Which WordPress captcha plugin should you choose?

Here’s something that can make you look crazy, visually impaired, or illiterate. Or all three at the same time.

This thing is a captcha. It often looks like this:

Or like this:

Most of the time, to validate it, you have to answer a question by copying one or more words (often indecipherable), or by selecting photos (often badly taken).

This tool is restrictive for the user, but it is still very useful to reinforce the security of a site. In this article, I’ll take you to discover WordPress captcha plugins.

At the end of this article, you will know exactly what a captcha is used for, and when and where you should use it.

You’ll also know in detail 6 plugins dedicated to the implementation of a captcha. I’ve put them all through the mill just for you. 🙂 Let’s go!

Originally written in August 2018, this article was last updated in August 2022.

Why implement a WordPress captcha plugin?

What is a captcha?

A captcha is a test that helps, among other things, to fight against spam by differentiating between humans and robots. It requires a response from the user (choosing photos, copying words) before performing an action (downloading a file, creating an email account, validating a comment, sending a form, etc.).

To designate its acronym, we also write it in capitals (CAPTCHA). You should know that CAPTCHA is an American trademark. It means Completely Automated Public Turing test to tell Computers and Humans Apart.

So its main battle horse is spam. I’m sure that you’re familiar with it. You know it is the untimely bombardment in our email boxes, in the form of an advertising message, or not.

For the anecdote, you should know that SPAM is the acronym of Spiced Pork And Meat. The captcha is a great ally to fight against this.

What are the different types of captcha?

There are several types of captcha. Here are the most common ones:

• The captcha in text format. This is probably the most classic. You are presented with letters and numbers, often distorted and not very readable. You have to copy them correctly to prove your human side. On average, it is estimated that a human being takes about ten seconds to analyze the proposed text.

• The captcha by image identification. Here, you are given a word (for example, “cars”), and you must select the images corresponding to this word.

• The reCAPTCHA. This is a system created by Google. To prove that you are not a robot, you only need to check one box. If the computer has a doubt about your human status, it makes you pass a small test. You have to solve a simple problem. Generally, Google asks you to recognize some images among a selection, as you saw just above. The evolution is particularly appreciable since it allows the user to no longer be annoyed when he is browsing a site. This improves the user experience!

• The captcha based on a mathematical problem. In this case, you are asked to solve a very simple mathematical problem, such as addition or subtraction.

• The captcha in audio format, which can be offered for visually impaired users.

Do you really need a captcha on your WordPress site?

The captcha is only interesting for your site if your anti-spam plugins do not filter malicious robots’ comments properly.

If this is the case, install one. Where to, sir?

Well, I advise you to use it in strategic places like your:

• Contact form
• Login form
• Comments

Note that some form plugins make it easier for you. They include a feature called honeypot, which thwarts spam.

With this built-in feature, you don’t need to add a captcha on your form. This is the case for the Gravity Forms plugin.

Installing a captcha alone cannot prevent all malicious bots from acting. A good practice is to manually validate comments before publishing them, in addition to the Akismet plugin, which is particularly useful to prevent spam from acting on your site.

Spam is automatically generated by computers, but users can also post comments with the sole purpose of creating links to their sites.

To prevent this, make sure that the two boxes below are checked in the Settings > Discussion menu of your WordPress dashboard:

• Comment author must fill out name and email.
• Comment must be manually approved.

For more info on WordPress security, take a look at WPMarmite’s posts dedicated to security.

And a little reminder, before moving on: installing a captcha is only useful in case of problems with your comments, your contact form, or login.

6 WordPress captcha plugins under the microscope

Using a plugin is not the only option available to set up a captcha on WordPress. It is possible, for advanced users, to install one by adding a piece of code in your HTML file. If you don’t like to get your hands dirty, it’s not really that easy.

The easiest and fastest way is to use a plugin.

I’ve looked at a dozen of them on the official WordPress directory, and I’ve chosen to present you 6 of them based on different criteria at the time of writing, such as:

• The efficiency and practicality of the plugin.
• The fact that the plugin has been tested with more than three major WordPress updates. This criterion made me rule out the Captcha Bank and Invisible reCaptcha for WordPress plugins, which were originally included in the first version of this article (before it was updated).

Using a plugin that is not compatible with one of the last three major versions of WordPress is not necessarily a problem. Most of the time, it means that the developer of the plugin hasn’t had time to check the compatibility of his code with the latest major version of WordPress. But sometimes, it can also be a sign of a major problem or a security flaw. So it’s best to stay safe and use updated plugins, if you can.

reCaptcha by BestWebSoft

With more than 200,000 active installations, reCaptcha by BestWebSoft (formerly named Google Captcha) is one of the most popular captcha plugins on WordPress in the official directory.

