Integrating Google reCAPTCHA v3 in WordPress Plugin
Posted on 18th June 2023
The internet is full of bots. Some of them are good, like the ones that help you search for things online. But many are bad, like the ones that spam your website with comments or try to break into your site to steal your information.
Google reCAPTCHA is a free service that helps protect your website from spam and abuse. It uses advanced risk analysis techniques to tell humans and bots apart.
reCAPTCHA v3 is the latest version of Google’s reCAPTCHA service. It is more effective than v2, but it is also more intrusive. With v3, Google will be able to track the actions of users on your website.
If you are a plugin developer, you may be wondering how to integrate reCAPTCHA v3 into your plugin. In this article, we will show you how to add Google reCAPTCHA v3 to a WordPress plugin.
First, you will need to create a new account on the Google reCAPTCHA website and register your website.
Once you have registered your website, you will be given a Site key and a Secret key. These keys are used to communicate with the Google reCAPTCHA server.
Next, you will need to edit your plugin code to include the reCAPTCHA keys. You will also need to add a new callback function that will be called when the user completes the reCAPTCHA challenge.
The callback function will receive two parameters: the user’s IP address and the reCAPTCHA score. The score is a number between 0.0 and 1.0, with 1.0 being the most likely to be a human.
If the score is below 0.5, you can assume that the user is a bot and take appropriate action.
Once you have added the keys and callback function to your plugin, you will need to add the following JavaScript to your website. This JavaScript will load the reCAPTCHA API and render the reCAPTCHA challenge.
grecaptcha.ready(function() {
grecaptcha.execute(‘ your_site_key ‘, {action: ‘ your_action ‘}).then(function(token) {
// Add your code here
});
});
Replace your_site_key with the Site key that you received from the Google reCAPTCHA website.
Replace your_action with the name of the action that you want to track. This could be something like ‘login’ or ‘comment’.
The JavaScript will render the reCAPTCHA challenge on your website and send the user’s response to the Google reCAPTCHA server.
The server will then return a score between 0.0 and 1.0, which you can use to decide whether the user is a human or a bot.
If you want to learn more about Google reCAPTCHA v3, we recommend reading the official documentation.
The process for adding reCAPTCHA v3 to your WordPress plugin is as follows:
1. Download the latest reCAPTCHA PHP library.
2. Unzip the file and copy the recaptcha-master folder to your WordPress plugins directory (wp-content/plugins).
3. In your WordPress admin panel, go to Plugins and activate the reCAPTCHA plugin.
4. Go to Settings > reCAPTCHA and enter your Site Key and Secret Key. These keys are available from the Google reCAPTCHA admin panel.
5. In your plugin code, add the following lines to load the reCAPTCHA library and create a new instance of the ReCaptcha class:
require_once( ‘plugins/recaptcha/autoload.php’ );
$recaptcha = new ReCaptchaReCaptcha( ‘secret-key’ );
6. To display the reCAPTCHA widget, add the following line of code to your plugin:
echo ‘
‘;
7. To verify the user’s response, add the following line of code to your plugin:
$response = $_POST[‘g-recaptcha-response’];
$remoteIp = $_SERVER[‘REMOTE_ADDR’];
$recaptcha->verify($response, $remoteIp);
If the user’s response is valid, the verification will return a score of 0.0. If the user’s response is invalid, the verification will return a score of 1.0. You can also use and tags for bold and italic where needed.
$secret = 'YOUR-SECRET-KEY';
$response = $_POST['g-recaptcha-response'];
$remoteip = $_SERVER['REMOTE_ADDR'];
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = array(
'secret' => $secret,
'response' => $response,
'remoteip' => $remoteip
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($curl);
curl_close($curl);
$result = json_decode($result, true);
if ($result['success'] == true) {
// The user is not a bot
} else {
// The user is probably a bot
}
?>
If you’re using the reCAPTCHA v3 library in your WordPress plugin, you might want to consider adding some form of integration with the new Google reCAPTCHA v3 library. Google reCAPTCHA v3 is a new service that Google is offering that doesn’t require the user to do anything other than load the page. The reCAPTCHA v3 library will then score the user’s interaction with the page and return a score. This score can be used to decide whether or not to let the user through to the next stage of the form submission process, or whether to require them to complete a CAPTCHA.
To use the reCAPTCHA v3 library in your WordPress plugin, you first need to sign up for a free reCAPTCHA v3 key from Google. Once you have a key, you can then add the following code to your plugin:
$secret,
‘response’ => $response,
‘remoteip’ => $remoteip
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($curl);
curl_close($curl);
$result = json_decode($result, true);
if ($result[‘success’] == true) {
// The user is not a bot
} else {
// The user is probably a bot
}
?>
You will need to replace YOUR-SECRET-KEY with the secret key that you generated when you signed up for reCAPTCHA v3.
The code above will make a call to the Google reCAPTCHA v3 API and return a JSON response. This response will contain a success flag and a score. The score is a number between 0.0 and 1.0, with 1.0 being the most likely to be a human user and 0.0 being the most likely to be a bot. You can use this score to decide whether or not to let the user through to the next stage of the form submission process.
If you want to learn more about the reCAPTCHA v3 library, you can find the documentation here: https://developers.google.com/recaptcha/docs/v3
