Eliminate WordPress spam with reCAPTCHA v3

It seems like everywhere you go nowadays you are hit with spam: spam email, spam phone calls, spam text messages, spam everything.

We can’t always stop those types of spam but we can absolutely put a stop to WordPress comment spam.

Spam comments are a major problem for website owners and administrators. A lot of WordPress spam comments are links to potentially malicious sites. Others are just nonsense phrases that add nothing to the conversation on your site.

Either way, you don’t want them on your site.

One sure fire way to stop spam is to just turn off comments on your site. But what if you still want people to be able to comment on your posts? Turning off comments also doesn’t address spam that comes through your contact form.

Where does WordPress spam come from?

Comment spam comes from bots or actual people. Most of the comment spam on WordPress sites are the same that you see on other sites, a link to another site with some text about working from home, making more money, or nude pictures.

Every once in awhile you will see a comment that is just a nonsense phrase that looks like it was written by a robot.

Again, most of the time the comments are links to other sites intended to get backlinks to the spammer’s website littered all over the internet. In the hope to improve search engine optimization or that people will visit the link when they see the comment.

The spammer hopes that Google will rate their page higher because the website has links appearing on many other sites all over the internet.

Either way, you don’t want those types of comments on your site. It is one thing if a commenter is mentioning a product or service that is actually relevant to the conversation but not if it is an unsolicited link to an unrelated site.

So how do you stop the comment spam?

One of the best ways I have found to stop comment spam is by using reCAPTCHA v3 (also know as Invisible reCAPTCHA) from Google. It prevents comment spam, contact form spam, protects your login form and many other parts of your site.

What is reCAPTCHA v3?

Google’s reCAPTCHA v3 is a great way of stopping bots and spam on your site and it it very user friendly. It doesn’t require them to try to figure out distorted text and type it into a box. Nor does it require them to click the “I’m not a robot” checkbox.

It runs silently in the background of your site and if it suspects a user on your site is not actually a person it will issue them a challenge to prove they are human. This is usually in the form of clicking boxes of a picture that contain a specific item.

reCAPTCHA challenge
reCAPTCHA challenge

Your visitors don’t have to constantly interact with the reCAPTCHA to prove they are human. In addition to being easy on your users, it is very effective in stopping spam.

After I implemented it on two news sites the comment spam had gone down to about one spam comment a month instead of multiple per day.

How do you add it to your WordPress site?

  • First, you need to sign up for reCAPTCHA through Google here, be sure to select Invisible reCAPTCHA.
  • From there you fill out the form to register your site. After you have registered your site you will be taken to a page with instructions to add reCAPTCHA to your site.
  • Google will provide you with some code to add between the <head></head> tags of our site. This can be added in your theme customization area or in the theme editor settings.
  • Next, you will need your Site Key and Secret Key. These will need to be added to a plugin you will be installing.
register for reCAPTCHA
Register for reCAPTCHA

Install the Invisible reCaptcha for WordPress plugin. It allows you to add reCAPTCHA to the following:

  • comments form
  • login form
  • registration form
  • forgot password form
  • Contact Form 7 forms
  • Gravity Forms
  • BuddyPress
  • WooCommerce

Not only will it prevent spam comments but it also protects other important areas of your site from bots.

After installing the plugin, go to the settings area of the plugin. Enter your Site Key and Secret Key. Next, select WordPress from the Invisible reCAPTCHA Settings and select what parts of your site you would like to protect.

Invisible reCAPTCHA keys
Insert your Site Key and Secret Key from Google
Invisible reCAPTCHA settings
Select what areas of your site you want to protect

Once Invisible reCAPTCHA is active on your site you will see a “Protected by reCAPTCHA” image on the parts of your site that are protected.

reCAPTCHA logo
reCAPTCHA logo

If the image doesn’t show up on your protected pages after a day you will need to double check that your keys are correct and that you placed the code correctly in your <head></head> tags.

There you go, a simple way to eliminate spam on your WordPress site!

Deprecated: Directive 'allow_url_include' is deprecated in Unknown on line 0