Description
reCAPTCHA for Jetpack enhances your WordPress site’s security by integrating Google reCAPTCHA v3—an invisible, score-based spam filter—with Jetpack contact forms and comments (including forums). Designed for block-based themes (e.g., Full Site Editing), it uses behavioral scoring to block bots seamlessly. Key features:
- Invisible Protection: Analyzes user behavior (e.g., mouse movements, session duration) to assign a score (0.0–1.0) for contact forms and comment forms.
- Customizable Threshold: Set a score threshold (default 0.5) to balance spam blocking and user access for both forms and comments.
- Automatic Spam Handling:
- Form submissions with scores below the threshold are reliably blocked and moved to the Jetpack Feedback CPT spam folder in the admin interface.
- Comments with scores below the threshold are automatically moved to the spam folder without triggering approval emails.
- Submission Stats: Tracks total submissions and logs the last 20 submissions (forms and comments) with scores and status (success/spam) in a streamlined manner.
- Jetpack Integration: Requires Jetpack for contact form and comment protection, fully compatible with block-based forms and Jetpack forums.
- Email Enhancements: Appends reCAPTCHA scores to form submission emails and comment notification/moderation emails for transparency.
- Admin Feedback: Displays reCAPTCHA scores to admins on form success pages and logs detailed debug info for failed submissions.
Perfect for modern WordPress sites, this plugin provides robust spam prevention with insightful analytics, ensuring a seamless user experience while keeping your forms and comments spam-free.
Short Description
Adds Google reCAPTCHA v3 to Jetpack forms and comments to prevent spam, with stats and spam folder handling.
External Services
This plugin uses Google reCAPTCHA v3, a service provided by Google to verify user interactions and prevent spam on contact forms and comments.
- Purpose: Google reCAPTCHA v3 analyzes user behavior to assign a score (0.0–1.0) indicating the likelihood of a user being a bot. This score determines whether form submissions are blocked (moved to spam) or comments are flagged as spam.
- Data Sent: When a user submits a form or comment, the plugin sends a reCAPTCHA token to Google’s API (
https://www.google.com/recaptcha/api/siteverify). The request includes:- The reCAPTCHA secret key (configured in the plugin settings).
- The reCAPTCHA response token generated by the client-side script.
- The user’s IP address (optional, included for enhanced verification).
- When Data is Sent: Data is sent to Google’s API on every Jetpack contact form or comment submission.
- Service Provider: Google LLC.
- Terms of Service: https://www.google.com/recaptcha/about/
- Privacy Policy: https://policies.google.com/privacy
Users must agree to Google’s terms of service when setting up reCAPTCHA keys. No user consent is required for reCAPTCHA v3, as it operates invisibly without challenges.
License
This plugin is licensed under the GPLv2 or later. See https://www.gnu.org/licenses/gpl-2.0.html for details.
`
Screenshots
Settings Page: Configure Site Key, Secret Key, and v3 Score Threshold under Settings > reCAPTCHA for Jetpack. 
Submission Stats: View total submissions, the last 20 submissions (forms and comments), and spam/success status. 
Instruction Guide: Step-by-step help for obtaining reCAPTCHA v3 keys from Google.
Installation
- Upload the
recaptcha-v3-for-jetpackfolder to the/wp-content/plugins/directory. - Activate the plugin through the ‘Plugins’ menu in WordPress.
- Ensure Jetpack is installed and active (required for contact form and comment protection).
- Go to
Settings > reCAPTCHA for Jetpackin your WordPress admin to configure settings. - Enter your Google reCAPTCHA v3 Site Key and Secret Key (see «How to Get reCAPTCHA Keys» in settings).
- Adjust the v3 Score Threshold if needed (0.1–1.0, default 0.5).
- Test your forms and comments—view stats, scores, and spam status in the settings page.
FAQ
-
Do I need Jetpack for this plugin?
-
Yes, Jetpack is required for contact form and comment protection.
-
How does reCAPTCHA v3 work?
-
reCAPTCHA v3 runs invisibly, analyzing user behavior to assign a score (0.0–1.0). Form submissions or comments scoring below the threshold (default 0.5) are reliably blocked, with forms moved to the Jetpack Feedback CPT spam folder and comments flagged as spam.
-
Where do blocked form submissions go?
-
Form submissions failing reCAPTCHA verification are saved in the Jetpack Feedback CPT with a ‘spam’ status, visible in Jetpack > Feedback > Spam in the admin interface.
-
How do I check my site’s reCAPTCHA scores?
