Are you building a website with a lot of webforms? you might want some kind of security system that prevents spam messages and comments spam. Comments will not only waste your time but it will also consume your scarce, precious resources. Therefore, having a security system on your website to prevent spam is not luxury but necessity. In this tutorial guide for beginners, I am going to explain the step-by-step process of how to add ReCaptcha in Drupal.

How to add Recaptcha in Drupal?


In this guide, we are going to walk you through the process of implementing ReCaptcha in your Drupal site. This module allows you to use the Google reCaptcha web service to improve the CAPTCHA system. This system is designed to be hard with bots while being easy on the human users. In fact, it provides security using state of the art technology by staying at the forefront of spam and abuse fighting trends. Following are the steps you need to follow-

Bonus: Our Drupal Theme Builder Software named TemplateToaster support creating Drupal Themes and Drupal Websites for both Drupal 8 and 9 versions and will support creating themes and website for the upcoming Drupal 10 too.

Step 1. Instal the ReCaptcha module using the given instructions-

  1. First you need to open the terminal application on your PC/device
  2. After that, type: composer require drupal/recaptcha in the terminal app and click on the Extend option.
  3. Next, scroll down the windows and click on Enable captcha, image captcha, and reCaptcha.
  4. Lastly, click on the install option and site back.

It will install the module Wait for installation to complete before proceeding to the next steps.
Also Read: Step by Step Guide on How to Install Drupal 7 and 8 locally

Step 2. Configure the module-

Now that you have installed the module, it is time to configure the settings. In order to do that, follow the given instructions-

  1. Navigate to the module and click Configuration > Captcha module settings > reCaptcha. After that, click on the link ‘register to reCaptcha’ and it will redirect to the next window.
  2. From there, select the reCAPTCHA v2 and input your domain name. Keep in mind that it won’t work on a local installation.
  3. Next, click on Accept the terms and click Send/ok.
  4. After that you need to get the Site key and secret key. Now, you have to copy and paste them on the reCAPTCHA settings of your Drupal backend accordingly. After inputting the Site Key and Secret Key in the respective text field, scroll down and click Save Configuration.
  5. Next, click on the CAPTCHA settings tab on the top of the window, change the default challenge type to reCAPTCHA and leave the other settings on default, Click on the Save Configuration option.
  6. Now, switch to the Form Settings tab and enable the reCAPTCHA on your web forms by editing and operations to Enable. From there, you can enable reCAPTCHA on your desired webforms in your Drupal website.
  7. After that, select the reCAPTCHA challenge type and click on the Save option to save your changes.

Step 3. Test your Contact form

Once you are done implementing the reCAPTCHA in Drupal, you need to test it out to see if it actually works. Follow the given instructions to test your contact form-

  1. Use the incognito mode on your browser to access the site as an anonymous user.
  2. Go to your site/webpage

If it is a contact form, you should see the infamous ‘I’m not a robot checkbox’. After entering the input, click on it. You will get an image challenge that asks you verify whether you are a human user or robot user. It means you have successfully implemented a reCAPTCHA module in your Drupal site to prevent malicious users from spam logins, comments, and messages.

Also read: Drupal 9 | What’s New and What’s Coming?

Bonus ways

If you find the above mentioned way inconvenient, there are other ways to incorporate ReCaptcha on your Drupal website. Continue reading this to find out other convenient ways you have to add ReCaptcha in Drupal.

How to add Google ReCaptcha V3 in Drupal?

Google reCAPTCHA v3 is an advanced reCAPTCHA system that returns a score for each request without user frustration. The score it obtains is based on past user interactions. Basically, it enables yous site to take an appropriate action depending upon the number of interactions with your website. Moreover, it comes with a Plan B which means in case a user fails reCAPTCHA v3, they can try the next challenge to prove. Therefore, the user is not denied access to your website while spambots can never get into your system. Hence, you get enhanced Drupal security without any user frustration.

As we mentioned, it returns a score between 0.0 and 1.0 where 0.0 is likely a bot and 1.0 is likely a good interaction. Based on the obtained score, you can decide an appropriate action with regards to your website. Most users use this module along with reCAPTCHA v2. In that case if your user fails the reCAPTCHA v3 challenge, they will reCAPTCHA v2 challenge for validation. It is possible that the user is suffering from special conditions like vision impairment, hypermetropia, dyslexia, etc, that prevents them from passing reCAPTCHAs. Although an audio aid was developed to tackle such issues but sometimes it was extremely hard to decipher.

Therefore, this version is created to solve the existing shortcomings while reducing the verification process to a few clicks. This system is powered with emerging technologies like machine learning. Therefore, it monitors the pointer behavior and the overall browser interaction which increments the CAPTCHA difficulty in case a bot is suspected.

Following are the steps to install this module in your Drupal site-

Step 1. Install the reCaptcha v3 module.

Step 2. Configure the module settings. You can go to Configuration > CAPTCHA module settings > reCAPTCHA and select v3 of reCAPTCHA. After that enable the Default challenge type in case the user fails the first validation process. Click on the Save option to store the changes you made.

Step 3. Once you have successfully implemented the reCAPTCHA on your Drupal site, test it using incognito mode by accessing it as an anonymous user.

That’s it. You have successfully installed this reCAPTCHA system on your Drupal website.

