How to Integrate Google reCAPTCHA v2 with Example in PHP


Google reCAPTCHA v2 is one of the best ways to keep bad bots away from spamming your website.

If you have used Google reCAPTCHA v1 by google then you might have the idea about how difficult it was for the users but with v2 Google made it very user-friendly. The User fills the form and click/tap on the checkbox in Google reCAPTCHA v2 and done. There will be sometimes when it will be a little difficult to pass Google reCAPTCHA because Google wants to make sure no bad bot bypasses reCAPTCHA v2 and spam your website.

Step by step guide to integrate google reCAPTCHA 2.0 in your website

This article is intended for developers, who are familiar with HTML (client side) and PHP (server-side), if you aren’t familiar then please study a bit first then only this tutorial will make sense. At the end of this Google reCaptcha v2.0 tutorial, you will learn to How to add reCaptcha v2 to your site with code example so it’s easy to follow.

Generate API keys for Google reCAPTCHA v2

First thing first. You will need a Google reCAPTCHA Site Key and a Google reCAPTCHA  Secret key to implement Google reCAPTCHA v2.0 in your website. To obtain Google reCAPTCHA v2.0 API keys, you need to sign up on http://www.google.com/recaptcha/admin.

Register site for recaptcha api keysOnce you sign up then you will see “Register a new site” section just like on the left image.

You can put anything on the label field as it is just for your notes. I prefer using  “website name – page name” (e.g. WriteUp – Contact Page) combination, which makes my work easier because I have many keys on Google reCAPTCHA API keys.

Just after Label, there is a field labelled “domains”. You can list more than 1 domain (one per line) without HTTP(s):// also keep on mind domain should end with TLD ( .com, org, .net)  for example – example.com/contact.php would be invalid and correct domain would be – example.com.

If you want to use Google reCAPTCHA in your localhost (xampp, wampp), then you can use the key from any domain as all API keys work on localhost (127.0.0.1).

At the left bottom, you will find a checkbox. You can check that if you (website owner) want Google to send you a report when Google finds something suspicious on your website.

Hit the register button once you fill all the required details and you will be redirected to the next page, which will have API keys and some other useful information. Keep this page open for a while as we will need to copy some elements from this page.

Integrating Google reCAPTCHA v2.0 in HTML form

google recaptcha api keys demo screenshot

Now paste the javascript from step 1 before the closing </head> tag on your website:

<script src="https://www.google.com/recaptcha/api.js"></script>

Now copy the entire div from the API key information page and paste it inside form tag just above the submit button:

<div class="g-recaptcha" data-sitekey="your key"></div>
html form with google recaptcha 2.0Now open the page and you will see the Google reCAPTCHA on your HTML form, just like I have in form.

In case you don’t see the captcha then make sure you don’t have any error(s) on your console and you have used correct key for the website (domain).

And if you see the Google reCAPTCHA then congratulations! you are half way there.

Verify user response with Google reCAPTCHA v2.0

There are 3 ways to verify Google reCAPTCHA v2.0, but we will be using PHP in this Google reCaptcha tutorial. You have to download reCAPTCHA PHP Library.

Unzip the file, copy the src folder and paste it on your website application.

Now paste the below code at the top of your file (which contains form) and replace the API keys
(do not share your Google reCAPTCHA secret key)

			require("src/autoload.php");

$siteKey = "xxxxx";
$secret = "xxxxx";

$recaptcha = new \ReCaptcha\ReCaptcha($secret);

$gRecaptchaResponse = $_POST["g-recaptcha-response"]; //google captcha post data
$remoteIp = $_SERVER["REMOTE_ADDR"]; //to get user's ip

$recaptchaErrors = ""; // blank varible to store error

$resp = $recaptcha->verify($gRecaptchaResponse, $remoteIp); //method to verify captcha
if ($resp->isSuccess()) {
  // send mail or insert in db or do whatver you wish to
} else {
  $recaptchaErrors = $resp->getErrorCodes(); // set the error in varible
}

Show the error (if any) below Google reCAPTCHA 2.0

just below reCAPTCHA div paste following code:

<span>
  if(isset($recaptchaErrors[0]))
    echo $recaptchaErrors[0];
</span>

And we are done.

Hope you find this article useful and don’t forget to like, share and comment.

Need Help with installation? You can Hire me to integrate Google reCAPTCHA v2 on your website.

You can also Hire me for any website development related task or project. I have a total of 8 years of experience developing PHP websites.

Don’t forget to subscribe as I am going post a new tutorial about Invisible reCaptcha.