So it’s hard not to mention it here. Its description states that it makes life easy for people, while making life more complex for robots. Quite a program. Let’s go to the presentations.

The strengths of reCaptcha by BestWebSoft

• The installation of the plugin is smooth and fast, thanks to a very simple settings menu.
• You can activate 3 types of reCAPTCHA proposed by Google: reCAPTCHA V2, V3 or invisible. However, you must first register your domain name with the Google reCAPTCHA service in order to obtain API keys.
• It is possible to activate the plugin in different places: on a login, registration, password reset or comment form.

• The possibility to link the captcha to the Contact Form 7 plugin which is specialized in creating forms for WordPress (available only in the Premium version of the plugin).
• The possibility to disable captchas for certain user roles.
• You can also add a captcha wherever you want in your content using a shortcode.

The weaknesses of reCaptcha by BestWebSoft

• You can’t add custom code (e.g. CSS) in the free version.
• The confusion that can reign with another plugin proposed by the same developer: Captcha by BestWebSoft. At first glance, the two plugins seem to do more or less the same thing. In fact, BestWebSoft says that you can use Captcha by BestWebSoft if you don’t want to create API keys after activating reCaptcha by BestWebSoft.

The reCaptcha plugin also offers a premium version available from $24/year for use on one site. Its main advantage is its compatibility with various plugins: Contact Form 7, Gravity Forms, Ninja Forms, WPForms, WooCommerce, Divi, etc.

In the end, reCaptcha is an interesting plugin to install to protect you effectively against spam when coupled with the Contact Form 7 plugin (in paid version only, I remind you).

Download reCaptcha by BestWebSoft:

HumanCaptcha

Through this test of captcha plugins on WordPress, I also wanted to give a chance to some more “confidential” plugins. HumanCaptcha is one of them.

It has more than 300 active installations as I write this.

And just because a plugin has hundreds of thousands of downloads doesn’t mean that it is necessarily more efficient than a less famous competitor.

So what is HumanCaptcha really worth?

The strengths of HumanCaptcha

• Its originality is its first strong point. This plugin asks the user to answer a question that the owner controls directly behind his screen. You may like it or not, but it has the merit of standing out from existing solutions.

• Its simplicity allows this plugin to stand out. This is the developer’s promise and, in this respect, it breaks records. The interface consists of a single page. The settings are therefore very simple, with 3 possibilities of positioning your captcha, and a list of questions.
• The plugin is totally free: you don’t have to buy a premium version to benefit from all its features.

The weaknesses of HumanCaptcha

• We regret the absence of some basic functionalities, like email notifications, for example. This is a pity.

All in all, I’m not convinced, and I won’t commit to this plugin to limit spam on my website.

Download HumanCaptcha:

Really Simple Captcha

This plugin is certainly the most popular in the world of anti-spam. It has more than 400,000 active installations.

While it is free to use, it does not work on its own. Basically, Really Simple Captcha is an add-on to Contact Form 7 (CF7).

The creator of CF7 thought of this control by integrating the famous captcha in his plugin, under the name Really Simple Captcha. Users have to decipher images to send their messages.

The strengths of Really Simple Captcha

• A popular and easy-to-use plugin that delivers on its promise of simplicity. Customization is minimal, but sufficient: you can just choose the size and theme of your WordPress captcha.
• The plugin is 100% free.

The weaknesses of Really Simple Captcha

• Dependency on other plugins: you can’t use it alone.
• The plugin is limited to contact forms. You have to add an additional protection for your comments, and for the part dedicated to the login to the website.
• A use that requires a minimum of technical knowledge. There is no settings menu when you activate the plugin. You have to add a shortcode to activate the captcha on your contact form.

In the end, Really Simple Captcha is to be used if you have spam on your site only in your contact forms. If the spam comes from other actions like your comments, for example, it is better to choose another plugin than this one.

Especially since its developer, Takayuki Miyoshi, recommends using Google’s reCAPTCHA on a contact form instead.

Download Really Simple Captcha:

Login No Captcha reCAPTCHA

If you have a specific need to block spam on your login page, Login No Captcha reCAPTCHA plugin is the one for you.

With over 90,000 active installations, this plugin is popular and worth looking into.

