Add CAPTCHA to your Website's Forms

CAPTCHA is an effective tool to help protect your website and improve security by blocking automated spambot attacks on your site's forms. These bot attacks can lead to significant problems, including causing your MailPoet account to be paused due to excessive hard bounces (by sending to invalid addresses) or spam complaints (by sending to valid addresses where the address owner didn't consent to the email). CAPTCHA verifies that the data is being submitted by a human, making it difficult for bots to bypass your website's security and securing your website's online reputation and user experience. 

Quick links:

Protect your MailPoet subscription form

MailPoet offers two options to add Captcha to your MailPoet Subscription Forms:

  • Built-in captcha: our own zero-configuration captcha;
  • Google ReCAPTCHA.

These built-in captcha settings will only protect the MailPoet forms on your site — they won't protect other forms on your site such as Contact, Registration, Comments, Reviews, Woo Checkout, etc. If you want to protect the other forms on your site, please check how to protect 3rd-party forms. If you have configured MailPoet to send all of your site's emails, then we definitely recommend making sure that you have protected those other forms with captcha as well.

To enable this feature you should go to MailPoet > Settings > Advanced tab:

1. MailPoet Built-in CAPTCHA

When the Built-in captcha is enabled, subscribers will be redirected to a Captcha challenge page after submitting your MailPoet subscription form. Once they complete the captcha challenge, they will be added to your list in MailPoet and a confirmation email will be sent to them (if enabled):

Please note this CAPTCHA page can't be customized directly. It is an auto-generated page (not listed in your WordPress pages), and there are no built-in options to change the design/layout/etc.  It is possible with custom code, however assistance with custom code is outside our scope of support. If you need help with it, we recommend reaching out to someone from Codeable (affiliate link).

The CAPTCHA page won't be displayed for users logged in with Editor or Administrator accounts. 
If the captcha is not visible for logged-out users and you use SG Optimizer plugin, disable Frontend Optimizations => Minify the HTML Output option.

2. Enabling Google reCAPTCHA

To enable Google reCAPTCHA, you'll need to sign-up for an API key pair with your Google account at reCaptcha's website

MailPoet supports reCAPTCHA v2: "I'm not a robot" tickbox and Invisible reCAPTCHA badge types.

To make sure the reCaptcha will work for all website visitors, including those who have disabled JavaScript in their browser, modify the " Security Preference" by moving the slider to "Easiest for users":

After registering a new site, you'll see your Site Key and your Secret Key:

Back in the MailPoet plugin settings on your site, add your keys in the two input fields below the option toggle:

This option is global, so once activated, all of your MailPoet subscription forms will be protected by reCaptcha validation.

Protect your 3rd-party forms

If you have a contact form on your site that is not protected with CAPTCHA, it can get attacked by bots and send emails containing blacklisted links. We would recommend that you protect all of the forms on your site with CAPTCHA, including contact forms, comment sections, and registration forms on your blog.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Related Articles