April 17, 2024 by Paul G. | Security, WordPress Solutions

Adding reCAPTCHA to Your Elementor Form: Step by Step

Shield Image

Websites regularly face security threats from human attackers and, increasingly, from automated bots. Bots are responsible for a significant portion of the spam content flooding the internet, targeting various online tools, including Elementor contact forms. Site owners face the ever-present challenge of keeping these unwelcome visitors at bay. Many turn to solutions like Google’s reCAPTCHA, seeking to fortify their defences against bot-based spam. 

In this article, we’ll guide you through integrating Google’s reCAPTCHA with your Elementor site. More importantly, we’ll present a superior alternative for bot detection: the Shield Security PRO plugin, which offers a proactive security approach, eliminating the need for CAPTCHAs entirely. Read this article to learn how to secure your site effectively and enhance the user experience.

Quick guide to setting up reCAPTCHA in Elementor

Safeguarding your site from spam and automated abuse is extremely important, and reCAPTCHA seeks to meet that need. A free service offered by Google, reCAPTCHA safeguards websites against spam and abuse by differentiating between human users and automated bots accessing the site. It serves as an additional layer of security, ensuring that only human users can interact with your site’s features, such as forms.

Adding reCAPTCHA to your Elementor-designed WordPress website is simple and can significantly enhance your site’s security. Here’s a step-by-step guide to integrating reCAPTCHA with Elementor:

  1. Visit the Google reCAPTCHA site: Start by navigating to Google’s reCAPTCHA site to generate your site key and secret key. This process involves providing details about your site and your contact information. You can also choose the version of reCAPTCHA you wish to use, version 2 or 3. (We’ll explain the differences between the two in the next section.)
How to add reCAPTCHA to your Elementor-designed WordPress website.
  1. Generate your keys: Follow the on-screen instructions to fill in your site details. Once completed, Google will provide you with a site key and a secret key. Make sure to copy and save these keys somewhere safe.
  1. Configure Elementor settings: Next, head over to your WordPress dashboard, navigate to Elementor → Settings → Integrations, and find the reCAPTCHA options. Enter the site key and secret key you obtained from Google here then save your changes.
  1. Add reCAPTCHA to a form: Create a new page or edit an existing one with Elementor. Drag in a “Form Widget” from the Elementor panel. To add reCAPTCHA, edit the form fields, click “Add item”, and then select the reCAPTCHA type you’re using – “reCAPTCHA v2” for version 2 or “reCAPTCHA v3” for version 3.
  1. Customise and save: Position the reCAPTCHA form on your page as desired – left, right, or centre. Once you’re satisfied with the setup, click “Save”. The reCAPTCHA badge will now appear on your site, offering an extra layer of protection against bots.

Remember, while both versions of reCAPTCHA offer protection, they do so in slightly different ways. Version 2 requires users to interact with a challenge, while Version 3 runs in the background to assess user interactions without direct action required from the user.

Comparing reCAPTCHA v2 and v3

Elementor supports both reCAPTCHA v2 and v3, offering users the flexibility to choose the version that best fits their website’s needs. While both versions aim to protect your site from bots and spam, they do so in markedly different ways. Elementor recommends v3, but it’s essential to understand the distinctions between the two to make an informed decision. 

reCAPTCHA v2 has become a familiar sight on many websites. It’s the version where users are asked to check a box indicating, “I am not a robot,” or to complete a visual task, such as selecting all images with pedestrian crossings. This version, while effective in some respects, significantly disrupts the user experience. The tasks can be frustrating, leading to false positives where genuine users are mistaken for bots. Moreover, sophisticated bots, or CAPTCHA farms, can bypass these tests, eliminating their effectiveness.

reCAPTCHA v3, on the other hand, improves the user experience by operating in the background. It monitors user behaviour without requiring any interaction, flagging users it deems suspicious. Site owners have the option to block these users outright or to be notified of suspicious activity to take appropriate action. This version is designed to be less intrusive and does not disrupt the user experience as v2 does.

However, reCAPTCHA v3 has its drawbacks:

  • It places a significant portion of the bot management workload on the webmaster, requiring them to decide how to handle flagged interactions. 
  • Additionally, bots may be trained to mimic human behaviour closely, potentially evading detection by reCAPTCHA v3. 
  • It can also generate false positives, which can be confusing for users since they’re not prompted by an obvious test as in v2.

Shield Security: the superior alternative to CAPTCHAs

While CAPTCHAs (including Google’s reCAPTCHA) are commonly used to stop bots and spam, they come with notable drawbacks that can negatively impact the user experience and site functionality. These issues, such as false positives and Javascript conflict errors that break other site functionality, will invariably disrupt the user experience – potentially impacting customer conversions.

Shield Security PRO and its AntiBot Detection Engine (ADE) is a revolutionary approach to bot detection that offers a superior alternative to conventional CAPTCHAs. Similar to reCAPTCHA v3, Shield Security’s ADE monitors bot behaviour in the background, and assigns a “bot reputation score” based on observed behavioural patterns. This score is crucial in the bot detection process, making it so that Shield Security PRO can identify and block malicious bots without disrupting genuine user interactions.

