reCAPTCHA protects you against spam and other types of automated abuse. With Contact Form 7’s reCAPTCHA integration module, you can block abusive form submissions by spam bots.
The latest version of the reCAPTCHA API is v3. Contact Form 7 5.1 and later uses this reCAPTCHA v3 API. reCAPTCHA v3 works in the background so users don’t need to read blurred text in an image or even tick the “I’m not a robot” checkbox.
Note: API keys for reCAPTCHA v3 are different from those for v2; keys for v2 don’t work with the v3 API. You need to register your sites again to get new keys for v3.
If you are using an older version of Contact Form 7 and are looking for information about the reCAPTCHA module for the v2 API, refer to reCAPTCHA (v2).
Registering a site
To start using reCAPTCHA, you first need to register the WordPress site. reCAPTCHA is Google’s service so you need a Google account to use it. Sign in to Google with the account, and go to the My reCAPTCHA page. You will see a simple registration form like the following:
Choose reCAPTCHA v3 from type options, and enter the domain of the website in the Domains field.
After you register a website, you will get the site key and secret key for the site.
Next, move to the WordPress admin screen and open the Contact > Integration menu page.
You will see a box titled reCAPTCHA there. Click Setup Integration in the box. It will display input fields Site Key and Secret Key. Copy-paste the two keys you received in the previous step into the fields, and click Save Changes.
That’s it. Now your contact forms use reCAPTCHA’s score to verify whether the form submission is from a human or from a spam bot.
reCAPTCHA v3 doesn’t need a CAPTCHA widget (the “I’m not a robot” checkbox used in reCAPTCHA v2) to work, so
[recaptcha] form-tags are no longer necessary. If
[recaptcha] form-tags are found in a form template, Contact Form 7 5.1 or higher ignores them and replaces them with an empty string.