Integrating Google reCAPTCHA v3 in HTML Form with PHP

 

What is Google reCAPTCHA v3?

Google reCAPTCHA is a free service that helps protect websites from spam and abuse. reCAPTCHA v3 is the latest version of this service, and it's designed to work silently in the background without requiring any user interaction, such as solving puzzles or clicking checkboxes. It assigns a score to each user and lets you take action based on that score.

HTML form security with reCAPTCHA v3 | Protecting forms from spam with reCAPTCHA v3 | How to add reCAPTCHA v3 to PHP forms | Website form security best practices | Google reCAPTCHA setup and usage guide | PHP form validation with reCAPTCHA v3

Step 1: Sign Up for reCAPTCHA

Before you can integrate reCAPTCHA v3 into your HTML form, you need to sign up for an API key. Here's how:

1. Go to the reCAPTCHA website.
2. Click on the "Admin Console" button.
3. Sign in to your Google account or create one if you don't have one already.
4. Once signed in, click the "+" button to create a new site.

Step 2: Add reCAPTCHA to Your HTML Form

Now that you have your API keys, you can add reCAPTCHA to your HTML form:

<!DOCTYPE html>

<html>

<head>

    <!-- Add the reCAPTCHA script -->

    <script src="https://www.google.com/recaptcha/api.js" async defer></script>

</head>

<body>

    <form action="process.php" method="POST">

        <!-- Your other form fields here -->

        <!-- Add the reCAPTCHA widget -->

        <div class="g-recaptcha" data-sitekey="YOUR_SITE_KEY_HERE"></div>

        <button type="submit">Submit</button>

    </form>

</body>

</html>

Replace "YOUR_SITE_KEY_HERE" with the actual site key you obtained in Step 1.

Step 3: Verify reCAPTCHA Score with PHP

Now, let's process the form submission on the server-side using PHP and verify the reCAPTCHA score. Create a PHP file (e.g., process.php) and add the following code:

<?php

$recaptcha_secret = 'YOUR_SECRET_KEY_HERE';

$recaptcha_response = $_POST['g-recaptcha-response'];

$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$recaptcha_secret&response=$recaptcha_response");

$responseKeys = json_decode($response, true);

if (intval($responseKeys["score"]) >= 0.5) {

    // reCAPTCHA score is good, process the form data

    // Your form processing code here

    echo "Form submitted successfully!";

} else {

    // reCAPTCHA score is low, consider this submission suspicious

    echo "Please complete the reCAPTCHA to submit the form.";

}

?>

Make sure to replace "YOUR_SECRET_KEY_HERE" with your actual reCAPTCHA secret key.

Step 4: Test Your Form

Now, you have successfully integrated reCAPTCHA v3 into your HTML form with PHP. Test your form to ensure everything is working as expected. When users submit the form, reCAPTCHA will silently evaluate their interaction with your website and provide a score. You can adjust the threshold (0.5 in this example) to determine what level of risk you're willing to accept.