As you all know, I source a lot of forums and Twitter threads here for the stories that I write. Without the amazing individuals that make up the search industry, this site would not exist. In fact, when I started this site over 18 years ago, its purpose was to cover what the community is buzzing about and this site remains true to that today.
Unless you’ve never been online before, you’re sure to have come across CAPTCHA tests – probably each version of them, too. If you’ve ever had to make out squiggly, blurry text to type in a box or click every image with a fire hydrant (or another basic visual) in a grid, you’ve passed a CAPTCHA test. This is one of the most basic – and most effective – ways to keep your WordPress website secure. And with so many dedicated plugins available, keeping your site safe, especially in the spots where hackers go first, is simpler than you may think.
What is CAPTCHA?
CAPTCHA stands for “Completely Automated Turing Test to Tell Computers and Humans Apart.” And that’s exactly what it is – the CAPTCHA computer program can tell the difference between automated and human users. The tests are super easy for humans to pass, but pretty difficult for an automated script to handle. Traditional CAPTCHA tests would ask the user to input the text they saw, which would be distorted.
Today, there are more advanced CAPTCHA types, called reCAPTCHA (and noCAPTCHA, a sort of reCAPTCHA spinoff). Even smart bots can’t recognize distorted text or image fragments, and when they can’t make it through the test, they’re blocked from accessing your site. There’s also the newest version, referred to as Invisible CAPTCHA, but for our purposes, we’re going to mainly talk about version 2.
Is CAPTCHA Different from reCAPTCHA?
Following CAPTCHA, reCAPTCHA became the norm. This looked similar to traditional CAPTCHA – the user had to input the text they saw in a distorted picture – but the technology was used to digitalize books while also providing a layer of safety for websites. In 2009, Google acquired the technology, and between then and now, it’s helped to digitize thousands of books, not to mention New York Times archives.
Today, there’s also something called “No CAPTCHA reCAPTCHA,” abbreviated to noCAPTCHA in some instances, which is a version of reCAPTCHA. It improves the user experience and is highly accessible, a problem that other WordPress CAPTCHA options faced. Instead of having to type in text, the user can simply click a box to confirm “I’m not a robot.” If there’s suspicious activity detected, that simple checkbox doesn’t appear — instead, a harder CAPTCHA, like identifying a specific object in images, will show up in its place.
How Does CAPTCHA Protect My Site?
Login and registration pages are the perfect places for hackers, spammers and bots to attack. Why? Their motivation is usually to get into your site and access the admin area. There’s no better place to do that than where usernames and passwords are entered.
There’s so much that can happen when an unauthorized person gains access to your WordPress admin area. They can:
Crash a network of websites
Distribute malware
Hurt SEO
Lower traffic
Make threats to collect a ransom
Spam the comments section of a blog
Steal personal information
WordPress CAPTCHA keeps hackers and spambots away, particularly when it comes to brute force attacks. This is when bots are used to try different credentials in a login form until they can figure out the username and password to get into the site.
How to Install CAPTCHA in WordPress
The quickest and easiest way to install CAPTCHA on your WordPress website is by using a plugin. There are a lot to choose from in the WordPress directory, like reCaptcha by BestWebSoft and Advanced noCAPTCHA and Invisible CAPTCHA, which we’re going to use for our walk-through today. When choosing a WordPress CAPTCHA plugin, here’s what to look for:
Google reCAPTCHA is the most user-friendly option, so make sure this type of CAPTCHA is provided.
The ability to add CAPTCHA to several places on your site in addition to the login page. You may even want to add multiple CAPTCHAs to the same page.
Integrations with other tools you use, like a blog comments section or contact forms.
You should also consider WPForms, which lets you create custom login and registration forms if you want to brand or personalize your website beyond what out-of-the-box WordPress offers. There’s also a reCAPTCHA option if you want to add it to any form you create.
P.S. If you’re using Divi, reCAPTCHA is already included in some of our modules! Find out more in our documentation about spam protection providers.
Using the Advanced noCAPTCHA and Invisible CAPTCHA Plugin
Here’s how to get CAPTCHA on your site using the Advanced noCAPTCHA and Invisible CAPTCHA plugin. First, you’ll need to install and activate it. Log in to your WordPress dashboard, then select Plugins on the left. Click Add New at the top of the Plugins page.
In the search bar on the top right, type in “Advanced noCAPTCHA” – the plugin you want should be the first result.
Click Install Now, then Activate when it’s done (which should just take a second). Then, from the Plugins page, click Settings under the WordPress CAPTCHA plugin.
Under the Google Keys header, click the Google link. That will bring you to this page.
Under reCAPTCHA Type, select the second option, reCAPTCHA v2, then choose “I’m not a robot” Checkbox. You’ll also want to fill out the Label and Domains sections, then check the terms of service box. Click Submit when you’re done.
This will generate two CAPTCHA keys. Copy and paste them into the appropriate boxes on the plugin’s Settings page in WordPress.
Next to Enabled Forms, select where you want WordPress CAPTCHA tests. Further down the page, you can make more tweaks, like customizing the error message, choosing a light or dark theme and hiding the CAPTCHA for logged-in users.
That’s it! Check out your site to make sure the CAPTCHA boxes are where they should be. This is what my login page looks like now:
Where Should You Enable CAPTCHA in WordPress?
