Plugin URL:https://wordpress.org/plugins/wp-recaptcha-integration/
Plugin Author: weDevs
WordPress profile: weDevs
Last updated: October 28, 2024 (2 weeks ago)
Tested up to (WP version): WP 6.6.2
Downloaded: 0
Rating: 5 (out of 5)
Description
Integrate reCaptcha in your blog. Supports no Captcha as well as old style recaptcha.
Provides of the box integration for signup, login, comment formsand Ninja Forms as well
as a plugin API for your own integrations.
Features:
- Secures login, signup und comments with a recaptcha.
- Supports old as well as new reCaptcha.
-
Works together with
- WP Multisite
- bbPress
- BuddyPress
- AwesomeSupport (thanks to Julien Liabeuf )
- WooCommerce (Only checkout, registration and login form. Not password reset)
- Ninja Forms
- cformsII
-
For integration in your self-coded forms see this wiki article for details.
Localizations
- Brazilian Portuguese (thanks to Vinícius Ferraz)
- Spanish (thanks to Ivan Yivoff)
- Italian (thanks to Salaros)
- German
Latest Files on GitHub: https://github.com/tareq1988/wp-recaptcha-integration
Compatibility
On a WP Multisite you can either activate the plugin network wide or on a single site.
Activated on a single site everything works as usual.
With network activation entering the API key and setting up where a captcha is required
is up to the network admin. A blog admin can override the API key e.g. when his blog is
running under his/her own domain name.
Known Limitations
-
You can’t have more than one old style reCaptcha on a page. This is a limitiation of
reCaptcha itself. If that’s an issue for you, you should use the no Captcha Form. -
A No Captcha definitely requires client side JavaScript enabled. That’s how it does its
sophisticated bot detection magic. There is no fallback. If your visitor does not have
JS enabled the captcha test will not let him through. -
On a Contact Form 7 when the reCaptcha is disabled (e.g. for logged in users) the field
label will be still visible. This is due to CF7 Shortcode architecture, and can’t be fixed.To handle this there is a filter
recaptcha_disabled_html
. You can return a message for your logged-in
users here. Check out the GitHub Repo for details. -
As of version 4.3 CF7 comes with its own recaptcha. Both are supposed to work together.
I you want to keep the WP ReCaptcha functionality, e.g. if you want to hide the captcha
from known users, leave the integration in the CF7 settings unconfigured. -
Old style reCaptcha does not work together with WooCommerce.
-
In WooCommerce the reset password form can not be protected by a captcha. Woocommerce does
not fire any action in the lost password form, so there is no way for the plugin to hook in.
Take a look at this thread for a workaround. -
Due to a lack of filters there is no (and as far as one can see, there will never be)
support for the MailPoet subscription form.
Plugin API
The plugin offers some filters to allow themes and other plugins to hook in.
See GitHub-Repo for details.
FAQ
If it says ‘Invalid sitekey’ and you checked the ‘Prevent lockout’ option on the plugin
settings (it’s on by default) you can log in with an administrator account and ignore the
captcha. If the keys are really invalid, the plugin will let you in, so you can set up a
new keypair.
When you see “Invalid domain for site key”, then the key is okay in general, but not for
your domain. The server can not test this case, so an effective lockout prevention is not
possible.
You will either need one of the following:
– access to the settings for your sitekey on reCaptcha API key administration
– access to your WordPress installation (via SSH or FTP) or database access
– database access
With API key admin
-
Look at source code of the login page.
-
Find the part saying
data-sitekey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
(The XXX-part should be your sitekey.) -
Go to the Google reCaptcha API key administration
-
Find the list entry with the sitekey from step 2
-
If lockout prevention is enabled you can simply delete the key set up a new one.
If not enter your domain name at “Domains” in a new line and wait up to 30 minutes.
With FTP Access:
-
Add this line of Code somewhere at the end of your theme functions.php:
add_filter(‘wp_recaptcha_required’,’__return_false’);This will disable the chaptcha everywhere.
-
Set up a new keypair and test it.
