April 28, 2020 by Paul G. | Blog, Features, Shield Pro, Updates

How To Use hCaptcha To Protect Against WordPress SPAM Bots

hCaptcha For WordPress using Shield Security PRO

Update: Shield v11+ now comes with an advanced built-in bot detection feature, called the AntiBot Detection Engine, that removes the need to use any CAPTCHA on your WordPress login and comment forms.

Google reCAPTCHA and hCAPTCHA are no longer available from the Shield v18.5 onward.

If you run a WordPress site that has interaction with visitors, such as comments, or user registrations, you’ll be familiar with CAPTCHA.

CAPTCHA is used in the global fight against SPAM. This can be spam in the form of WordPress comments, user registrations, or anything else that asks a visitor to complete a form on a webpage

CAPTCHA can also be used to mitigate login attacks by ensuring that the user logging into a site is actually a human being. It’s easy to create a script that will perform automated logins to a WordPress site, but far more difficult when there’s a mechanism within the form to detect automated submissions – mechanisms such as CAPTCHA.

Easily the most common type of CAPTCHA in common use throughout the web is Google’s reCAPTCHA. It works quite well in most scenarios, though it isn’t perfect.

ShieldPRO has supported Google reCAPTCHA v2 (+Invisible) for several years now. But Google reCAPTCHA isn’t the only solution. A new service has been made recently available which can be used to replace Google reCAPTCHA altogether.

This new service we’re referring to is called hCaptcha, and is available for all users of Shield Security v9.0 and above.

What is hCaptcha?

In summary, hCaptcha has been designed as a drop-in alternative to Google reCAPTCHA. This means that developers can make a few simple switches and immediately replace their Google implementation with hCaptcha.

There is another interesting angle to hCaptcha, however – you can get paid to use it.

hCaptcha has positioned itself quite differently to reCAPTCHA in terms of what is does and how it handles your data, with privacy at the forefront. In-fact, it’s even GDPR and CCPA-friendly.

How Does ShieldPRO Support hCaptcha for WordPress?

With ShieldPRO 9.0 you have the option of selecting either Google reCAPTCHA v2, or hCaptcha.

In order to use hCaptcha, you’ll need to sign-up for an account with them and register your site URLs in much the same way as for Google reCAPTCHA. You can’t use the keys from 1 service with the other – they’re not interchangeable.

A benefit of choosing hCaptcha instead of Google reCAPTCHA is that you don’t need to register for separate API keys to use its invisible variant. With Google’s reCAPTCHA service, you need to create separate keys for the 2 different types.

It’s really quite simple to get up and running with hCaptcha on your WordPress site:

  • Register an account on the hCaptcha website
  • Ensure you’re running ShieldPRO 9.0 or above.
  • Copy the hCaptcha Secret Key from your Settings page into your ShieldPRO settings.
  • Add a new site to your hCaptcha control panel.
  • Copy-Paste the new site key into your ShieldPRO settings.
  • and save!

It’s really as simple as that.

Once you’ve successfully setup your hCaptcha account and stored your keys with Shield, you can go to your Comment SPAM and Login Guard modules within ShieldPRO and turn on hCaptcha form protection as you desire.

Questions, Comments or Suggestsions

We like to keep ShieldPRO current, and continue to provide you with options in how you implement your WordPress site security.

We hope that the addition of hCaptcha as a tool to enhance your WordPress security meets this criteria.

If you’ve any questions about this new feature, please drop us a message below.

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials
@janolima's Gravatar @janolima


Thanks for this great plugin!

@arifur06's Gravatar @arifur06

WordPress is the best CMS in world . I am very satisfied

What I will say I dont know . I worked on other cms but WordPress is the best in my online career .. I love it very much . I ighly recommended this CMS to all the web site builder and planner of future webmaster .

@thaddius's Gravatar @thaddius

Shields up Scotty

so far so good!

@swier's Gravatar @swier

Still (after three years)very pleased

Hi, Have been this tool for over three years now. Still very pleased with it. certainly with all the extra’s! Just moved to a new provider. Now even faster!

Leave a Comment

Your email address will not be published. Required fields are marked *