Google reCAPTCHA works by offering a checkbox that the visitor needs to click. It sends off various data to Google who then respond with success or failure. In the event that they’re “not sure”, you’ll get a popup window that asks you to complete a simple question.

After answering the question provided, you’ll be verified and you’ll be able to submit the form as normal.

How to enable Google reCAPTCHA for use across Shield

There are 2 steps necessary to complete before you can make full use of reCAPTCHA across Shield:

  1. Register for Google reCAPTCHA keys
    Important: We currently do not support reCAPTCHA V3
  2. Enter your "Site" and "Secret" keys for use throughout the Shield

Register for Google reCAPTCHA keys

To register for Google reCAPTCHA keys, follow these steps:

  1. Go here
  2. Enter a label for these keys – something that you will recognise
  3. Enter all your WordPress domains in the large text area – 1 per line
  4. Click Register
  5. You’ll then be presented with a screen displaying your reCAPTCHA Secret and reCAPTCHA Site Keys

Enter your "Site" and "Secret" keys for use throughout the Shield

After creating your keys, go to the Shield => Settings => General => Google, and enter your "Site" and "Secret" keys. (See the screenshot below)

You are now ready to turn on Google reCAPTCHA across your site. 

For comment SPAM, look under the "Comments SPAM" module => reCAPTCHA, and you’ll see the option to enable reCAPTCHA for comments.

For login protection, look under the "Login Guard" module => reCAPTCHA, and you’ll see the option to enable reCAPTCHA for login protection.

Note: Apart from the standard Google reCAPTCHA, you are now able to choose your own theme/style ("dark theme", "light theme", "invisible recaptcha"). For more information on this, read the article here.

If you plan to use "Invisible reCAPTCHA" style it might happen that you see this error message when you try to login:

This message will be displayed at the bottom right corner of the screenand you will be unable to login. To prevent this, when registering for Google reCAPTCHA keys make sure you choose Google reCAPTCHA type that supports invisible reCAPTCHA:

Another error you could get is this:

If that happens, please make sure that:

  1. Your keys are correct (valid)
  2. You have not mixed-up the site key and the secret key Order
  3. You don't use reCAPTCHA V3, which is not supported by Shield

Note: If you get locked out due to reCAPTCHA, please follow the guide outlined in the article here

For more information on reCAPTCHA, visit Google Blog here.