The installation process is quick and basic, almost identical to reCaptcha by BestWebSoft.

The strengths of Login No Captcha reCAPTCHA

• Its simplicity of use.
• A real efficiency for the login page, as promised by the manufacturer.
• A fast and efficient installation. The user is guided during the installation with useful shortcuts, like the one to see the Google NoCaptcha keys.

The weaknesses of Login No Captcha reCAPTCHA

• A lack of customization for your captcha (appearance, size, color).
• A use that is limited to the login page only. This negative point is nevertheless to be qualified since the plugin warns us from its title, by integrating the word “Login”.

For this plugin, you only need to have spam on your login page to download it. Without this, its action is not useful.

Other plugins are present on the official directory to add a captcha on your login page. They are a bit confusing because they don’t offer any settings and are functional as soon as they are activated, like Login No Captcha reCAPTCHA. These are Cartpauj Register Captcha and Simple Login Captcha (which adds a 3-digit code on your login page to be copied in a dedicated box).

Download Login No Captcha reCAPTCHA:

hCaptcha for WordPress

hCaptcha is first of all a global service that aims to stop malicious bots (fight against spam), while protecting the privacy of users.

It offers a dedicated WordPress plugin, which is logically named hCaptcha for WordPress. This plugin presents itself as an automatic replacement for Google’s reCAPTCHA service, while offering to reward website owners.

More explanations below.

The strengths of hCaptcha

• The installation process is very simple. You just need to get a site key and a secret key to use the service. Registration is quick and takes only a couple of clicks.
• You have control over the size (normal, compact, invisible) and appearance (light or dark) of the captcha to display.
• The integration of hCaptcha on the forms of many famous plugins like Elementor Pro (affiliate link), Divi Builder, Ninja Forms, WPForms, Gravity Forms, Jetpack, WooCommerce etc.
• You can enable hCaptcha on several native forms offered by WordPress: login, registration, forgotten password. But also in the comments area.
• It is also possible to add an hCaptcha in your content with a shortcode.
• It’s a plugin focused on privacy protection, including a GDPR compliance and the use of cryptographic proofs.
• The possibility to support charitable actions thanks to the rewards you accumulate by blocking malicious bots.

The weaknesses of hCaptcha

• To quibble a bit, we can say that the settings menu could be a bit better organized from the interface point of view. The list of features to enable/disable is a bit long.

Finally, note that the plugin does not offer a premium package as such. There is a paid “Enterprise” offer, but the price is not communicated.

However, it will probably not be of any use to you because the features of the free version are already sufficient to protect you from spam.

Overall, I really liked this plugin.

Download hCaptcha for WordPress from the official directory:

Do you use the Elementor plugin on your WordPress site? You should know that it is possible to install a captcha on Elementor in a very simple way. You just need to get the API keys from Google reCAPTCHA and add them in a “Form” widget, as detailed on this resource.

CAPTCHA 4WP

Finally, I wanted to tell you about the CAPTCHA 4WP plugin. It is a must-have, since it has more than 100,000 active installations.

It also has an average rating (3.1 out of 5), partly because its users blame it for moving some of its options to a premium package.

For the rest, what’s the value of this widely used plugin, which displays a Google reCAPTCHA?

The strengths of CAPTCHA 4WP

• Simple and fast configuration.
• The possibility to choose between 3 types of reCAPTCHA (version 2, version 2 without confirmation and version 3).
• You can select the language of the reCAPTCHA.
• CAPTCHA 4WP offers the choice between 2 captcha sizes (normal/compact) and display style (light/dark).
• You can activate the captcha on the following forms: registration, login, password reset, lost password, comment area.

The weaknesses of CAPTCHA 4WP

• The fact that some interesting features are only available in the premium version, which starts at $29.99/year for use on 1 site. Without the premium version, you can’t take advantage of integrations with forms created with WooCommerce, Contact Form 7, Gravity Forms, BuddyPress, etc. In the end, I think this is too much of a limitation to use this plugin.

Download CAPTCHA 4WP on the official directory:

Which WordPress captcha plugin to choose?

You have reached the end of this article presenting 6 plugins to install a captcha on WordPress.

Now, it’s time to make the assessment. I was particularly convinced by hCaptcha‘s comprehensive and efficient service.

To a lesser degree, I would recommend reCaptcha by BestWebSoft. On the other hand, this plugin requires spending a little time on installation to work properly.

And you, which captcha plugin do you use on your site? Are you satisfied with it? I’m waiting for your feedback in the comments.