PHPackages wp-digital/wp-recaptcha - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. wp-digital/wp-recaptcha ActiveWordpress-muplugin[Security](/categories/security) wp-digital/wp-recaptcha ======================= Helps to protect website with Google reCAPTCHA v3 or Cloudflare Turnstile. 3.0.5(2y ago)12.4k↓100%12GPL-2.0+PHPPHP >=7.4 Since Nov 7Pushed 2y ago10 watchersCompare [ Source](https://github.com/wp-digital/wp-recaptcha)[ Packagist](https://packagist.org/packages/wp-digital/wp-recaptcha)[ RSS](/packages/wp-digital-wp-recaptcha/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (5)Versions (15)Used By (2) Bot Protection ============== [](#bot-protection) ### Description [](#description) Helps to protect website with [Google reCAPTCHA v3](https://www.google.com/recaptcha/about/) or [Cloudflare Turnstile](https://www.cloudflare.com/products/turnstile/). This plugin provides Login and Lost Password forms protection by default, but it's possible to add protection to any form by following this documentation. ### Requirements [](#requirements) - PHP 7.4+ - WordPress 6.2+ (you can try with older versions, but it's not tested) ### Features [](#features) - Protects Login and Lost Password forms by default. - Supports Google reCAPTCHA v3 and Cloudflare Turnstile. - Allows IP addresses to bypass verification. - Sends verification email to user. - Allows to customize verification email subject, message body and link. - Allows to customize verification code length. - Allows to add protection to custom form. ### Screenshots [](#screenshots) [![Google reCAPTCHA v3](./screenshots/Google-reCAPTCHA-v3.png)](./screenshots/Google-reCAPTCHA-v3.png) [![Cloudflare Turnstile](./screenshots/Cloudflare-Turnstile.png)](./screenshots/Cloudflare-Turnstile.png) [![Verification](./screenshots/verification.png)](./screenshots/verification.png) [![Allowed IPs](./screenshots/allowed-IPs.png)](./screenshots/allowed-IPs.png) ### Install [](#install) - Preferable way is to use [Composer](https://getcomposer.org/): ``` composer require wp-digital/wp-recaptcha ``` By default, it will be installed as [Must Use Plugin](https://codex.wordpress.org/Must_Use_Plugins). But it's possible to control with `extra.installer-paths` in `composer.json`. - Alternate way is to clone this repo to `wp-content/mu-plugins/` or `wp-content/plugins/`: ``` cd wp-content/plugins/ git clone git@github.com:wp-digital/wp-recaptcha.git cd wp-recaptcha/ composer install ``` If plugin was installed as regular plugin then activate **Bot Protection** from Plugins page or [WP-CLI](https://make.wordpress.org/cli/handbook/): `wp plugin activate wp-recaptcha`. ### Usage [](#usage) Add required constants (usually to `wp-config.php`): ``` define( 'WPD_RECAPTCHA_KEY', '' ); define( 'WPD_RECAPTCHA_SECRET', '' ); ``` or just: ``` define( 'RECAPTCHA_KEY', '' ); define( 'RECAPTCHA_SECRET', '' ); ``` Depending on constants, plugin will use Google reCAPTCHA v3 or Cloudflare Turnstile. If both constants are empty then plugin will be disabled. Cloudflare Turnstile is detecting based on `WPD_RECAPTCHA_KEY` or `RECAPTCHA_KEY` constant, by using regex: `^\dx`. #### Allow IP addresses to bypass verification [](#allow-ip-addresses-to-bypass-verification) There are two ways to allow IP addresses to bypass verification: 1. Add IP addresses to `WPD_RECAPTCHA_ALLOWED_IPS` constant: ``` define( 'WPD_RECAPTCHA_ALLOWED_IPS', '' ); // comma separated list of IP addresses ``` 2. Add IP in admin area: **Settings** -> **Bot Protection** -> **Allowed IPs**, one IP per line (see [screenshots](#screenshots)). ### Customization [](#customization) #### Verification [](#verification) Change verification email subject: ``` /** * @param string $subject * @param string $code * @param WP_User $user * * @return string */ add_filter( 'wpd_recaptcha_verification_email_subject', function ( string $subject, string $code, WP_User $user ): string { return 'New subject'; }, 10, 3 ); ``` Change verification email message body: ``` /** * @param string $message * @param string $code * @param WP_User $user * * @return string */ add_filter( 'wpd_recaptcha_verification_email_message', function ( string $message, string $code, WP_User $user ): string { return 'New message'; }, 10, 3 ); ``` Modify verification link: ``` /** * @param string $link * @param string $code * @param WP_User $user * * @return string */ add_filter( 'wpd_recaptcha_verification_link', function ( string $link, string $code, WP_User $user ): string { return 'https://example.com/verify/' . $code; }, 10, 3 ); ``` Change verification code length: ``` /** * @param int $length * * @return int */ add_filter( 'wpd_recaptcha_verification_code_length', function ( int $length ): int { return 10; } ); ``` ### Hooks [](#hooks) #### Actions [](#actions) - `wpd_recaptcha_loaded` - Fires when plugin is loaded. Accepts one argument: `WPD\Recaptcha\Plugin` instance. - `wpd_recaptcha_verify` - Fires when verification is required. Accepts one argument: `WP_User` instance. - `wpd_recaptcha_form_success` - Fires when reCAPTCHA or Turnstile validation is successful. Accepts two arguments: `WPD\Forms\FormInterface` instance and `WPD\Recaptcha\Response` instance. ### Documentation [](#documentation) Add protection to custom form: - Create class which implements form interface `WPD\Forms\FormInterface`: ```