HOW TO: add CAPTCHA protection to your WordPress site

Last modified: April 13, 2020
You are here:
Estimated reading time: 1 min

CAPTCHA is an effective tool that you can use to prevent your contact forms from being used by automated bots, sometimes called spambots, to post spam on your site. CAPTCHA protection works by displaying an image containing text on each contact form. Users need to type the displayed CAPTCHA text before they can submit the form. Because automated bots are unable to read and type the text displayed in the CAPTCHA image, they can’t use your forms to generate spam.

Leave a Reply



There are two steps you need to complete to add CAPTCHA protection to your WordPress site:

  1. Install and activate a CAPTCHA plugin.
  2. Choose your CAPTCHA settings.

There are several CAPTCHA plugins available for WordPress. In this example, we’re using the SI CAPTCHA Anti-Spam plugin, but you are free to choose a different plugin. The procedure for installing, activating, and configuring another plugin may be different. Refer to the plugin’s documentation for more information.

Installing and activating the CAPTCHA plugin

Firstly, Log in to your WordPress Dashboard as admin. Click Plugins Add New.

Select “Add New”


Secondly, In the Keyword search box, type captcha. In this example, we’re installing the SI CAPTCHA Anti-Spam plugin. Click Install Now. The Install Now button changes to Installing.

Search captcha to install


Thirdly, when the installation is complete, the button displays Activate. Click Activate.

Activate it


Next, The plugin is now active and appears in the Installed Plugins list in your WordPress Dashboard.

Choosing your CAPTCHA settings

Now that the plugin is active, you can choose the types of forms that will be protected by CAPTCHA. You can also change the messages that are displayed with your CAPTCHA.

After that, In your WordPress Dashboard, click Plugins Installed Plugins SI Captcha Options.

captcha-Plugins-Installed Plugins-SI CAptcha Options
Select SI Captcha Options.


After installing CAPTCHA, comment, registration, and missed password forms are automatically allowed. Since these are the most frequently targeted forms kinds of automated bots, we suggest that you leave these default settings in place.

There are two other default settings that you may want to change:

  • Login form – The login form does not automatically enable CAPTCHA security. Since login forms require a valid username and password, they are usually not targeted by spambots and do not need protection from CAPTCHA. However, if you are concerned about brute force attacks on the login page or suspect that your site users’ usernames and passwords have been compromised, you can enable CAPTCHA on login forms for additional protection.
  • No CAPTCHA remark for clients logged in –This environment is automatically activated and implies that registered users of the website who are presently logged in and have entered their usernames and passwords effectively do not see a CAPTCHA on the submission form.. To maximize protection on your comment forms and require CAPTCHA for currently logged in users, disable this setting.

Changing settings

Click Save Changes to select your form kinds and make any adjustments to the Options and Error Messages sections

captcha-Changing settings
Changing settings


For more information about a setting, click help.

That’s it! CAPTCHA is now protecting your WordPress site from spambots.

Was this article helpful?
Dislike 0
Views: 77
Customer Services Contact

Need Help? Send a Ticket to our 24X7 Technical Support Team

Subscribe Newsletter

Subscribe to Casbay Newsletter for online tips, events and latest promotion !

Copyright © 2010 – 2020 Casbay Sdn. Bhd. (1042688-D). All Rights Reserved.

All Trademarks Are The Property of Their Respective Owner.