Add CAPTCHA to your Website's Forms
CAPTCHA is an effective tool that can help protect your website's security by blocking automated spam attacks through your forms can. These attacks can lead to significant problems, including data breaches and deliverability issues. CAPTCHA verifies that the data is being submitted by a human, making it difficult for bots to bypass your website's security and securing your website's online reputation and user experience.
Quick links:
Protect your MailPoet subscription form
MailPoet optionally offers two options to add Captcha to your MailPoet Subscription Forms:
- Built-in captcha: our own zero-configuration captcha;
- Google ReCAPTCHA.
We recommend activating it in case there’s evidence of fake signups via our forms only. It won't stop fake signups as WordPress users or through your contact forms. If you want to protect your WordPress registration form and other forms, please check how to protect 3rd-party forms.
To enable this feature you should go to MailPoet's Settings page > Advanced tab:
1. MailPoet Build-in CAPTCHA
When the Build-in captcha is enabled, this page will be displayed for all subscription attempts in order to prevent a spam attack using fake sign-ups:
Please note this CAPTCHA can't be customized in the plugin. It might be possible with some custom code, but note that assistance with custom code like that is outside our scope of support. If you need help with it, we recommend reaching out to someone from Codeable (affiliate link).
The CAPTCHA page won't be displayed for users logged in as Editor and Administrator WordPress User's roles.
If the captcha is not visible for logged-out users and you use SG Optimizer plugin, disable Frontend Optimizations => Minify the HTML Output option.
The CAPTCHA page won't be displayed for users logged in as Editor and Administrator WordPress User's roles.
If the captcha is not visible for logged-out users and you use SG Optimizer plugin, disable Frontend Optimizations => Minify the HTML Output option.
2. Enabling Google reCAPTCHA
You'll need to sign-up for an API key pair at reCaptcha's website.
MailPoet supports reCAPTCHA V2: '"I'm not a robot" tickbox" and "Invisible reCAPTCHA badge".
To make sure the reCaptcha will work for all website visitors, including those who disabled Javascript on their browser, modify the " Security Preference" by moving the slider to "Easiest for users":
After registering a new site, you'll see your Site Key and your Secret Key:
Then back to MailPoet's plugin, add your keys in the two input fields below the option toggle:
This option is global, which means, once activated, all your subscription forms will contain a reCaptcha validation field after you activate this feature.
Protect your 3rd-party forms
If you have a contact form on your site that is not protected with CAPTCHA, it can get attacked by bots and send emails containing blacklisted links. We would recommend that you protect all of the forms on your site with CAPTCHA, including contact forms and comment sections on your blog.
- reCAPTCHA and Contact Form 7
- reCAPTCHA and Elementor
- CAPTCHA and Gravity Forms
- CAPTCHA and comment forms
- CAPTCHA 4WP (protects WordPress Login, WooCommerce checkout and registration form, BuddyPress user registration, bbPress, and other contact forms)
- hCaptcha (protects WordPress Login, WooCommerce checkout and many other 3rd-party forms)
- Akismet Spam Protection (protects comments, and WordPress plugin forms such as Jetpack, Contact Form 7, Gravity Forms, Formidable Forms, and others)