Welcome Guest! Login
0 items Join Now

RocketTheme Blog

Stop Contact Form Spam on WordPress and Joomla with reCAPTCHA


No one likes to receive spam in their inbox, especially if that spam comes from your own website. Contact forms are a great way to give your visitors an easy method for contacting you, but they can easily become a lot more trouble than they’re worth.

In this article, we’ll take a look at how people are using Google reCAPTCHA to rid their inbox of spam from contact forms on sites built on WordPress and Joomla.


reCAPTCHA is currently the most widely-used tool for site owners that are tired of robotic spam appearing in their inbox. In a nutshell, reCAPTCHA is a simple CAPTCHA tool that helps the world by digitizing text which helps improve maps, preserve books and other written materials, and improves AI.

In order to utilize reCAPTCHA on these platforms, you will first want to register your site through Google reCAPTCHA which enables you to get some basic reporting on the pass rate and spam index of users on your site. It also grants you a Site Key and Secret Key which are used during communication between your site and Google.

For the purposes of this tutorial, we will assume you are using Joomla 3.x and WordPress 4.0+ and have already gone through the steps of retrieving your keys from Google.

Because of a difference in terminology between platforms, the Site Key is also referred to as the Public Key while the Secret Key is referred to as the Private Key.


Joomla has the advantage of having reCAPTCHA support baked in. In fact, you can turn it on with a few simple steps.

The first thing you will need to do is ensure that the Captcha - ReCaptcha extension is enabled on the site. This can be done by using the following steps:

  1. Navigate to Administrator > Extensions > Extension Manager and selecting Manage from the sidebar.
  2. Search for Captcha.
  3. Make sure there is a green checkmark under Status. If there is not, click the red X to enable it.
  4. Navigate to Administrator > System > Global Configuration and select the Site tab. WordPress Contact Form
  5. Locate the Default Captcha option and set it to Captcha - ReCaptcha.
  6. Click Save and Close.
  7. Click on the Contacts component page from the sidebar.
  8. Select the Form tab. WordPress Contact Form
  9. Switch the Allow Captcha on Contact field to Captcha - ReCaptcha. This may not be necessary if the default captcha setting is set in Global Configuration, but this will allow it to be enabled specifically on the contact form, regardless of your defaults.

Once this is done, you just have to get the public and private keys for your domain and add them to the plugin. You can do this by following these steps.

WordPress Contact Form

  1. Navigate to Administrator > Extensions > Plugin Manager.
  2. Search for Captcha.
  3. Click on the name of the Captcha - ReCaptcha plugin.
  4. Enter the Site Key in the Public Key field.
  5. Enter the Secret Key in the Private Key field.
  6. Select your desired theme for the captcha.
  7. Click Save and Close.

A reCAPTCHA field should now appear on your contact form.


WordPress works a little differently than Joomla in terms of how captcha is handled, but the basic concept remains the same.

WordPress doesn’t have reCAPTCHA support baked in, but it is available in several different ways.

The most popular choice for general users being via a plugin, such as Better WordPress reCAPTCHA (a popular choice for Contact Form 7 users). There is also Form Maker which is an all-in-one form solution that includes support for several different captcha methods, including reCAPTCHA, and several others.

In recent RocketTheme WordPress themes, we have built reCAPTCHA support directly in, so you need but to set up the public and private keys in the theme settings to hit the ground running.

We have added a special Contact Form page template to our modern themes that provides a quick and easy method for you to add a reliable contact form to your site.

This is available by default if you are using a RocketLauncher, but can be easily recreated by simply starting a new page and assigning it the Contact Form template under Page Attributes.

WordPress Contact Form

Once you have this page set up, you will want to navigate to Admin > Theme Settings > Page Templates where you will find the Contact Form settings.

Here, you will be able to enter the form header, contact email address (if no address is filled here, the default admin email address is used), and the reCAPTCHA settings.

Switch the reCAPTCHA setting to Enabled and enter the Site Key in the Public Key field and the Secret Key in the Private Key field.

After this is done, simply select Save and take a look at your contact page to test.


There are plenty of excellent utilities out there that work very well at avoiding those pesky spam bots other than Google reCAPTCHA.

For example, the PlusCaptcha plugin for WordPress is a popular, modern approach to human testing that isn’t overtly intrusive on the user experience.

Akismet is a very powerful spam filtering solution for WordPress that can be used to safeguard a number of areas of your site, especially the comments section. When it comes to keeping spam out of your comments, this option is practically a no-brainer.

KeyCAPTCHA for Joomla requires no text typing on the part of your visitor, but instead asks them to complete a simple task. The download itself is free, but you have the ability to opt to support charitable causes by enabling advertising.

There are hundreds of great solutions out there. If you have one you would like to recommend, please share it in the comments section below.

Join the Conversation

comments powered by Disqus