-
Remove the line above from your theme functions.php.
If you have Database access
-
Execute the following SQL-Commands in your Database:
DELETE FROM wp_options WHERE option_name = ‘recaptcha_publickey’;
DELETE FROM wp_options WHERE option_name = ‘recaptcha_privatekey’;(Please note that
wp_options
might have a different prefix in your installation.) -
After the login you will see a message asking you to set up the API keys.
-
Set up a new keypair on Google and test it.
If none of these works for you
That’s too bad…
Nope. I cannot give support on your individual projects for free, no matter how many one
star reviews you will give me. Have a look at the project wiki or find a WordPress coder.
Yes and no. The captcha verification process, comming into effect after the user has solved
the challenge does not require the disclosure of the visitors IP address, so it is omitted.
But everything related to the displaying of the captcha widget like the challenge image,
the JavaScripts and so on is loaded directly from Google and is very likely to be logged,
evaluated and stored forever.
In other words: Google knows which (recaptcha protected) website is accessed from which IP.
If that’s an issue for you, you better use a self hosted solution.
If XYZ stands for a widely used free and OpenSource plugin in active development with some
100k+ downloads I will give it a try. Just ask.
If XYZ is some rarely used plugin (about 1k+ active installs or so), I will accept pull
requests on github and push it to the WP repository. Please note that in such cases I will
not feel responsible for code maintainance.
On the plugin settings page check out if the option “Disable for known users” is activated (it is by default).
Then log out (or open your page in a private browser window) and try again.
If only the comment form is affected, it is very likely that your Theme does not use the
comment_form_defaults filter. (That‘s where I add the captcha HTML, to make it appear
right before the submit button.) You will have to use another hook, e.g. comment_form_after_fields
.
Here is some code that will fix it:
- Go to (https://gist.github.com/tareq1988/97d7f442ee3e92b7412e)
- Click the “Download Gist” button
- Unpack the
.tar.gz
file. - Create a zip Archive out of the included file
recaptcha-comment-form-fix.php
and name itrecaptcha-comment-form-fix.zip
. - Install and activate it like any other WordPress plugin
If the problem still persist, Houston really has a problem, and you are welcome to post a support request.
Very likely the Author of your Theme didn’t care that a non functinal form element should
look different than a functional one. This how you can overcome that issue:
- Go to (https://gist.github.com/tareq1988/7cbfb0dab73eb32cb4a2)
- Click the “Download Gist” button
- Unpack the
.tar.gz
file. - Create a zip Archive out of the included file
grey-out-disabled.php
and name itgrey-out-disabled.zip
. - Install and activate it like any other WordPress plugin
Yes. You can store in a session if a captcha was solved, and use the wp_recaptcha_required
filter to supress further captchas. See (https://github.com/tareq1988/wp-recaptcha-integration#real-world-example)
for a code example.
I personally prefer GitHub but you can post it in the forum as well. The plugin code is here: GitHub
Use the GitHub Repo rather than the WordPress Plugin. Do as follows:
-
If you haven’t already done: Install git
-
in the console cd into Your ‘wp-content/plugins´ directory
-
type
git clone git@github.com:tareq1988/wp-recaptcha-integration.git
-
If you want to update to the latest files (be careful, might be untested with your WP-Version) type `git pull.
Please note that the GitHub repository is more likely to contain unstable and untested code. Urgent fixes
concerning stability or security (like crashes, vulnerabilities and alike) are more likely to be fixed in
the official WP plugin repository first.
Either post it on GitHub or—if you are working on a forked repository—send me a pull request.
Since late 2015 WordPress.org offers a plugin translation API. Just use the
“Translate this plugin” button in the right sidebar.
Screenshots:
Other notes:
Latest Change log entry:
Tags:
captcha, login, no captcha, recaptcha, security
+ Jason's Comments
Google have provided a new style of anti bot check box – “No Captcha” – just click a button. I use this plugin to integrate “No Captcha” for the login forms, post comments and for Contact Form 7 (replaces Really Simple CAPTCHA).