4 min read
How To Create Google ReCaptcha V2 Keys
Spam bots are one of the biggest threats to any WordPress site. They flood contact forms, fake user registrations, and submit junk comments. Google reCAPTCHA is the most widely used tool to stop them, and setting up your reCAPTCHA V2 keys is the first step to protecting your site.
This guide covers how to create reCAPTCHA keys in the Google admin console, the difference between V2 and V3, and how to integrate reCAPTCHA with popular WordPress plugins including WPForms, Contact Form 7, and BuddyPress reCaptcha.
What Is Google reCAPTCHA?
Google reCAPTCHA is a free service that protects websites from spam and abuse. It uses advanced risk analysis to distinguish humans from bots. There are two main versions available for WordPress sites:
reCAPTCHA V2 (Checkbox)
The classic “I’m not a robot” checkbox. Users click a checkbox and may be presented with an image challenge. Simple to implement and widely supported by WordPress plugins.
reCAPTCHA V3 (Invisible / Score-Based)
Runs in the background with no user interaction. It assigns a score (0.0 to 1.0) based on browsing behaviour. Scores above 0.5 are typically human. Better user experience but requires more configuration to set the score threshold.
| Feature | reCAPTCHA V2 | reCAPTCHA V3 |
|---|---|---|
| User interaction | Checkbox click | None (invisible) |
| Challenge | Image puzzles sometimes | Never |
| Implementation | Simple | Requires score threshold |
| Best for | Login, registration forms | All pages, background protection |
| WordPress plugin support | Excellent | Good (most major plugins) |
How to Create Google reCAPTCHA V2 Keys
Follow these steps to generate your site key and secret key:
- Go to the Google reCAPTCHA admin console and sign in with your Google account.
- Click the + button in the top-right corner to register a new site.
- Enter a label for your site (e.g., “My WordPress Site”).
- Under reCAPTCHA type, select reCAPTCHA v2 and choose “I’m not a robot Checkbox.”
- Add your domain (e.g., yourdomain.com). For local development, add localhost.
- Accept the terms of service and click Submit.
- You will receive a Site Key (public) and a Secret Key (private). Copy both, you will need them for your WordPress plugin.
For reCAPTCHA V3, the process is identical except you select “reCAPTCHA v3” in step 4. The keys generated are version-specific, V2 keys will not work with V3 and vice versa.
Adding reCAPTCHA to WordPress
Once you have your keys, integrating with WordPress is straightforward. Here are the most common methods:
WPForms
Go to WPForms → Settings → CAPTCHA. Select reCAPTCHA V2 or V3, paste your Site Key and Secret Key, and save. Then add the reCAPTCHA field to any form in the drag-and-drop builder.
Contact Form 7
Go to Contact → Integration. Click “Setup Integration” under reCAPTCHA. Paste both keys. For V3, the reCAPTCHA badge will appear automatically on all pages with forms. For V2, add [recaptcha] to your form template.
Wordfence
Wordfence adds reCAPTCHA to the WordPress login and registration pages. Go to Wordfence → Login Security and enter your keys. This protects against brute force attacks on wp-login.php. If your site has been targeted before, check our guide on signs your WordPress site has been hacked.
Protecting BuddyPress Registration
If you run a BuddyPress community, the registration page is a prime target for spam bots creating fake accounts. The BuddyPress reCaptcha plugin adds Google reCAPTCHA directly to the BuddyPress registration form.
Install the plugin, enter your V2 keys under Settings → BuddyPress reCaptcha, and the checkbox appears on the registration form immediately. This blocks automated signups while keeping the registration experience smooth for real members.
Protecting WooCommerce Forms
WooCommerce login, registration, checkout, and password reset forms are all vulnerable to bot abuse. Several plugins support adding reCAPTCHA to WooCommerce:
- WooCommerce reCAPTCHA Integration, Adds V2 or V3 to login, registration, checkout, and lost password forms.
- WPForms, If you use WPForms for custom checkout forms, reCAPTCHA applies automatically.
- Wordfence, Covers the WooCommerce login page via the standard WordPress login protection.
Common Issues and Troubleshooting
“ERROR for site owner: Invalid key type”
You are using V2 keys with a V3 integration or vice versa. Generate new keys matching the version your plugin expects.
reCAPTCHA Not Appearing
Check for JavaScript conflicts with caching plugins. Exclude reCAPTCHA scripts from minification in your WordPress speed optimisation plugin settings (WP Rocket, Autoptimize, etc.).
“This site is not in the list of supported domains”
Add both your root domain and www version in the reCAPTCHA admin console. For staging sites, add the staging domain separately.
High Bounce Rate After Adding reCAPTCHA
Consider switching from V2 (checkbox) to V3 (invisible). V3 runs in the background and does not require any user action, reducing friction on forms.
Summary
Creating Google reCAPTCHA V2 keys takes less than two minutes and gives your WordPress site a strong first line of defence against spam bots. Whether you protect contact forms, BuddyPress registration, WooCommerce checkout, or wp-login, reCAPTCHA integration is essential for any production WordPress site.
WordPress Themes for Developers
Related reading