reCAPTCHA is one of the most popular ways to enhance site security. By adding Google reCAPTCHA to your single password form, you can prevent password abuse and spam by automated software while allowing your users to access protected content with ease.
Simply follow the steps below to prevent password abuse with reCAPTCHA.
Requirement:
- Password Protect WordPress Lite version 1.7.0 or greater
Register a site
You’re required to register your site domain with Google so that you can add reCAPTCHA to your site.
To do so, go to the reCAPTCHA admin panel and provide the related information.
You can choose either reCAPTCHA v3 or reCAPTCHA v2 Checkbox.
Once done, you will receive a site key and secret key to connect our plugin with the reCAPTCHA service.
Configure reCAPTCHA settings
After activating our plugin, navigate to Password Protect WordPress >> Integrations under the admin dashboard.
Switch to the Configuration tab and input the keys you’ve received.
Once done, go to enable the corresponding reCAPTCHA type.
At the moment, you can show reCAPTCHA in either single password form or sitewide login form but not partial content protection (PCP) form.
If the site key and secret key are input correctly, you will see the reCAPTCHA icon display right below the password form.
An error message will be shown if the keys are invalid.
In terms of v3, a reCAPTCHA icon will display at the bottom right corner of your website if you enter the valid keys. Otherwise, nothing happens.
Logic & Limitations
- reCAPTCHA v3 works best when it can collect all data of users in your site, both legitimate and abusive behavior. For this reason, reCAPTCHA v3 badge will display on all pages of your site by default, no matter if they’re password protected or not.
- You can choose to hide the badge by adding the following code to Appearance >> Customizer >> Additional CSS.
.grecaptcha-badge { visibility: hidden; }
- You should not leave all configuration fields empty while enabling Google reCAPTCHA Protection. Our function still runs even though the reCAPTCHA icon doesn’t show. As a result, users can’t access the protected content even with the right password.
- reCAPTCHA for sitewide login form is available in PPWP Free version 1.7.4 or greater and PPWP Pro version 1.4.0 or greater.
Unlock password form including reCAPTCHA
If a user fails to validate the reCAPTCHA, he will see an error message asking him to try again later. As a result, he won’t be able to unlock the protected content even with the right password.
The administrators can change the default error message in the Appearance >> Customize >> PPWP Single Password Form >> Error Message section.