Add CAPTCHA to your Website's Forms

CAPTCHA is an effective tool that can help protect your website's security by blocking automated spam attacks through your forms can. These attacks can lead to significant problems, including data breaches and deliverability issues. CAPTCHA verifies that the data is being submitted by a human, making it difficult for bots to bypass your website's security and securing your website's online reputation and user experience. 

Quick links:


Protect your MailPoet subscription form

MailPoet optionally offers two options to add Captcha to your MailPoet Subscription Forms:

  • Built-in captcha: our own zero-configuration captcha;
  • Google ReCAPTCHA.

We recommend activating it in case there‚Äôs evidence of fake signups via our forms only. It won't stop fake signups as WordPress users or through your contact forms. If you want to protect your WordPress registration form and other forms, please check how to protect 3rd-party forms.

To enable this feature you should go to  MailPoet's Settings page > Advanced tab:

1. MailPoet Build-in CAPTCHA

When the Build-in captcha is enabled, this page will be displayed for all subscription attempts in order to prevent a spam attack using fake sign-ups:

Please note this CAPTCHA can't be customized in the plugin. It might be possible with some custom code, but note that assistance with custom code like that is outside our scope of support. If you need help with it, we recommend reaching out to someone from Codeable (affiliate link).

The CAPTCHA page won't be displayed for users logged in as Editor and Administrator WordPress User's roles. 
If the captcha is not visible for logged-out users and you use SG Optimizer plugin, disable Frontend Optimizations => Minify the HTML Output option.

2. Enabling Google reCAPTCHA

You'll need to sign-up for an API key pair at reCaptcha's website

MailPoet supports reCAPTCHA V2: '"I'm not a robot" tickbox" and "Invisible reCAPTCHA badge".

To make sure the reCaptcha will work for all website visitors, including those who disabled Javascript on their browser, modify the " Security Preference" by moving the slider to "Easiest for users":

After registering a new site, you'll see your Site Key and your Secret Key:

Then back to MailPoet's plugin, add your keys in the two input fields below the option toggle:

This option is global, which means, once activated, all your subscription forms will contain a reCaptcha validation field after you activate this feature.


Protect your 3rd-party forms

If you have a contact form on your site that is not protected with CAPTCHA, it can get attacked by bots and send emails containing blacklisted links. We would recommend that you protect all of the forms on your site with CAPTCHA, including contact forms and comment sections on your blog.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.