Here's something that can make you go crazy, make you look visually impaired or even illiterate. Maybe all three at once.

That thing is a captcha. It often looks like this:

A typical captcha

Or this:

Another type of captcha

Most of the time, to validate it, you have to answer a question by copying one or more words (often indecipherable), or by selecting photos (often badly taken).

This tool, which is restrictive for the user, but useful to reinforce the safety of a website, makes it possible to differentiate a human user from a malicious robot (in computer jargon, it is called a Turing test).

In this post, you'll discover the (not so) fantastic world of captchas on WordPress. I will first explain what it is used for, then when and where you should use it.

Then, I'll present to you the results of my tests: I tested out 6 plugins just for you.

And I must warn you there are two that I particularly liked. Results can be found at the end of the page 🙂

Why set up a WordPress captcha plugin on your site?

What's a captcha?

A CAPTCHA (capitalized as an acronym) is a U.S. trademark. It means Completely Automated Public Turing test to tell Computers and Humans Apart.

It's a test that requires a response from the user, before performing an action (upload a file, create an email account, validate a comment, send a form, etc.).

A captcha is used to fight against spam, among other things. And, frankly, it's not to be taken lightly.

I'm sure you're familiar with spam. You know: the untimely bombardment in our e-mail inboxes, in the form of an advertising message, or not.

My reaction when I discover a site infected with spam

For the record, SPAM is the acronym for Spiced Pork And Meat. I'll let that sink in for you, before you start fighting it with captchas.

The different types of captchas

There are several types of captchas. Let me introduce you to the most common ones.

For starters, we find the classic captcha. It is a distorted text, not very readable, which must be copied correctly.

Classic Captcha

On average, it is estimated that it takes a human being about ten seconds to analyze this kind of text.

Then, you've probably already met the captcha by image identification.

captcha by image identification

You are given a word (for example, “cars”), and you must select the images corresponding to that word.

Finally, we have the reCaptcha.

a reCaptcha

To prove that you are not a robot, you just have to check a box. If the computer has any doubts about your human condition, it'll give you a little test. Then a simple issue must be solved. Usually, Google asks you to recognize certain images from a selection, as you saw just above.

The evolution is particularly appreciable since it no longer hinders the user when browsing a site. Captcha user experience has improved over time!

With this kind of captcha, no more squinting your eyes

You can also find audio captchas, captchas based on very simple mathematical problems (performing addition or subtraction), or 3D captchas.

Do you really need a captcha?

A captcha is interesting for your site only if your anti-spam plugins don't correctly filter comments from malicious robots.

If so, setup captchas on your website. Where at, sir?

Well, I advise you to use it in strategic places like:

  • Your contact form
  • Your login form
  • Your comments section

Note that some form plugins make your work easier. They include a feature called honeypot, which prevents spam. With this built-in feature, you don't need to add a captcha on your form. This is the case for the Gravity Forms plugin.

Installing a Captcha alone cannot prevent all malicious robots from acting. A good practice is to manually validate comments before their publication, in addition to using the Akismet plugin, which is particularly useful to prevent spamming on your site. Spam is automatically generated by computers, but users can also post comments with the sole purpose of creating links to their sites.

To prevent this, make sure that both boxes below are checked in the Settings > Discussion menu of your WordPress Dashboard:

  • Comment author must fill out name and email
  • Comment must be manually approved
WordPress settings to secure your comment section

A little reminder, before moving on: installing a captcha is only useful if you have an issue with your comments, your contact form or your login page.

Your best WordPress projects need the best host!

WPMarmite recommends Bluehost: great performance, great support. All you need for a great start.

6 WordPress captcha plugins put to the test

Using a plugin is not the only option available to setup a WordPress captcha. Avanced users can install it by adding a piece of code in the site's HTML file. If you don't like to get your hands dirty into the code, it's not exactly easy.

To make the task simple, you'll have to use a plugin.

I've browsed through a dozen of them on the official WordPress directory, and I've chosen to present 6 of them to you. Efficiency and practicality have guided my choices in making this list.

By the way, I would like to point out that I wanted to compare some plugins a bit differently, like Human Captcha or Invisible Captcha. You'll understand why later on.

