Get Started

reCAPTCHA

3 min read

Protect your WordPress and WooCommerce site from bots, spam, and malicious attacks using Google reCAPTCHA integration. This feature adds an extra layer of security to your forms by verifying that submissions come from real humans, not automated bots.

Overview #

reCAPTCHA is a free service from Google that protects your website from spam and abuse. Swift Commerce integrates seamlessly with both reCAPTCHA v2 and v3, allowing you to choose the best option for your site.

Key Benefits

  • Block spam registrations – Prevent fake accounts from being created
  • Protect login forms – Stop brute force attacks on admin and customer accounts
  • Secure checkout – Reduce fraudulent orders and payment fraud
  • Filter comment spam – Keep your blog comments clean and legitimate
  • No impact on real users – Modern reCAPTCHA works invisibly in most cases

Getting Started #

Prerequisites

Before enabling reCAPTCHA, you’ll need:

  1. A Google account
  2. reCAPTCHA API keys (Site Key and Secret Key)
  3. Swift Commerce plugin installed and activated

Step 1: Register Your Site with Google reCAPTCHA

  1. Go to the Google reCAPTCHA Admin Console
  2. Sign in with your Google account
  3. Fill in the registration form:
    • Label: Enter a name to identify your site (e.g., “My Store”)
    • reCAPTCHA type: Select either v2 or v3
    • Domains: Add your website domain(s) without http:// or https://
  4. Accept the Terms of Service
  5. Click Submit
  6. Copy your Site Key and Secret Key

⚠️ Important: Keep your Secret Key confidential. Never share it publicly.

Step 2: Configure reCAPTCHA in Swift Commerce

  1. Navigate to Swift Commerce → Spam → reCAPTCHA in your WordPress admin
  2. Toggle the Enable reCAPTCHA switch to ON
  3. Select your reCAPTCHA version (v2 or v3)
  4. Enter your Site Key and Secret Key
  5. Choose which pages to protect
  6. Click Save Settings

General Tab #

The General tab contains the core configuration options for your reCAPTCHA setup.

Select reCAPTCHA Version

VersionTypeUser ExperienceBest For
v2Challenge-basedUsers may see a checkbox or image challengeSites wanting visible verification
v3Score-basedCompletely invisible to usersSites prioritizing user experience

reCAPTCHA v2 Configuration

API Keys

FieldDescription
Site KeyThe public key displayed on your website. Used to render the reCAPTCHA widget.
Secret KeyThe private key for server-side verification. Never expose this publicly.

Challenge Type

ModeDescriptionWhen to Use
“I’m not a robot” CheckboxDisplays a checkbox users must click. May present an image challenge if suspicious.When you want users to actively confirm they’re human
InvisibleRuns in the background. Only shows a challenge if suspicious activity is detected.When you want protection without interrupting user flow

reCAPTCHA v3 Configuration

API Keys

FieldDescription
Site KeyThe public key used to load the reCAPTCHA script on your site.
Secret KeyThe private key for verifying scores server-side.

Score Threshold

reCAPTCHA v3 returns a score between 0.0 and 1.0:

  • 0.0 = Very likely a bot
  • 1.0 = Very likely a human
ThresholdProtection LevelFalse Positive Risk
0.3LowVery Low
0.5Medium (Recommended)Low
0.7HighMedium
0.9Very HighHigh

💡 Tip: Start with 0.5 and adjust based on your needs. Lower if legitimate users are blocked; raise if spam gets through.

Badge Display

OptionDescription
BadgeShows the reCAPTCHA badge in the bottom-right corner of protected pages
HiddenHides the badge completely

⚠️ Legal Requirement: If you hide the badge, you must add this to your privacy policy:
“This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.”

Settings Tab #

Protected Pages (Free)

LocationDescription
WordPress LoginAdmin login page (wp-login.php). Protects against brute force attacks.
WordPress RegistrationPrevents spam account creation.
Lost Password FormBlocks automated password reset abuse.
WooCommerce LoginCustomer login on the My Account page.
WooCommerce RegistrationCustomer registration form.
Checkout PageProtects orders from bot submissions.
Comment FormsPrevents spam comments on blog posts.

Protected Pages (Pro) 🔒

LocationDescription
Add Payment MethodWhen customers add a new card in My Account.
Product ReviewsWooCommerce product reviews on product pages.

Appearance (Pro) 🔒

Customize how the reCAPTCHA v2 checkbox widget appears.

Theme

OptionDescription
LightStandard light theme. Best for light-colored websites.
DarkDark theme. Best for dark-themed websites.

Size

OptionDescription
NormalFull-size widget (302 x 76 pixels)
CompactSmaller widget for tight spaces (164 x 144 pixels)

IP Whitelist (Pro) 🔒

Bypass reCAPTCHA for specific IP addresses. Useful for internal teams, automated systems, or development environments.

FormatExampleDescription
Single IP192.168.1.100Whitelist one IP address
CIDR Range10.0.0.0/24Whitelist a subnet
IP Range192.168.1.1-192.168.1.50Whitelist a range
Comment# Office IPAdd documentation (ignored)

Troubleshooting #

Common Issues

IssueCauseSolution
“Please complete the reCAPTCHA verification”Token not submittedEnable JavaScript, check for JS errors, verify Site Key
“reCAPTCHA verification failed”Server-side verification failedVerify Secret Key, check domain registration, ensure HTTPS to google.com
Widget not appearingScript not loadingCheck for JS errors, disable conflicting plugins, test with default theme
v3 blocking legitimate usersThreshold too highLower threshold to 0.3 or 0.4
Not working on WooCommerce pagesLocation not enabledEnable specific WooCommerce location, ensure WooCommerce is active

Best Practices #

Recommended Configuration

SettingRecommended Value
Versionv3 (invisible)
Threshold0.5
All login forms✅ Enabled
Registration forms✅ Enabled
Checkout✅ Enabled
Comments✅ Enabled

Security Tips

  1. Never share your Secret Key
  2. Use unique keys per environment (production vs staging)
  3. Monitor your reCAPTCHA dashboard for suspicious patterns
  4. Test after plugin/theme updates

Version Comparison #

Featurev2 Checkboxv2 Invisiblev3
User interactionYesSometimesNever
Image challengesSometimesSometimesNever
Score-basedNoNoYes
Tunable thresholdNoNoYes
Best for security⭐⭐⭐⭐⭐⭐⭐⭐
Best for UX⭐⭐⭐⭐⭐⭐⭐⭐
Updated on December 28, 2025
Table of contents
Was it helpful ?
Scroll to Top