How to implement reCAPTCHA in PHP

CAPTCHA! yes it is spelt correct. It actually stands for
CAPTCHA => "Completely Automated Public Turing test to tell Computers and Humans Apart"

It was actually proposed by Alan Turing in 1950 to determine if a machine has a man equivalent mind.

A more generalist usage of the term and its concept is widely adopted to differentiate between a human and robot interaction on a website or a web application. This prevents headless browsing, spams, abuse and results in better user experience. Here we try to demonstrate how to integrate Google reCAPTCHA using PHP in simple steps.

Note: The version 1.0 of the Google captcha has been discontinued and has been renamed as reCAPTCHA which is v 2.0. Click here for more information.

Step 1 : Register the Domain

Go to the Google reCAPTCHA admin panel and register for keys on a particular domain, without any sub-directory.

Once you register your site on the admin panel; then you will be allocated the site keys. You can add multiple domains under one label, and can add multiple reCAPTCHA sites.

Step 2 : Get your Site API key

The site keys are under the "Keys" section.
There will be two keys
  • Site Key : Used in the HTML code on the domain
  • Secret Key : Used for communication between the site and the Google. As the name suggest, this has to be secret and has to be private.

Step 3 : Add HTML Code (index.php)

Add the script under the head section of the index.php (or index.html), like so,
<script src=""></script>

Create a form with the div with class="g-recaptcha" and your site key, like so,
<head><title>How to use reCaptcha | Wordane</title>
<script src=""></script>
<body> <!-- the body tag is required or the CAPTCHA may not show on some browsers -->
<!-- your HTML content -->
<form method="post" action="verify.php">
<label for="name">Name:</label>
<input name="name" required /><br/>
<label for="age">Age:</label>
<input name="age" required /><br/>
<!-- This is for the captcha and we get this from -->
<div class="g-recaptcha" data-sitekey="YOUR_SITE_KEY_GOES_HERE"></div>
<input type="submit" />
<!-- more of your HTML content -->

Step 4 : Download reCAPTCHA library

To keep things simple in this example we will restrain from using composer. For a detailed installation of the reCAPTCHA visit the github repo on Google reCAPTCHA. If on linux (Ubuntu), then use the following to download the master branch as a zip in the working directory.


Then unzip it and rename (move) to a new directory for sake of sanity.

mv recaptcha-master/ captcha

The source contains a directory "src", which has all the namespaced classes under sub-directory ReCaptcha and autoload.php. We will use autoload.php, in order to avoid requiring any dependencies.

Step 5 : Add PHP code to verify user

As per our HTML form in Step 3, the action is specified to be verify.php, hence we create the file with the same name and require_once the autoload.php under the captcha/src/, like so


The next step is to assign our Secret key from our reCAPTCHA admin dashboard as shown in Step 2 into a variable $privatekey, like so:

Now we create an object like so,
$recaptcha = new \ReCaptcha\ReCaptcha($privatekey);

Now we verify the private secret key with the response from the HTML form and remote address, like so
$resp = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER["REMOTE_ADDR"]);
When the HTML form is submitted at index.php (or index.html), then along with the form fields "g-recaptcha-response" is also send in POST.
The verify function needs the SERVER_ADDRESS and this response to verify.

Now we validate the response like so:
if ($resp->isSuccess()) {
        die('Thank you. Captcha verified correctly');
    } else {
        $errors = $resp->getErrorCodes();

Hence our verify.php would look something like this:
    $privatekey = "YOUR_PRIVATE_KEY_GOES_HERE";

    $recaptcha = new \ReCaptcha\ReCaptcha($privatekey);
    $resp = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER["REMOTE_ADDR"]);
    if ($resp->isSuccess()) {
        die('Thank you. Captcha verified correctly');
    } else {
        $errors = $resp->getErrorCodes();

Wordane | Google reCAPTCHA simplified


If the reCAPTCHA is filed in properly, along with properly, we see a "Thank you. Captcha verified correctly" message else we have an array with error codes and description.

For the working code of above example, click here for github repo
For a complete list of API request and response visit the Google documentation here.
For a complete introduction of the Google reCAPTCHA click here.

Post a Comment