How to add ReCaptcha Element in Drupal?

reCAPTCHA Element provides integration with Google reCAPTCHA v3. This module will allow you to incorporate the reCAPTCHA system on all your web forms. It will ask users to identify and type the distorted characters in the input field. This phenomenon will allow the system to distinguish robots from human users to keep the spams out of your website. Therefore, you will only have to spend your time and efforts on legit users only. reCAPTCHA protects your website from spambots while keeping the user experience smooth for the human users. The Drupal 8 Captcha module doesn’t allow you to automatically enable reCAPTHA protection on any forms. In fact, you will have to enable it on the forms manually. This feature comes in handy if you don’t want it to appear on all the forms but rather on some of the useful ones.

To make it easier to handle, this module provides a Webform handler that allows you to enable reCAPTCHA protection on your webform using the webform UI. Since there are various issues encountered with other reCAPTCHA modules like caching reCAPTCHA verification result issues, mistakenly sharing these between users and breaking Drupal cacheability. However, this module does not rely on any other Drupal module. Therefore, it is free of all the issues in other CAPTCHA modules.

Follow are the given instructions to implement this module on your Drupal site-

Step 1. Install the reCAPTCHA Element and activate it on your Drupal site.

Step 2. Go to Configuration > CAPTCHA module settings > reCAPTCHA Element and enable the reCAPTCHA protection on the desired forms by typing: #type recaptcha_element in code.

Step 3. Save the changes and test your reCAPTCHA element module by visiting your website as an anonymous user using incognito mode.

That’s it. You have successfully installed this reCAPTCHA element module on your Drupal website.

What is ReCaptcha?

Lt’s get to the other small details in detail like what exactly is ReCaptcha and why you need it? The internet is swarming with web crawlers and spam bots that can overwhelm your website with requests and shut it off completely. The reCAPTCHA system is created to prevent spammers from filling with endless unlimited messages, login attempts, and messages. reCAPTCHA will block off the bots while allowing your human users to pass through. Let’s read about what exactly is reCAPTCHA and how you can add it to your Drupal website.

Drupal is one of the leading, open-source CMS that is often entrusted by government agencies, nonprofits, large enterprises, and many Fortune 500 companies. Since this CMS serves some notable brand names, therefore, it needs to offer some effective security measures to protect websites against security threats. That’s when Captcha comes into the picture. CAPTCHA is an abbreviation that stands for Completely Automated Public Turing test to tell Computers and Humans Apart. As the name suggests, it helps your website to differentiate bots from humans and block off the unnecessary data or users from entering your system. As frustrating as it is for users to prove that they are legit users, it is the most effective method to keep the malicious at bay.

The Drupal Captcha or ReCaptcha are extremely useful in protecting your Drupal website against bots and are often incorporated in Drupal webforms that take input from users. You must have encountered a check-box asking you to tick it if you are not a robot. That is the Captcha system. When you tick the box and ask you to verify by ticking a certain object in the random images or ask you to enter a series of random alphanumeric characters, it is ReCaptcha. It is basically the improvised version of Captcha system except it makes it harder for bots and malicious users to enter your system and safeguard your website’s resources.

For instance, it can offer 9 random image tiles and ask users to check the tiles with ‘stairs’ in it. Now the user will have to identify the certain images with ‘stairs’ in it. Only humans can differ objects in an image while bots can only crawl words, making it an effective defense against spambots.

Why do you need it?

ReCaptcha is a method to differentiate between a legit user and a spambot and block off the spambots. In Drupal, users can implement spam checks on various forms and login windows to prevent bots. Some Drupal modules can enable reCAPTCHA system on all the forms on your website while others require you to manually implement the reCAPTCHA system on your forms. Following are the reasons to incorporate ReCaptcha in Drupal-

  1. Weed out the spam messages/comments: With all the webforms you incorporate in your Drupal site, you wish your audience or potential customers to reach out to you. However, spambots can use those webforms to input unnecessary messages and comments. For instance, you can see irrelevant comments under your blogs which are visible to your audience as well. Any spam comment is not good for business because you need to take your audience under confidence by offering them a secure platform. Similarly, getting irrelevant, spam messages can be annoying since it consumes your time and efforts. Therefore, you need to incorporate the ReCaptcha system to weed out spam messages and comments.
  2. Preserving resources: Every website has a limit when it comes to resources. For instance, you can only have so many messages or comments in your website. However, if you don’t have any system to block malicious content from entering your website, they can end up consuming all your resources while leaving none for your legit users. Therefore, you need to incorporate the ReCaptcha system to preserve the resources of your website.
  3. Preventing malicious attacks: Spambots need to be kept at bay as they don’t only make your website’s resources go waste but also make them vulnerable to malicious attacks. For instance, spambots can overwhelm your website with a heavy number of requests to the point where your website breaks and stops responding, resulting in DDoS attacks. Thus having the ReCaptcha system can prevent DDoS and other malicious attacks as well.

How to add Recaptcha in Drupal : Conclusion

reCAPTCHA system is designed to determine that the user requesting your attention or resources is a human. Drupal offers a bunch of modules to enable this protection system on your website. This guide offers three modules that can enable reCAPTCHA system on your Drupal website along with the steps to install and activate them on your website. Hopefully it will help you add extra layer of security to your Drupal website. For more such information subscribe to our blog.

I hope this guide is clear and helpful. However, if you encounter any issue, feel free to reach out to us in the comments below. We’d love to help you out!