Home
Invisible Captcha in Contact Form 7 for WordPress

Invisible Captcha in Contact Form 7 for WordPress

No Comments Entrepreneurialism

Hosting Mautic QuickStart -50% with support in Spanish
24 hours and free training

Send up to 1,000,000 emails/year. Mautic support in Spanish 24 hours, 365 days

You have already created your and you have created the entries, pages, products and a nice form so that users can contact you, this is it.

After many hours/days of work, you see the light at the end of the journey, you believe that the hardest work is already done and it is, but don’t forget about safety.

We are left with the step of avoiding that annoying SPAM that invades our account and can even leave us with the web down. For this you must.

Today we are going to talk about how to do it with invisible Captcha in Contact Form 7 for WordPress. Attention!

What is SPAM?

The term Spam is used to refer to spam, unwanted advertising, identity theft, etc. And you may be wondering, what does that have to do with my WordPress?

I will explain it to you in the next section.

Spam in WordPress

Spam in WordPress arrives through different means, contact forms, comments, user registration or any other means by which the user can interact with our website.

Spam messages that can sneak into comments or content usually contain a large number of links to unethical pages.

These Websites may contain malicious content in the form of that may affect the computers of users who visit these pages.

This type of Spam is usually “strained” by means of bots or machines that are continuously scanning the web, identifying some kind of vulnerability through which to enter and add its content.

Spam can be detrimental to the credibility or reputation of our brand just as it is detrimental to SEO, since search engines relate sites with a large number of links as a “Link Farm” and are penalized for allowing this type of behavior and content.

See also  INSERT IMAGE WITHIN TABLE

After checking how Spam can affect our website and reputation, we are going to see how we can prevent it from being “sneaked in” by using Google’s reCAPTCHA in our WordPress using the Contact Form 7 plugin.

What is reCAPTCHA?

According to Google “A CAPTCHA is a test to distinguish between humans and bots”, in other words, a Captcha is an application that can distinguish whether the user is a human or a machine.

There are currently two versions of reCAPTCHA

  • ReCaptcha v2 – I am not a robot: this version shows the user a checkbox “I am not a robot” as long as it is detected as not suspicious; In the case of detecting any anomaly, the complete captcha will be displayed where the user will have to be validated to prove that he is not a bot.

  • ReCaptcha v3: this version does not require any intervention from the user and it is the captcha itself that is responsible, through scores, for identifying whether it is a user or a machine.

Now yes, we get down to work and we are going to protect our WordPress (pages, entries, comments, registrations, forms…) so that we do not “sneak in” that Spam and at the same time we protect the computers of the users who visit our website .

Since version 5.1 of Contact form 7, it incorporates the reCAPTCHA v3 API, which makes it easier for us to implement it in forms, registrations, comments… without the need to add more plugins. This version is only compatible with Contact Form 7 5.1 or higher, lower versions use the reCAPTCHA API v2.

The first thing we have to do is register our domain in Google’s reCAPTCHA service and obtain the API keys, for this we go to the reCAPTCHA page.

Note: You will need to have a Google account to log in.

See also  remove breaking news from header

Once we enter the reCAPTCHA console we will see a very simple form:

    • Label: we add a name to identify it, it is a good option to add the domain name. The reason for adding a tag name is because it allows us to have more than one domain on the same console and by adding a name we can identify which installation each key belongs to.
    • reCAPTCHA type: We will use version v3 which is compatible with versions higher than 7 5.1 of Contact Form 7.
  • domains: here we indicate the domain in which we will use the captcha. Apart from the domain we can add a subdomain, for example, if we have a store with the same domain store.mydomain.xxx.

Once our domain is registered, we see that it shows us a page with the keys public Y private that we need to configure the reCAPTCHA in our plugin Contact Form 7:

Without closing the page where we have the keys, we can always consult them later by accessing the Google reCAPTCHA console, we go to our WordPress administrator and access Contact -> Integration

In the reCATCHA block, click on the “ Facility Integration ” and we see that it shows us two cells where we have to add the public and private keys that we obtained from reCAPTCHA.

We have to be careful and add each one in its corresponding cell, otherwise it will show an Invalid Key warning or it will simply not be shown.

And we would have it, we would only have it save changes and access the different sections of our website to check that the Captcha is displayed correctly.

If you used earlier versions of Contact Form 7 with version v2 of Captcha you have to remove the tag of the form template since it is not necessary. If they exist Contact Form 7 will interpret them as an empty string and ignore them.

See also  How to use the Beaver Builder plugin to create a website?

Explanatory video tutorial

Still in doubt? Here you have a Video Tutorial with the steps we have done:

recommendations

Keeping our application safe does not imply a large investment nor does it require advanced knowledge, any user can take the necessary measures with a few simple steps and the necessary applications.

  • Use quality hosting to apply security measures on its servers. At we take security very seriously and we apply protection measures and constant monitoring to keep your hosting as protected as possible.
  • Use strong passwords and a password manager to store encrypted passwords
  • Protect access with double 2FA authentication
  • activate the plugin Akismet Anti-Spam for another layer of security.
  • Disable user registration if not needed or change the default URL for WordPress registration.
  • Install an SSL Security Certificate to encrypt application data.
  • Use a secure connection to browse like a VPN and prevent your actions from being tracked.

With our swiss army knife of security, you will be able to apply all these actions and maintain your security both in the online applications you use and in your web browsing.

Conclusions

The security of our WordPress is one of the crucial parts of a website. If we don’t keep our app secure, hackers can easily attack our site. Maintaining the security of our website is not difficult by applying some measures like the one we have seen in this post and in a very easy way.

Awareness of danger is already half of safety and salvation

Ramon J. Sender

Recommended reading:
.
.

Help us improve our content by sharing your opinion

.com content team

Related posts:

  1. What is hosting and how does it work?
  2. What is Joomla? –
  3. How to make a backup in WordPress, in 1 minute
  4. Install WordPress easily on cPanel Hosting

Related Posts

Loading Facebook Comments ...
Loading Disqus Comments ...