1. Home
  2. Knowledge Base
  3. Extensions
  4. Adding spam control to your forms

Adding spam control to your forms

After installing and activating the Strong Testimonials: Captcha extension, going to Settings Form will reveal these options:


Honeypots are methods for trapping spambots and are both time-tested and widely used. May be used simultaneously for more protection. However, honeypots may not be compatible with WP-SpamShield, Ajax page loading, caching, or minification.

Before: Adds a new empty field that is invisible to humans. Spambots tend to fill in every field they find in the form. Empty field = human. Not empty = spambot.

After: Adds a new field as soon as the form is submitted. Spambots cannot run JavaScript so the new field never gets added. New field = human. Missing = spambot.

Google Recaptcha

Add Google Recaptcha to your form by checking the `enable Google reCAPTCHA ` option.

To start using reCAPTCHA, you need to sign up for an API key pair for your site. The key pair consists of a site key and secret key. The site key is used to invoke reCAPTCHA service on your site. The secret key authorizes communication between your application backend and the reCAPTCHA server to verify the user’s response. The secret key needs to be kept safe for security purposes.

In your Google reCAPTCHA admin, choose the type of reCAPTCHA and then fill in your site domain. Click the Register button to get a new API key pair. Copy & Paste these API keys in your Settings:

You can then choose between 3 types of Google reCAPTCHA:

reCAPTCHA v2 (“I’m not a robot” Checkbox)

The “I’m not a robot” Checkbox requires the user to click a checkbox indicating the user is not a robot. This will either pass the user immediately (with No CAPTCHA) or challenge them to validate whether or not they are human. 

Invisible reCAPTCHA badge

The invisible reCAPTCHA badge does not require the user to click on a checkbox, instead, it is invoked directly when the user clicks on an existing button on your site, in our case the `Submit` testimonial button. By default, only the most suspicious traffic will be prompted to solve a captcha. To alter this behavior edit your site security preference under advanced settings in your Google Recaptcha Admin


reCAPTCHA v3 allows you to verify if an interaction is legitimate without any user interaction. It is a pure JavaScript API returning a score (between 0 and 1). This score is based on interactions with your site: 1.0 is very likely a good interaction, 0.0 is very likely a bot, giving you the ability to stop the testimonial form submission if the user doesn’t pass this score.

By default, the user needs to pass a score of 0.5 to submit the form, but this setting can be changed:

Was this article helpful?

Related Articles