April 28, 2020 by Paul G. | Blog, Features, Shield Pro, Updates

How To Use hCaptcha To Protect Against WordPress SPAM Bots

Shield Image

Update: Shield v11+ now comes with an advanced built-in bot detection feature, called the AntiBot Detection Engine, that removes the need to use any CAPTCHA on your WordPress login and comment forms.

If you run a WordPress site that has interaction with visitors, such as comments, or user registrations, you’ll be familiar with CAPTCHA.

CAPTCHA is used in the global fight against SPAM. This can be spam in the form of WordPress comments, user registrations, or anything else that asks a visitor to complete a form on a webpage

CAPTCHA can also be used to mitigate login attacks by ensuring that the user logging into a site is actually a human being. It’s easy to create a script that will perform automated logins to a WordPress site, but far more difficult when there’s a mechanism within the form to detect automated submissions – mechanisms such as CAPTCHA.

Easily the most common type of CAPTCHA in common use throughout the web is Google’s reCAPTCHA. It works quite well in most scenarios, though it isn’t perfect.

ShieldPRO has supported Google reCAPTCHA v2 (+Invisible) for several years now. But Google reCAPTCHA isn’t the only solution. A new service has been made recently available which can be used to replace Google reCAPTCHA altogether.

This new service we’re referring to is called hCaptcha, and is available for all users of Shield Security v9.0 and above.

What is hCaptcha?

In summary, hCaptcha has been designed as a drop-in alternative to Google reCAPTCHA. This means that developers can make a few simple switches and immediately replace their Google implementation with hCaptcha.

There is another interesting angle to hCaptcha, however – you can get paid to use it.

hCaptcha has positioned itself quite differently to reCAPTCHA in terms of what is does and how it handles your data, with privacy at the forefront. In-fact, it’s even GDPR and CCPA-friendly.

How Does ShieldPRO Support hCaptcha for WordPress?

With ShieldPRO 9.0 you have the option of selecting either Google reCAPTCHA v2, or hCaptcha.

In order to use hCaptcha, you’ll need to sign-up for an account with them and register your site URLs in much the same way as for Google reCAPTCHA. You can’t use the keys from 1 service with the other – they’re not interchangeable.

A benefit of choosing hCaptcha instead of Google reCAPTCHA is that you don’t need to register for separate API keys to use its invisible variant. With Google’s reCAPTCHA service, you need to create separate keys for the 2 different types.

It’s really quite simple to get up and running with hCaptcha on your WordPress site:

  • Register an account on the hCaptcha website
  • Ensure you’re running ShieldPRO 9.0 or above.
  • Copy the hCaptcha Secret Key from your Settings page into your ShieldPRO settings.
  • Add a new site to your hCaptcha control panel.
  • Copy-Paste the new site key into your ShieldPRO settings.
  • and save!

It’s really as simple as that.

Once you’ve successfully setup your hCaptcha account and stored your keys with Shield, you can go to your Comment SPAM and Login Guard modules within ShieldPRO and turn on hCaptcha form protection as you desire.

Questions, Comments or Suggestsions

We like to keep ShieldPRO current, and continue to provide you with options in how you implement your WordPress site security.

We hope that the addition of hCaptcha as a tool to enhance your WordPress security meets this criteria.

If you’ve any questions about this new feature, please drop us a message below.

ShieldPRO Testimonials
@fabio-magalhaes's Gravatar @fabio-magalhaes

great plugin

Very good developers to get better could translate into Portuguese br.

@brhalltx's Gravatar @brhalltx

Excellent Protection

I’ve been using it for about six months; I get notifications about 10 to 20 attacks a day that the firewall has blocked. My sites probably wouldn’t still be running without the firewall.

@rankmyhub's Gravatar @rankmyhub

Good Security Plugin

The plugin is very good and offers lots of features, which were missing on some other commonly used plugins. I like CSP and other features in this plugin, which is the main reason for me, to switch to this plugin. Very helpful for someone intrested to implement security headers information,…

@kstidham's Gravatar @kstidham

Shield delivers

We used several other security related plugins early on. Shield is perfect for us and our go to plugin for security and has been for 4 or 5 years. It does what it is intended to do and I can always find support from them or peers anytime I have…

Hey there handsome! Do you like what you've read here? :)

If this cool feature is something you'd like, but you haven't gone PRO yet, click here to get started today. (no risk, with a 14-day satisfaction guarantee!)

You'll get all PRO features, including Malware Scanning, WP Config Protection, Plugin FileGuard, import/export, customer support, and so much more. Not only that, you'll get that warm, fuzzy feeling that comes from supporting our work and future development.

Get That Warm, Fuzzy Feeling →

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese