Add Google reCAPTCHAv2 to WordPress comments without plugin

reCAPTCHA v2 it’s a free anti-spam service offered by Google. Easy to use, effective, easy to implement it’s the most used captcha API. You can read more at https://www.google.com/recaptcha/intro/. Let’s add Google reCAPTCHA to WordPress comments and see how it works.

Tested on WordPress 4.9 with Twenty Seventeen theme and reCAPTCHA v2.

1. Go to https://www.google.com/recaptcha/admin#list and register your website.

Register website to Google reCAPTCHA

2. View the “Site key” and “Secret key”  which will be used later in the code.

Google reCAPTCHA view keys

3. Edit single.php from your theme folder (in my example /wp-content/themes/twentyseventeen) and add the following code before get_header();

<br>
wp_enqueue_script('google-recaptcha', 'https://www.google.com/recaptcha/api.js');<br>

4. Edit functions.php, add the code from below with your site_key (line 5) and secret_key (line 15).

<br>
/**<br>
 * Google recaptcha add before the submit button<br>
 */<br>
function add_google_recaptcha($submit_field) {<br>
    $submit_field['submit_field'] = '&lt;div class="g-recaptcha" data-sitekey="your_site_key"&gt;&lt;/div&gt;&lt;br&gt;' . $submit_field['submit_field'];<br>
    return $submit_field;<br>
}<br>
if (!is_user_logged_in()) {<br>
    add_filter('comment_form_defaults','add_google_recaptcha');<br>
}</p>
<p>/**<br>
 * Google recaptcha check, validate and catch the spammer<br>
 */<br>
function is_valid_captcha($captcha) {<br>
$captcha_postdata = http_build_query(array(<br>
	            			'secret' =&gt; 'your_secret_key',<br>
	            			'response' =&gt; $captcha,<br>
	            			'remoteip' =&gt; $_SERVER['REMOTE_ADDR']));<br>
$captcha_opts = array('http' =&gt; array(<br>
	        		  'method'  =&gt; 'POST',<br>
	        		  'header'  =&gt; 'Content-type: application/x-www-form-urlencoded',<br>
	        		  'content' =&gt; $captcha_postdata));<br>
$captcha_context  = stream_context_create($captcha_opts);<br>
$captcha_response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify" , false , $captcha_context), true);<br>
if ($captcha_response['success'])<br>
    return true;<br>
else<br>
    return false;<br>
}</p>
<p>function verify_google_recaptcha() {<br>
$recaptcha = $_POST['g-recaptcha-response'];<br>
if (empty($recaptcha))<br>
    wp_die( __("&lt;b&gt;ERROR:&lt;/b&gt; please select &lt;b&gt;I'm not a robot!&lt;/b&gt;&lt;p&gt;&lt;a href='javascript:history.back()'&gt;« Back&lt;/a&gt;&lt;/p&gt;"));<br>
else if (!is_valid_captcha($recaptcha))<br>
    wp_die( __("&lt;b&gt;Go away SPAMMER!&lt;/b&gt;"));<br>
}<br>
if (!is_user_logged_in()) {<br>
    add_action('pre_comment_on_post', 'verify_google_recaptcha');<br>
}<br>

5. No step five, that’s it!

Update: You can check our reCaptcha v3 post, https://www.oueta.com/wordpress/add-google-recaptchav3-to-wordpress-comments-without-plugin/.

35 Replies to “Add Google reCAPTCHAv2 to WordPress comments without plugin”

  1. Is it possible to add a piece of code to disable the google captcha on comments if a user is logged into their account?

    This is fantastic though thank you!

    1. Hi Danny,
      Thank you for your feedback, I updated the code from functions.php, it shouldn’t appear when you are logged in.

      1. Is there any way to attach reCAPTCHA to my contact form as well? I can’t find in your code how you append the reCAPTCHA div to the submit button or elsewhere. But I’d like to protect my contact form via your method. Please, answer me asap. Thank you very much!

