Upgrade Contact Form 7 to reCAPTCHA V3

The vast majority of unwanted website contact form messages (spam) are created by ‘bots’ – software that finds contact forms and sends messages through them. Google’s reCAPTCHA is a way of protecting you against this spam and other types of automated abuse as it attempts to verify that the form is being filled in by a human and blocks attempts that it decides are from a machine. It’s pretty clever stuff so if you have a few spare minutes, it’s very interesting to read about how it does this. However, most of us just need to cut down the spam. If you’re using the excellent Contact Form 7 plug-in on your site, the reCAPTCHA integration has become much simpler and easier. Here’s how you do it.

The latest version of the reCAPTCHA API is v3 and Contact Form 7 version 5.1 upwards use this. reCAPTCHA v3 works in the background so no longer displays the ‘are you human’ box or users blurred text. Integration is also quite straight forward:

  1. Step one is upgrade your version of Contact Form 7 to the latest one (must be at least version 5.1 or above)
  2. Next on your site, remove any old reCAPTCHA references from the site code such as the old v.2 script and the CAPTCHA tag from the contact form.
  3. Google’s reCAPTCHA v.3 uses different API keys from v.2 so the next thing you need to do is head over to the Google reCAPCTA site and generate some new ones.
  4. From your site dashboard, go to the Contact Form 7 options and select ‘integration’. Here is where you’ll need to add the ‘site key’ and ‘secret key’ from step 3.
  5. Finally test your contact form is working.