Shield Security’s ADE provides a better option compared to traditional CAPTCHAs

The benefits of using Shield Security PRO over reCAPTCHA v3 are significant:

  • WordPress-specific product: Designed specifically for WordPress, Shield Security benefits from platform-specific expertise and integration, offering a seamless experience for WordPress site owners.
  • Comprehensive security suite: Beyond just bot detection, Shield Security PRO includes features like comment spam detection and prevention, focusing on combating human WP comment spam with a list of commonly used spam phrases. It’s important to note that while Shield offers robust protection against WP comment spam, it does not protect against human spam through contact forms.
Shield Security’s “comment spam detection and prevention” feature.
  • Advanced login protections: With features like password strength minimums and two-factor authentication (2FA), Shield Security goes the extra mile in preventing unauthorised access to your site.
Advanced login protection with 2FA
  • Full site lockdown option: In the event of an attack or for sites requiring limited access, Shield Security provides a full site lockdown feature, making it only accessible to approved users.
  • Malware and vulnerability scanner: Shield Security’s malware and vulnerability scanner identifies vulnerabilities and malware within site files and can also automatically repair files or alert site owners to potential problems. This proactive approach ensures that security holes are patched before they can be exploited.
  • WordPress automatic update management: To protect against potential bugs in new releases, Shield Security can delay automatic updates, providing an additional layer of security.

By integrating Shield Security PRO into your WordPress site, you can enjoy a comprehensive security solution that addresses the limitations of traditional CAPTCHAs. With its suite of advanced features, Shield Security PRO enhances your site’s protection against bots and spam and improves overall site health and user experience. Consider adding Shield Security PRO to your site to leverage these benefits and ensure a secure, user-friendly online environment.

Integrating Shield Security with Elementor for protection

Elementor’s popularity as a WordPress page builder is undeniable. According to W3Techs, Elementor is found on nearly a tenth of all websites, marking it a cornerstone in the web development community. However, this widespread use also makes it a target for people who want to cause harm. A single vulnerability within Elementor can potentially compromise millions of websites, making it a lucrative target for hackers.

Elementor is vigilant with its security, actively working to identify and patch vulnerabilities. A notable instance occurred in early December 2023 with version 3.18.1, where a vulnerability allowed attackers to upload and execute code on a site’s server. Elementor promptly addressed this issue with a patch.

However, sites that delay updating to the latest versions remain at risk, underscoring the importance of timely updates. This is where Shield Security PRO’s vulnerability and malware scanner becomes invaluable, flagging vulnerable assets and unauthorised changes to your website’s files. This proactive approach ensures your site remains secure, even as new threats emerge.

Moreover, many Elementor sites struggle with bot-based spam in their contact forms. Shield Security PRO’s bad-bot detection and blocking offers a strong solution to this problem. When combined with Elementor’s form honeypot feature, it creates a powerful defence against spam, effectively minimising unwanted bot activity without compromising the user experience.

For Elementor users seeking to maximise their site’s security, integrating Shield with ElementorPRO ensures that your site is safeguarded against vulnerabilities, malware, and spam. By combining the design flexibility of Elementor with the robust security of Shield Security PRO, you can create a secure, efficient, and user-friendly experience.

Elementor Pro and Shield integration for maximum site security and performance

Take action: secure your Elementor site with Shield Security

Securing your website is crucial, especially from the relentless attacks of malicious bots. While integrating reCAPTCHA with your Elementor site can offer some protection, it’s important to acknowledge the potential drawbacks it poses to user experience. 

Shield Security’s AntiBot Detection Engine (ADE) is a much better alternative, providing robust protection without disrupting the user. It’s designed to detect and block bad bots while ensuring a seamless experience for genuine users. 

Don’t compromise on security or user experience. Enhance your Elementor defences with Shield Security PRO today and enjoy the peace of mind that comes from knowing your site is protected. Download Shield Security PRO and take the first step towards a safer, secure website.

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials
@evenio's Gravatar @evenio

Great plugin

A great plugin to prevent hackers taking over your wordpress-website.

@mymuus20's Gravatar @mymuus20

one of the most rigorous firewall plugins i have ever used.

simple security firewall will be up there on my list as one of the most robust firewalls i’ve ever used. doesn’t in one bit deserve the name the owners and/or developers gave it at all. thumbs-up for the good work done!!!

@razoredger's Gravatar @razoredger

efficient for website security needs

It works well for the needs of my client’s website security by blocking login attempts and preventing unwanted interaction from bots.

@shark-bickies's Gravatar @shark-bickies


Neat bag of tricks that works well as claimed. The ability to hide the php-admin page by simply adding a code to the end of your URL. Plus another code that can be added to lock down Admin area. For free it truly is a powerful security tool. Feedback and…

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese