How To Setup reCAPTCHA On Contact Form 7 Plugin

Jan 26, 2020

Having a contact form is a must for every website, but that introduces potential issues with spam bots sending you spam emails from your website.

In addition to receiving spam emails from your own website, this can ruin the reputation of the IP address your mail server uses and make emails sent from it flagged as spam.

This means that your emails could end up in the spam folder, not good!

Contact Form 7

Therefore, it’s very important to protect your contact forms from spam bots, and in this article – we’ll teach you how to do this using one of the most popular contact form WordPress plugins out there (with over 5 million active installations) – Contact Form 7 plugin.


If you don’t have it installed yet, you can install Contact Form 7 plugin via your WordPress Dashboard > Plugins section > Add New option.

Search for the word “contact” in the search bar at the top-right corner and then click the Install Now button under the Contact Form 7 plugin:

Once the plugin is installed, go ahead and activate it from the same screen.

Contact Form

If you want to set up a new contact form on your website, you can do that via the Contact > Add New feature:


Now that we have a contact form added and configured, we need to set up spam protection (reCAPTCHA) for it. This keeps those spam bots away and your emails away from spam boxes!

In this example, we’ll use reCAPTCHA v3, which is the latest version of reCAPTCHA API, and it works completely in the background. This means that your users don’t need to perform any actions to verify that they’re humans like reading blurred text, selecting items on multiple images, or even ticking the “I’m not a robot” checkbox.

Note: If you were using reCAPTCHA v2 previously, you would need to generate a new set of API keys, as they’re different for v3.


The first step is to register your WordPress website with Google as reCAPTCHA is a Google service. Head to the My reCAPTCHA page, and sign in to Google with your Google account. Upon login, you will see a simple form to register your new website:

Next, perform the following steps:

  1. Input the label (name) of your website to be able to identify it easily
  2. Select the reCAPTCHA v3 type.
  3. Input the domain name of your website (without the https:// or www parts). If you plan to use reCAPTCHA on any subdomains on your domain name – add those as well.
  4. Input additional owner email addresses if needed.
  5. Select the “Send alerts to owners” checkbox to receive alerts in case something is wrong with the configuration.

Once completed, click the Submit button.

Once your website is registered, you will receive Site and Secret keys:


Go back to your WordPress Dashboard > Contact section > Integration option:

Click the Setup Integration button under reCAPTCHA section, and fill in your Site and Secret keys (that you received from Google previously):


Click the Save Changes button to finish the configuration, and you’ll see a confirmation message:

That’s it! Any contact form you’ve set up on your website via Contact Form 7 plugin will use the reCAPTCHA v3 score to detect if the form submission is from a spambot or a human.