WordPress.org
Get WordPress
WordPress.org

Plugin Directory

Hubsine Spam Protection with Fallback for reCAPTCHA

Hubsine Spam Protection with Fallback for reCAPTCHA

By hubsine
Download

Description

Hubsine Spam Protection with Fallback for reCAPTCHA integrates Google reCAPTCHA V3 and V2 with WordPress native forms and popular form plugins. Choose between three protection modes and configure each form independently.

Protection modes:

  • V3 only — Invisible score-based protection. No user interaction required. Submissions scoring below the threshold are blocked silently.
  • V2 only — Classic “I’m not a robot” checkbox. Full user interaction required.
  • V3 with V2 fallback (recommended) — V3 runs invisibly first. Only users who score below the threshold are shown the V2 checkbox, giving real users a second chance.

Supported forms:

  • WordPress login form
  • WordPress registration form
  • WordPress lost password form
  • WordPress comment form
  • Contact Form 7 (via [hubsine_recaptcha] tag)
  • Ninja Forms (via a draggable field in the form builder)

Key features:

  • Internal token system — the Google V3 token is pre-verified server-side before form submission. Submissions carry a short-lived signed token instead of a raw Google token, reducing API latency on submit.
  • Per-form configuration — set the V3 action string and score threshold independently for each form.
  • Token auto-refresh — the internal token is refreshed in the background so users on long forms always have a valid token.
  • No dependencies — no Composer, no npm, no jQuery. Plain PHP 7.4+ and vanilla JavaScript.
  • WordPress.org compliant — no obfuscated code, no outbound calls other than the documented Google API.

Donate

Hubsine Spam Protection with Fallback for reCAPTCHA is free, open-source, and has no ads or premium tier. If it saves you time or keeps your site safe from spam, consider supporting its development with a small donation — every contribution helps.

https://donate.stripe.com/00w8wO0V197Ca376tP4Ni01

Thank you!

External Services

This plugin communicates with external services operated by Google LLC.

Google reCAPTCHA API script

  • URL: https://www.google.com/recaptcha/api.js
  • Purpose: Loads the reCAPTCHA widget and provides the grecaptcha JavaScript object used to generate tokens.
  • Triggered: On every front-end page where at least one protected form is present.
  • Data sent: The visitor’s IP address and browser fingerprint are sent to Google as part of the reCAPTCHA scoring process. No data from your site’s database is included.
  • Google Privacy Policy: https://policies.google.com/privacy
  • Google Terms of Service: https://policies.google.com/terms

Google reCAPTCHA siteverify API

  • URL: https://www.google.com/recaptcha/api/siteverify
  • Purpose: Server-side verification of reCAPTCHA tokens. Called from your server (not from the visitor’s browser) when a form is submitted or during the pre-submission precheck.
  • Triggered: On every protected form submission and on every precheck AJAX request.
  • Data sent: The reCAPTCHA response token and your secret key. The visitor’s IP address (REMOTE_ADDR) is also forwarded to improve scoring accuracy.
  • Google Privacy Policy: https://policies.google.com/privacy
  • Google Terms of Service: https://policies.google.com/terms

By using this plugin, you agree to Google’s Terms of Service and Privacy Policy. You are responsible for informing your users about the use of reCAPTCHA in your privacy policy.

Screenshots

  • General settings — choose protection mode and enter API keys.
  • Forms settings — enable reCAPTCHA per form and configure V3 action and score threshold.
  • Advanced settings — badge position, hide badge, async script loading.
  • Status tab — system info, API connection test.

Installation

  1. Upload the hubsine-spam-protection folder to /wp-content/plugins/.
  2. Activate the plugin through the Plugins menu in WordPress.
  3. Go to Settings -> Hubsine Spam Protection with Fallback for reCAPTCHA.
  4. Obtain V3 and/or V2 site and secret keys from Google reCAPTCHA Admin.
  5. Enter your keys on the General tab and choose a protection mode.
  6. Enable reCAPTCHA for the forms you want to protect on the Forms tab.

FAQ

Which reCAPTCHA keys do I need?

For V3 only mode: a V3 site key and V3 secret key.
For V2 only mode: a V2 site key and V2 secret key.
For V3 with V2 fallback mode: all four keys (V3 site, V3 secret, V2 site, V2 secret).

Why does my reCAPTCHA badge not appear?

By default, the floating reCAPTCHA badge is hidden via CSS (Google permits this when you credit reCAPTCHA in your privacy policy). You can show the badge again under Settings -> Hubsine Spam Protection with Fallback for reCAPTCHA -> Advanced.

How do I use reCAPTCHA with Contact Form 7?

Install and activate Contact Form 7, enable the CF7 option under Forms -> Contact Form 7, then add the [hubsine_recaptcha] tag to your CF7 form. The tag generator in the CF7 editor lets you configure the V3 action and score threshold per form.

How do I use reCAPTCHA with Ninja Forms?

Install and activate Ninja Forms, enable the Ninja Forms option under Forms -> Ninja Forms, then drag the Hubsine Spam Protection with Fallback for reCAPTCHA field into your form from the field palette. Configure the V3 action and score threshold in the field settings panel.

Does the plugin support WordPress Multisite?

Not in v1.0. Each site on a Multisite installation must be configured independently.

Is the plugin compatible with caching plugins?

The internal token is issued server-side at a dedicated AJAX endpoint and has a configurable lifetime (default: 2 minutes). Standard page caching does not interfere with token generation. The Google reCAPTCHA script is loaded from Google’s CDN and is not affected by WordPress caching.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Hubsine Spam Protection with Fallback for reCAPTCHA” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Hubsine Spam Protection with Fallback for reCAPTCHA” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.0

  • Initial release.
  • V3 / V2 / V3+V2 fallback modes.
  • Native WordPress forms: login, registration, lost password, comments.
  • Contact Form 7 integration with per-tag action and score configuration.
  • Ninja Forms integration with per-field action and score configuration.
  • Internal token system with configurable lifetime and auto-refresh.
  • Admin settings page with General, Forms, Advanced and Status tabs.

Meta

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum

Donate

Would you like to support the advancement of this plugin?

Donate to this plugin