It’s a good idea to use WordPress CAPTCHA to protect any part of your website where users input information. These areas are particularly vulnerable to attacks. Consider adding CAPTCHA to the following:
Contact forms
Content submissions
Email signup forms
Login pages
Password recovery pages
Surveys
User registration forms
If an authorized user can access your site or if a visitor can submit information, that’s a gateway for hackers, too.
Adjust the settings to protect the forms and login areas on your site.
That’s it! Few security measures are as easy to implement as CAPTCHA, not to mention no-cost, and considering it can provide a lot of protection from hackers and spammers, we can’t think of a reason not to add it.
Wrap up the year with all the best WordPress holiday sales, deals, coupons and promo codes. Best of all – we’ve put them all in one place just for you. 2021 felt like a rollercoaster, but why not end it on a high note? Treat yourself (and your website) to a new theme or perhaps […]
A friend prompted me to fix an issue with the WP Tavern archives page a few days ago. Not all of 2021’s posts were visible. As I glanced over the updated list, I realized our team put in a lot of work for the year.
In the day-to-day mix of things, it is easy to forget how much you have written during the year. Some of the articles are memorable and stick with you for a while. Much passes by in a blur. But, I felt a sense of pride in the work our team has put in as I scrolled through the posts.
These year-in-review posts tend to take about two days’ worth of work, gathering up all of the stats and notes and formatting them so that they are presentable. However, they are always one of my favorite articles to put together every year.
We should always take some time to remind ourselves where we have been on this journey. This makes sure we are better informed before taking our next steps. At the Tavern, that means paying attention to what content people are reading and how they are engaging with it.
So, let us just dive right into some of the 2021 highlights.
The Year in WordPress
WordPress turned 18 years old in 2021. That is a massive feat for any software, especially a CMS that consistently faces competition from newer web technologies.
Unlike last year’s three, the platform only saw two major releases this year. WordPress 5.9 was initially slated to land in early December, but it was postponed until January 25, 2022. This should give contributors more time to smooth out several wrinkles with new features.
WordPress 5.8 “Tatum” introduced block widgets, duotone media filters, and new emoji support.
WordPress 5.7 “Esperanza” added drag-and-drop for blocks and patterns, a streamlined admin color palette, and one-click HTTPS migration.
The Gutenberg plugin was a consistent force, driving new features that would eventually make their way into core WordPress. We have covered its releases throughout the year here at the Tavern.
Matt Mullenweg recorded his annual State of the Word before a live audience in New York City in mid-December. The address focused on WordPress’s growth in the past year, a decentralized web, and version 5.9 features. He also focused on contributing to the commons. He introduced Openverse, formerly Creative Commons Search, and noted the beta launch of the WordPress photo directory.
Favorite Plugin
One of the best things about writing for WP Tavern is covering a range of new plugins every year. Unfortunately, we cannot get to them all. However, there are always a few projects that stand out in the crowded field.
It showcases how a small team can get a complex project off the ground via the block editor. Newsletter Glue is just over a year old, and Lesley Sim and Ahmed Fouad have created a solid product.
Favorite Theme
This should come as no surprise to Tavern readers. I have touted its well-rounded design and architecture on multiple occasions. Eksell by Anders Norén is my favorite theme of the year. Twenty Twenty-Two would be a close second, but it has not officially launched yet. Maybe it will reign in the year to come.
I have been on the lookout for a block theme to win this for the entire year, but none of them quite lived up to Eksell. Not even Noren’s own attempt with Tove.
Eksell plays well with blocks, supporting all current, stable advancements in WordPress theming. It is far more modern than many other classic-supported themes. And, it is just beautiful.
WP Tavern Stats
Over the past couple of years, we have increased our content output. Engagement via published comments is down, but “likes” continue climbing. The following is a table of the past three years of stats. Note that averages are per post.
2021
2020
2019
Total Posts
443
406
382
Total Comments
3,151
3,699
2,864
Avg. Comments
7.1
9.2
7.5
Total Likes
4,508
3,589
2,676
Avg. Likes
10.2
9.0
7.0
Total Words
324,842
317,231
225,117
Avg. Words
733
791
589
Of course, we moderate comments here at WP Tavern. We could let things run wild for a bump in commenting stats, but we want to continue creating an environment where people feel welcome to participate.
I am the champion of comments this year with a total of 81. I would still like to engage a bit more. That is something I will work on in the new year.
Props to the five people next in line for total comments in 2021:
Miroslav Glavić
Eric Karkovack
Andrew Starr
Steven Gliebe
Paul Lacey
Without you and other readers, there would be no Tavern. I hope to see more of you all and others in 2022.
Top 10 Most Viewed Stories
Sarah Gooding pretty much single-handedly broke our all-time daily views record in January, a record that had stood since 2015. It now stands at 24,887. I contributed a bit, but her coverage of WordPress.com’s website building service did the heavy lifting. And, it was not even the overall most-viewed story of the year.
The following are the articles Tavern readers viewed the most in 2021:
You would think that our most-read articles are those that receive the most comments. However, that is not always the case. While there is some crossover between the two lists, our readers sometimes need to be vocal on a particular topic.
I look forward to another year of delivering stories to all of our readers. The Tavern staff will see you all in 2022 for the next steps on this journey.