Over the past couple of years, we have increased our content output. Engagement via published comments is down, but “likes” continue climbing. The following is a table of the past three years of stats. Note that averages are per post.

202120202019
Total Posts443406382
Total Comments3,1513,6992,864
Avg. Comments7.19.27.5
Total Likes4,5083,5892,676
Avg. Likes10.29.07.0
Total Words324,842317,231225,117
Avg. Words733791589

Of course, we moderate comments here at WP Tavern. We could let things run wild for a bump in commenting stats, but we want to continue creating an environment where people feel welcome to participate.

I am the champion of comments this year with a total of 81. I would still like to engage a bit more. That is something I will work on in the new year.

Props to the five people next in line for total comments in 2021:

  • Miroslav Glavić
  • Eric Karkovack
  • Andrew Starr
  • Steven Gliebe
  • Paul Lacey

Without you and other readers, there would be no Tavern. I hope to see more of you all and others in 2022.

Top 10 Most Viewed Stories

Sarah Gooding pretty much single-handedly broke our all-time daily views record in January, a record that had stood since 2015. It now stands at 24,887. I contributed a bit, but her coverage of WordPress.com’s website building service did the heavy lifting. And, it was not even the overall most-viewed story of the year.

The following are the articles Tavern readers viewed the most in 2021:

Top 10 Most Commented Stories

You would think that our most-read articles are those that receive the most comments. However, that is not always the case. While there is some crossover between the two lists, our readers sometimes need to be vocal on a particular topic.

Here are the top 10 most-commented posts of 2021:


I look forward to another year of delivering stories to all of our readers. The Tavern staff will see you all in 2022 for the next steps on this journey.