Protecting Web Forms with Google reCAPTCHA


#1

A form consists of several input fields that a visitor would enter information and then submit to give that website/organization some information. This could be a registration form, for example.

We commonly see these forms get misused by attackers that are repeatedly posting the form several times per second. While some forms submit information to a database, some forms are designed to send e-mails once the form submits. Some forms do a combination of the two.

Regardless of the form’s purpose, it is extremely important to protect the form from being misused. A simple way of doing this would be to Google reCAPTCHA to your forms. By adding this functionality to your website’s forms you drastically reduce the chances of an attacker penetrating your form.

Installing Google reCAPTCHA

Whether you are developing your website in PHP, ColdFusion, ASP, .NET, etc… you should be able to add reCAPTCHA to your website following the Google reCAPTCHA introduction guide.

Since this will require a little development experience, it is recommended to get with your website developer for any assistance needed on reCaptcha implementation.

Google reCAPTCHA for WordPress

If your website is running WordPress, then this just got a lot easier for you. There are several plugins available that have Google reCAPTCHA functionality included for forms.

View all available plugins matching the tag reCAPTCHA here. Once you find the right plugin you can install and activate this on your website. Depending on the chosen plugin you may need to enable the captcha to appear on all of your available forms.

Note: It is recommended to use a plugin from a reputable author/company, as well as a plugin that is consistently receiving updates. Additionally, from a quick review some of the plugins shown in the list appear to only be for WordPress login pages and not forms… so do research on which plugin is best for your website.

Google reCAPTCHA for Joomla

If your website is running Joomla, then this is also an easy setup for you. Joomla has built-in plugins that you can enable for reCAPTCHA.

You can see their guide for setting up and configuring reCAPTCHA on Joomla here.