        1. You can attach reCAPTCHA in any form, but if you want to use the same method as I, you need to have two hooks in your form.

          1) Hook “add_google_recaptcha” into “comment_form_defaults”, which will display the reCAPTCHA.

          if (!is_user_logged_in()) {
          add_filter(‘comment_form_defaults’,’add_google_recaptcha’);
          }

          2) Hook: “verify_google_recaptcha” into “pre_comment_on_post” , which will validate the captcha.

          if (!is_user_logged_in()) {
          add_action(‘pre_comment_on_post’, ‘verify_google_recaptcha’);
          }

          Note: “comment_form_defaults” and “pre_comment_on_post” are already defined in wordpress, but if you use a custom form, you need to write them properly, to display and check the reCAPTCHA.

        1. If everything it’s setup correctly and it shows up on Posts, you should just check “Allow comments” on your Page and it should work.

          1. I created a test Page and it’s working.
            You should check if your page loaded reCAPTCHA.
            Search for recaptcha/api.js and <div class=”g-recaptcha”.
            And also you could check in Developer Tools from Chrome or Firefox if you have errors.

  2. I really like the approach and would love to implement this in a page but can’t seem to find the right hooks. Could you perhaps help? I don’t want to enable comments on all pages. What hooks should I be looking at and is it possible to enable it on a single page (and not others)?

  3. Hello,

    I have used your tutorial and seem to always get rejected by the recaptcha.

    I pasted the code into functions at the end. and used my key and code.

    Everything dispays correctly on the site just keeps rejecting the comments.

    Any help would be apreciated.

  4. Hello are you able to show me how to handle the error message on the same page instead of a redirect? Thank you for the help btw.

  5. Sorry, it won’t work for me. I’ve placed the code in the appropriate place (top) in “singles.php”, placed the code and the 2 keys in their respective places in “functions.php” but, no go. I can’t even see it! Before I tried your code, I tried it with a Google reCaptcha plugin which kept giving me an error and wouldn’t let me sign in. Deactivating it solved the problem. I have changed keys 3 times and I don’t know what else to do. Think you can help me?

    Thanks

    1. Rechecked, it seems the problem is the login (at least), where it’s not showing up. I can see it in the comments but only because, although I appear as loged in, as soon as I try to navigate within the site, I am loged out. Very strange!

  6. Ok, I think I’ve understood the problem. The thing is that I have the “Ultimate Member” plugin installed which has its own login and registration pages. The code you are so kindly sharing, obviously does not include these pages. From reading around (I,m a newby, if you haven’t noticed :), I think what I need to do is to add hooks to those pages, which I know I don’t know how to do.

    I have for the moment, implemented the plugin’s extension but I don’t like it as it isn’t v2 or v3 and gives that awfull image thingy which I personally, have always despised. It’ll have to do for the moment, however. So, I’ll keep searching and learning and if you can give me a hand, I’d deeply appreciate it. Cheers!

    1. Hi Ioannis,

      So far I tested this on “Twenty Seventeen” theme, I would test first this on a clean wordpress test setup.

  7. When i added this code in function.php and just inter my site key and secret key it showing error. Below

    Your PHP code changes were rolled back due to an error on line 370 of file wp-content/themes/bimber/functions.php. Please fix and try saving again.

    syntax error, unexpected ‘ ‘ (T_STRING), expecting ‘)’

    Also added code in single.php

    Please provide any suggestion.

  8. Great , this code work and i dont need to use a plugin

    But i put all the code in snippet code instead of single.php or o file that handle post

  9. Hi OUETA, would it be different codes based on reCaptcha v2 checkbox / reCaptcha v2 invisible / reCaptcha v3 or the code is same for all versions, just the key and secret would be different? Also is your code is fully compliant with WordPress 5.5, I mean they changed some codex I heard, like how you enqueue scripts etc. Thanks in advance.

Leave a Reply to isak Cancel reply

Your email address will not be published.