Most websites, regardless of their main purpose, include contact forms, subscription options, and other means of user communication. All of this makes up a large portion of a positive user experience and therefore, a successful business. This is why keeping a trustworthy email reputation is of the utmost importance to your website. Because of this, you may want to look into ways on how to protect your mailing and registration pages from unauthorized use. This includes:

• Mass registration of accounts using fake email addresses
• Automated mailings through the contact/subscription forms
• Usage of bots for posting comments, etc.

The main way to resolve these vulnerabilities? Using the CAPTCHA script on these webpages.

The main purpose of CAPTCHA is to determine whether or not the visitor attempting to send a message is a human being or a bot. While "good" bots are encouraged, e.g. search engine crawlers to access your website, be wary of the "bad" ones. Automated scripts and agents that were created with malicious intent can cause unwanted loads on your website and use up its resources (including email) to attack you or its legitimate visitors/users.

In other words, persistent email failures due to the mass registration of fake accounts or contact-form spam affect your websiteâ$™s reputation, not only your domain name but also your hosting cPanel IP address. This is not desirable, especially because senders with a low reputation have their emails delivered to spam/junk folders, even when they are sent directly from the webmail address. In addition, constant use of an email script creates a large load on the account resources, drawing them away from other functions of your website.

Letâ$™s now check how the most basic free section looks. The installation starts from the short overview at the Developer's Guide page. Before clicking on "sign up for an API key pair,â$ make sure that you are logged in to your Google account:

You may find the detailed explanation of the settings here.

On the next screen, you will receive your Site Key and Secret Key codes. Copy them somewhere and have them at hand before you start setting up CAPTCHA directly on your website.

At the moment, Google reCAPTCHA is offered in two versions: v2 and v3. Developers describe the difference on the versions comparison page.

Google reCAPTCHA v2 analyzes the traffic and asks that the checkbox be ticked only in the most suspicious of cases. If you are developing a mobile application or website, reCAPTCHA v2 offers an Android-specific API. Itâ$™s more dependable and comfortable to use with mobile content.

Google reCAPTCHA v3 is a checker that does not have a field to fill in or any special checkbox. Its logic is based on the actions itâ$™s tracking and building the score to validate a userâ$™s activity. It acts according to the behavior matches rules and suggests corresponding tasks.

There are numerous plugins for WordPress that offer protection for different kinds of fill-in fields. Itâ$™s easy to find them using the search field in the Add New tab of the Plugins section:

Itâ$™s important to choose the version of the plugin that is most compatible with your current WordPress release. Luckily, the system automatically marks it:

A full guide on the WordPress plugins installation process can be found here.

Unchecked or incompatible versions of plugins are likely to cause issues within your website, e.g. making it unavailable. In case you have to disable the newly-installed plugin, with or without the access to the admin dashboard, you can do so through the database or File Manager. Both options are described here.

CAPTCHA protection is already integrated into the most popular WordPress contact plugins. For example, you can easily find it in the latest version of the Contact Form 7 plugin.

Log in to your website admin dashboard and proceed to the Integration tab of the Contact section to find the reCAPTCHA addon:

Insert [recaptcha] in the code of your contact form and save the changes: