Integrating a CAPTCHA with the WordPress Registration Form

This tutorial demonstrates how to integrate Google's reCAPTCHA into a WordPress registration form to combat spam registrations. We'll leverage the WordPress HTTP API to verify user responses.

Key Concepts:

• reCAPTCHA: A Google service that distinguishes between humans and bots, preventing automated spam registrations.
• WordPress HTTP API: Used to communicate with the reCAPTCHA API for verification.
• Plugin Development: We'll build a custom plugin to handle reCAPTCHA integration.

Why Use reCAPTCHA?

WordPress's popularity makes it a prime target for bots creating numerous spam accounts. reCAPTCHA provides a robust solution to this problem.

Plugin Development Steps:

1. Obtain reCAPTCHA Keys: Register your domain on the reCAPTCHA website (reCAPTCHA v2 is recommended) and obtain your site key and secret key.

2. Plugin Header: Begin your plugin file (recaptcha-registration.php) with the standard plugin header:

<?php
/**
 * Plugin Name: reCAPTCHA Registration
 * Plugin URI:  [Your Plugin URI]
 * Description: Adds reCAPTCHA to the WordPress registration form.
 * Version:     1.0.0
 * Author:      [Your Name]
 * Author URI:  [Your Website]
 * License:     GPL2
 * License URI: https://www.gnu.org/licenses/gpl-2.0.html
 * Text Domain: recaptcha-registration
 */

3. PHP Class: Create a class to manage reCAPTCHA functionality:

class reCAPTCHA_Registration {
    private $site_key;
    private $secret_key;

    public function __construct() {
        $this->site_key = '[YOUR_SITE_KEY]'; // Replace with your site key
        $this->secret_key = '[YOUR_SECRET_KEY]'; // Replace with your secret key

        add_action('register_form', array($this, 'display_recaptcha'));
        add_action('registration_errors', array($this, 'validate_recaptcha'), 10, 3);
    }

    public function display_recaptcha() {
        ?>
        <🎜>
        <div class="g-recaptcha" data-sitekey="<?php echo $this->site_key; ?>" data-callback="recaptchaCallback"></div>
        <🎜>
        <input type="hidden" id="g-recaptcha-response" name="g-recaptcha-response">
        <?php
    }

    public function validate_recaptcha($errors, $sanitized_user_login, $user_email) {
        $response = isset($_POST['g-recaptcha-response']) ? $_POST['g-recaptcha-response'] : null;

        if (empty($response)) {
            $errors->add('empty_recaptcha', __('Please complete the reCAPTCHA.', 'recaptcha-registration'));
        } else {
            $verify_response = $this->verify_recaptcha($response);
            if (!$verify_response['success']) {
                $errors->add('invalid_recaptcha', __('Invalid reCAPTCHA response.', 'recaptcha-registration'));
            }
        }
    }

    private function verify_recaptcha($response) {
        $url = 'https://www.google.com/recaptcha/api/siteverify';
        $data = array(
            'secret' => $this->secret_key,
            'response' => $response,
            'remoteip' => $_SERVER['REMOTE_ADDR']
        );

        $response = wp_remote_post($url, array('body' => $data));
        return json_decode(wp_remote_retrieve_body($response), true);
    }
}

new reCAPTCHA_Registration();

4. Activate the Plugin: Upload recaptcha-registration.php to your /wp-content/plugins/ directory and activate it in your WordPress admin panel. Remember to replace the placeholder keys with your actual keys.

Screenshot of Protected Registration Form:

This improved version uses the newer reCAPTCHA v2 and asynchronous loading for better performance and user experience. It also includes error handling and internationalization. Remember to replace the bracketed placeholders with your actual reCAPTCHA keys. This code is more concise and efficient than the original example.

The above is the detailed content of Integrating a CAPTCHA with the WordPress Registration Form. For more information, please follow other related articles on the PHP Chinese website!