Anyway, I'm not going to introduce you to any paid plugins. A free plugin is enough to prevent the spam on your site.

Captcha Bank

Captcha Bank is a not-so-known WordPress captcha plugin

Next to the biggest plugins is Captcha Bank. With more than 20,000 active installations and regular updates, this little spam checker is starting to become a real must-have for your WordPress captchas. Its good rating (4.2 out of 5) testifies to this. It is therefore interesting to take a closer look.

The installation on your Dashboard is done in a few clicks. The plugin then requires a standard configuration, through a personal space directly added to WordPress.

The interface is clean and intuitive, and useful explanatory links are introduced at the right time. For example, when it is necessary to fill in the licence key for your site, you'll find a link next to the field, to tell you how to do so.

Captcha Bank's strengths

  • The great customization of the plugin offers in its free version is particularly appreciated: you can choose where you want to display your captcha (contact form, login, comments…) but also to choose the language or the type of captcha adapted to your users.
Captcha Bank settings

With Captcha Bank, select the type of captcha you want to display: Google reCAPTCHA, text captcha or logical captcha.

  • A clean and well thought-out interface, pleasant to use.

Captcha Bank's weaknesses

  • Some classic settings are not avaliable in the free version. You cannot receive email notifications or error messages.

All in all, I recommend Captcha Bank for a standard anti-spam use on the classic functions (contact form, login and comments). You should know that a paid version exists for 29,99€ per year.

If you want more safety, couple its use with a complementary plugin, such as Akismet.

Google Captcha

With over 200,000 active installations, Google Captcha is one of the largest WordPress captcha plugins.

The installation of the plugin is fluid and fast. The instructions to be filled in are quite clear. One small downside: some clarification would have been welcome. For instance, not all the explanatory links I mentioned earlier are listed here.

Google Captcha's strengths

  • A practical interface where customization is sufficient (the captcha's layout on WordPress, the choice of its location, the version to implement are customizable).
  • The possibility to link the captcha to the Contact form 7 plugin which is specialized in the elaboration of forms for WordPress (only available in the Premium version of the plugin).
  • Being able to disable captchas for certain user roles.
  • The ability to customize CSS. Those who like to get their hands dirty will appreciate it.
Customize your captchas with CSS
The interface to customize your captchas with additional CSS

Google Captcha's weaknesses

  • The free version of the plugin can only display captchas in English. If your website users speak another language, or if you manage a multilanguage interface, this may cause some user experience issues. Although the paid version is relatively accessible, since it starts at $17.95 per year.

In the end, this is quite an interesting plugin to install to protect you efficiently against spam when coupled with the Contact form 7 plugin (in paid version only, I remind you).

HumanCaptcha

HumanCaptcha plugin

Through this test of WordPress captcha plugins, I also wanted to give the chance to some smaller solutions. HumanCaptcha is one of them.

It has less than 1,000 active installations at the time of writing.

But just because a plugin accumulates hundreds of thousands of downloads doesn't mean it's necessarily more efficient than a less famous competitor.

So, what's HumanCaptcha really worth?

HumanCaptcha's strengths

  • Its originality is its first strong point. This plugin asks the user to answer a question that the owner controls directly behind his screen. We don’t necessarily like or dislike it, but it sure differentiates this plugin from existing solutions.
With this WordPress captcha plugin, you can customize your questions
Quite a cool feature: the question's customization
  • Its simplicity makes this plugin stand out. This is the developer's promise and, at this level, he is breaking records. The interface consists of a single page. The settings are therefore very simple with 3 possibilities to position your captcha, and a list of questions.

HumanCaptcha's weaknesses

  • We regret the lack of some basic features, such as e-mail notifications, for example. Too bad.

In the end, I'm not that convinced, and I wouldn't use this plugin to limit spam on my website.

Invisible ReCaptcha

Invisible ReCaptcha WordPress plugin

This plugin is a real integration of the latest version of reCaptcha, which I presented to you in the different types of captchas. Remember that part?

Thanks to this one, annoyed users who can't see the car in blurred photos are no more!

With this plugin, which has more than 100,000 active installations, the little captcha box is always present on the screen. But now it ticks itself. The plugin itself analyzes the user's behavior when they fill out, for example, the contact form.

Let's take a closer look at how it works. The first steps are similar to the installation of any other captcha plugin. You need to fill in your Google key information to link your information to your site.

The process is beautiful and so should be the result. That's my personal experience. Is that because I'm tired of having to tick the captcha box three times before getting a positive answer? Maybe…

Invisible Captcha's strengths

  • A breakthrough in the captcha field that optimizes user experience. Remember: visitor satisfaction should always be a priority for any webmaster.
Example of a captcha created with the Invisible ReCaptcha plugin
Here's what an automatic captcha looks like on a login page, via the Invisible Captcha plugin
  • A simple but effective interface. The options are sufficient and do not drown the user in tons of information. The language used automatically adjusts itself to the one you have set up on your site, even if you can still to modify it yourself.
  • The position of the captcha can be adjusted according to your needs (top left or right). Here too, there's plenty of room for imagination, with the possibility of entering additional CSS.
  • The the plugin's integration with others is particularly cool: WooCommerce, Contact Form 7 or Gravity Forms are among them.

Invisible Captcha's weaknesses

  • An e-mail alert could be an additional option to make the plugin optimal.

I recommend Invisible Captcha, especially if you want to take care of user experience on your site.

Speed up your website with WP Rocket

Turn your site into a rocket with the most powerful caching plugin recognized by WordPress experts.

Really Simple Captcha

Really Simple Captcha

This plugin is certainly the most popular in the world of the fight against SPAMS. It has over a million downloads. Moreover, the use of Really Simple Captcha is free.

However, it does not work by itself. It is a complementary plugin to Contact Form 7 (CF7). The creator of CF7 thought of us by integrating in his plugin the famous captcha, under the name of Really Simple Captcha. Users need to decipher images to send their messages.

Really Simple Captcha's strengths

  • A popular and easy-to-use plugin that delivers its promise of simplicity. Customization is minimal, but sufficient: you can just choose the size and theme of your WordPress captcha.

Really Simple Captcha's weaknesses

  • Dependent use of other plugins: you can't use it alone.
  • Limited use of contact forms. Additional protection must be added for your comments, and for the part dedicated to the connection to the website.

Ultimately, Really Simple Captcha is to be used if you have spam on your site only in your contact forms. If the spam comes from other places such as your comments, for example, you'd better choose a plugin other than this one.

Login No Captcha ReCaptcha

Login No Captcha ReCaptcha

If you have a specific need to block spam on your login page, the Login No Captcha ReCaptcha plugin is the one for you.

With over 80,000 active installations to its history, this plugin is popular and deserves attention.

The installation process is fast and basic, almost identical to that of Google Captcha.

This plugin is simple to use but is only effective for use on the login page. That's it’s major limitation.

Login No Captcha ReCaptcha's strengths

  • A real performance for the login page, as promised by the plugin's creator.
  • Quick and efficient setup. The user is guided through it with useful shortcuts, such as the one to see the Google NoCaptcha keys.

The Login No Captcha ReCaptcha plugin guides you smoothly through its setup

Login No Captcha ReCaptcha's weaknesses

  • A lack of customization for your captcha (appearance, size, color).
  • A use that is limited to the login page only. This negative point is to be nuanced since the plugin announces this from its title, by integrating the word Login.

For this plugin, you only need to have spam on your login page to download it. Without that, its action is useless.

Who's the winning plugin?

You made it to the end of this post presenting 6 free WordPress captcha plugins.

Was this post useful to you? Share it on Twitter! Click To Tweet

Now it's time to choose. I am convinced by the comprehensive and efficient service of Google Captcha. However, it is necessary to take a little time on the setup for it to work properly.

For those who are looking for customer satisfaction above all, I highly recommend Invisible reCaptcha, an efficient plugin that keeps its promises. Visitors are no longer frustrated by the intermediate steps, and they can fully enjoy your website without interruption.

What about you? Which captcha plugin do you use on your site? Are you satisfied with it?

I look forward to your feedback in the comments. Finally, if you feel that this article can be useful to others, feel free to share it on social networks.