-
Submit a form or comment, then view total submissions, the last 20 submissions (with scores and spam/success status), and debug logs in Settings > reCAPTCHA for Jetpack. Detailed analytics are available in the Google reCAPTCHA Admin Console (https://www.google.com/recaptcha/admin).
-
Why do I see «The reCAPTCHA keys format is invalid» error?
-
This error appears if the Site Key or Secret Key entered in the settings is not 40 characters long or contains invalid characters (only letters, numbers, hyphens, and underscores are allowed). Common causes include:
— Copying only part of a key or adding extra spaces.
— Using keys from reCAPTCHA v2 or another service.
To fix it:
1. Visit Google reCAPTCHA admin.
2. Select your reCAPTCHA v3 site or create a new one, ensuring «reCAPTCHA v3» is chosen.
3. Copy the full 40-character Site Key and Secret Key exactly as provided.
4. Paste them into the settings page and save.
5. Test a form or comment to confirm the keys work.
For help, see Google’s setup guide: https://developers.google.com/recaptcha/docs/v3. -
Why do my form or comment submissions fail reCAPTCHA verification?
-
A low reCAPTCHA score (below the threshold, default 0.5) can occur if users auto-fill forms or comments using browser autofill or password managers, as this mimics bot behavior. To improve verification success:
— Fill out forms and comments manually, avoiding autofill tools.
— Check the score and status in the «Last 20 Submissions» table in Settings > reCAPTCHA for Jetpack.
— Adjust the score threshold lower (e.g., 0.3) if legitimate submissions are frequently blocked.
For persistent issues, contact support at schwarttzy.com/contact-me/. -
Where do I get help?
-
Contact support at schwarttzy.com/contact-me/ or via the WordPress.org support forum.
Reviews
Contributors & Developers
“reCAPTCHA V3 for Jetpack” is open source software. The following people have contributed to this plugin.
Contributors
Translate “reCAPTCHA V3 for Jetpack” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.10
- Enhanced reCAPTCHA key validation with detailed error messages for invalid key formats, explaining the issue (e.g., incorrect length or characters) and providing steps to fix it with links to Google’s reCAPTCHA admin console and setup guide.
- Improved key save success message to detail validation checks and guide users to test forms/comments.
- Added warnings about auto-filling forms/comments causing low reCAPTCHA scores, with guidance to use manual input, in the form failure message and settings page.
- Removed unreliable API test that falsely warned «keys may be invalid» even for valid keys.
- Added advice to test keys via form or comment submission for accurate verification.
- Added logging of key save attempts in the settings page for debugging.
- Updated plugin version to 1.10.
1.9
- Updated setup instructions in the settings page to use the correct Google reCAPTCHA admin URL (
https://www.google.com/recaptcha/admin/create) and clarified options for registering a new site (selecting «reCAPTCHA v3» and adding domains). - Added action links to the Plugins page for direct access to the settings page, support contact (https://schwarttzy.com/contact-me/), and rating the plugin on WordPress.org (https://wordpress.org/support/plugin/recaptcha-v3-for-jetpack/reviews/#new-post).
1.8
- Shortened plugin short description to meet WordPress.org’s 150-character limit.
- Added action links to the Plugins page for direct access to the settings page and support contact (https://schwarttzy.com/contact-me/).
1.7
- Fixed comment spam handling: Comments scoring below the reCAPTCHA threshold are now properly marked as spam and no longer send approval emails to administrators.
- Enhanced form spam handling: Form submissions failing reCAPTCHA are reliably moved to the Jetpack Feedback CPT spam folder without external dependencies, ensuring consistent admin visibility (Jetpack > Feedback > Spam).
- Consolidated submission logging: Streamlined logs to reduce redundancy and improve clarity in the settings page.
- Improved code commenting: Added detailed PHPDoc and inline comments for better maintainability and debugging.
1.6
- Added reCAPTCHA v3 protection for comments, including Jetpack forum comments.
- Automatically moves comments with scores below threshold to spam.
- Updated settings page and logs to include comment submission stats.
- Fixed text domain to match plugin slug (
recaptcha-v3-for-jetpack). - Added nonce checks for form and comment submissions.
- Documented Google reCAPTCHA v3 usage in readme.
1.5
- Added total submissions counter and last 20 submissions log.
- Updated settings page with new stats section.
1.4
- Enhanced settings page with scoring tip linking to Google reCAPTCHA Admin Console.
1.3
- Optimized block-based theme support with raw content checks for Jetpack forms.
- Refined settings page styling to match Jetpack.