Add Google reCAPTCHA to WordPress comments without plugin

reCAPTCHA it’s a free anti-spam service offered by Google. Easy to use, effective, easy to implement it’s the most used captcha API. You can read more at https://www.google.com/recaptcha/intro/. Let’s add Google reCAPTCHA to WordPress comments and see how it works.

Tested on WordPress 4.9 with Twenty Seventeen theme.

1. Go to https://www.google.com/recaptcha/admin#list and register your website.

Register website to Google reCAPTCHA

2. View the “Site key” and “Secret key”  which will be used later in the code.

Google reCAPTCHA view keys

3. Edit single.php from your theme folder (in my example /wp-content/themes/twentyseventeen) and add the following code before get_header();

wp_enqueue_script('google-recaptcha', 'https://www.google.com/recaptcha/api.js');

4. Edit functions.php, add the code from below with your site_key (line 5) and secret_key (line 15).

/**
 * Google recaptcha add before the submit button
 */
function add_google_recaptcha($submit_field) {
    $submit_field['submit_field'] = '<div class="g-recaptcha" data-sitekey="your_site_key"></div><br>' . $submit_field['submit_field'];
    return $submit_field;
}
add_filter('comment_form_defaults','add_google_recaptcha');

/**
 * Google recaptcha check, validate and catch the spammer
 */
function is_valid_captcha($captcha) {
$captcha_postdata = http_build_query(array(
	            			'secret' => 'your_secret_key',
	            			'response' => $captcha,
	            			'remoteip' => $_SERVER['REMOTE_ADDR']));
$captcha_opts = array('http' => array(
	        		  'method'  => 'POST',
	        		  'header'  => 'Content-type: application/x-www-form-urlencoded',
	        		  'content' => $captcha_postdata));
$captcha_context  = stream_context_create($captcha_opts);
$captcha_response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify" , false , $captcha_context), true);
if ($captcha_response['success'])
    return true;
else
    return false;
}

function verify_google_recaptcha() {
$recaptcha = $_POST['g-recaptcha-response'];
if (empty($recaptcha))
    wp_die( __("<b>ERROR:</b> please select <b>I'm not a robot!</b><p><a href='javascript:history.back()'>« Back</a></p>"));
else if (!is_valid_captcha($recaptcha))
    wp_die( __("<b>Go away SPAMMER!</b>"));
}
add_action('pre_comment_on_post', 'verify_google_recaptcha');

5. No step five, that’s it!