Why re-captcha for your WordPress sites
Pankaj Kandpal
December 17, 2020

Re-captcha is a world-known technology used to distinguish human beings and bots. For businesses running on WordPress websites, we see it as a remarkable asset for a healthy website.
Recently, we came across a lot many challenges and issues around the websites we cover for a Creative Marketing Agency. Some of them are highlighted below:

  1. Brute Force login attacks
  2. Spam Comments
  3. Exhaustion of resources on the server
  4. Malware injection if login attempt succeeds due to weak passwords
  5. Annoying entries for contact forms

Although, we had various ways to make some feasible workarounds, but providing the most efficient and remarkable solution is the real deal.

The most feasible and healthy solution came out to be the integration of Google re-captcha (the most reliable). A one-time solution, that lasts along with the website. Before moving onto what it brought up as an outcome, below I am sharing how we broke the implementation as a step-by-step process to make it more structured and scalable.

Following were the simple but effective steps that we followed to integrate the Recaptcha on various websites:

  1. Registering website on Google Console
  2. Generating Client Secret ID and Site ID from the console
  3. Configuring the captcha settings via WordPress plugins or custom code (wherever required)
  4. Configuring which of the forms needed the functionality selectively
  5. Setting up in-built captcha functionality for the plugins providing forms on the websites.

After the functionality brought in usage, there are several areas where the site owners testified the difference they felt before and after the enhancement:

  1. The majority of them appreciated the blockage of spam comments for the businesses having discussion threads on their sites.
  2. Most of the login attempts to the admin panel were blocked and the dashboard had no record of bot hits, feasible for e-commerce sites, Assessment Programs, and Insurance Agencies.
  3. Online activities like registration and newsletter signup recorded decent and reliable entries. The use case was mostly around businesses involved in Learning Management Systems, eCommerce, Event Management.
  4. The difference between before and after resource utilization (at the time of cyber bot attacks on the login page) had a huge margin.
  5. Lower chances of downtime for other sites on the same server (due to the reduction in over utilization of server memory)

We always recommend having an additional security measure on the websites, as the advancement in technology always affect both ways (constructive and destructive), keeping a step ahead before is always recommended. Generally, the captcha on all the forms should be integrated at the time of development. If not done already, it can be treated as a part of enhancement in the maintenance. A one-time additional investment on a business running on a WordPress website can make a greater impact at the time of its scalability.