Combating spam is one of the never-ending tasks for anyone with an online presence. Thankfully, most email providers have become intelligent enough to hide most of it from us. But what happens when bots start attacking your website’s contact us form? To your email provider, this will look like legitimate submissions from your customers, but it’s the same as any spam email. Adding some form of “human verification” to your forms can help eliminate any spam submissions. The easiest to implement in my opinion is Google’s reCAPTCHA service. I will outline below how to add this to any of your websites.

  1. Register your site with reCAPTCHA by visiting this link.
  2. Google will generate two keys for you. A site key and a secret key. The site key can be used publicly, but the secret key should not be used publicly (hence the name!). In my example my two keys are:
    Site key: 6LeySRIUAAAAAJnYn_JKQ8i2UfH85wKA-YgSYACL
    Secret key: 6LeySRIUAAAAAM5d8huz1-SIW4OMjfgDx_pwfToe
  3. To add the reCAPTCHA to your form, paste the following within your <form> tag
  4. To verify the user clicked to reCAPTCHA correctly, we need to make a request to Google. Below I use PHP, but the same request can be made to the URL using other programming languages.

    The query to Google can further be simplified to a single line
  5. That’s it!