To add reCAPTCHA to an Elementor form, generate a Site Key and Secret Key from the Google reCAPTCHA console, paste them into Elementor > Settings > Integrations (Elementor Pro) or into The Plus Settings > Extra Options (The Plus Addons for Elementor), then drop a reCAPTCHA field into your form. The full walkthrough for reCAPTCHA v2, v3, and the free-Elementor path is below.
Spam submissions, fake signups, and bot-driven form abuse are a daily reality for any public-facing Elementor form. A single unprotected contact form can generate hundreds of junk entries a week, pollute your CRM, and trip your email deliverability. reCAPTCHA is the fastest way to shut that down without adding friction for real visitors.
This guide walks through the exact setup for reCAPTCHA v2 and v3 on Elementor forms, the free-Elementor workaround using The Plus Addons, and the most common issues people hit when the integration refuses to cooperate.
What is Google reCAPTCHA for Elementor Forms?
Google reCAPTCHA is a free anti-bot service that sits between your form and the submit action. It uses behavioral signals, risk analysis, and (in v2) optional challenges to decide whether the submission came from a human or an automated script. CAPTCHA is short for “Completely Automated Public Turing test to tell Computers and Humans Apart,” and reCAPTCHA is Google’s widely deployed implementation.
On an Elementor form (contact, registration, login, newsletter, quote request, or any custom form), reCAPTCHA is added as a dedicated field. Google currently offers two versions that work cleanly with Elementor and with the Elementor alternative form widgets from The Plus Addons.
reCAPTCHA v2: visible or invisible
- reCAPTCHA v2 Checkbox (“I’m not a robot”): the user ticks a checkbox. Suspicious visitors get an image challenge.
- reCAPTCHA v2 Invisible: the badge loads in the corner, no checkbox required. Google only shows a challenge if it flags the session as risky.
reCAPTCHA v3: score-based, no interaction
reCAPTCHA v3 never interrupts the user. It runs in the background and returns a score from 0.0 (very likely a bot) to 1.0 (very likely human) for every interaction. You decide the threshold that triggers rejection. A common starting point is 0.5; raise it to 0.7 or 0.8 if you’re still getting bot submissions, lower it if real users are being blocked.
Which version should you use on Elementor forms?
- Pick v3 for checkout, signup, and high-conversion forms where any added friction hurts. You accept occasional false positives in exchange for zero user interaction.
- Pick v2 Invisible if you want the quiet behavior of v3 but with a fallback image challenge for borderline cases.
- Pick v2 Checkbox if your audience expects a visible security cue (banking, healthcare, government-adjacent) or if bot traffic is heavy and you’d rather force a deliberate action.
Frustrated with endless form spam? Here’s how to stop Elementor contact form spam completely.
Why add reCAPTCHA to Elementor forms
An unprotected Elementor form is a standing invitation for automated abuse. Adding reCAPTCHA gives you five concrete wins:
- Spam elimination: filters out the scripted submissions that flood contact, comment, and signup forms.
- Credential-stuffing defense: on login and registration forms, reCAPTCHA throttles brute-force attempts that iterate through leaked password lists.
- Cleaner analytics and CRM: junk submissions distort your conversion data and waste sales time. Blocking them at the source keeps your reporting honest.
- Lower server load: bot traffic consumes real resources. Rejecting it before it hits form processing or mail delivery frees up capacity.
- Better deliverability: bots often submit forms that trigger notification emails to spammy recipients, which damages your sender reputation. reCAPTCHA cuts that off.
Want a broader security checklist? Here are the 20+ WordPress maintenance tasks worth prioritizing.
How to add reCAPTCHA to an Elementor form with Elementor Pro
Elementor Pro ships with native reCAPTCHA integration for v2 and v3 inside its Form widget. If you have Pro, this is the fastest path.
Step 1: Register your site in the reCAPTCHA console
Open the Google reCAPTCHA admin console and sign in with the Google account you want tied to this site. Fill in:
- Label: a name only you see (for example, yoursite.com production).
- reCAPTCHA type: Challenge (v2) with checkbox or invisible, or Score-based (v3).
- Domains: add your root domain without
https://or trailing slash. Addlocalhosttoo if you’re testing locally.
Accept the reCAPTCHA Terms of Service and submit.
Step 2: Copy the Site Key and Secret Key
Google returns two keys. The Site Key is safe to expose in page source. The Secret Key must stay server-side. Copy both into a password manager or notes file. If you lose the Secret Key, you’ll need to regenerate it from the same console.
Step 3: Connect the keys inside Elementor
In your WordPress dashboard, go to Elementor > Settings > Integrations. Scroll to the reCAPTCHA and reCAPTCHA V3 blocks and paste the keys into the correct version’s fields. Save.
If you’re using v3, set your Score Threshold. Elementor defaults to 0.5. Scores above the threshold pass, scores below are blocked. Tighten to 0.7 if bots are leaking through, loosen to 0.3 if legitimate users report failed submissions.
Step 4: Add the reCAPTCHA field to your form
Edit the page with the Elementor form on it, or drag a new Form widget onto the page. In the left panel, under Form Fields, click Add Item.
Comparing options? Here are the 5 best Elementor form builder plugins.
Step 5: Choose the reCAPTCHA type and customize
Set the field Type to reCAPTCHA (v2) or reCAPTCHA V3. For v2, you can adjust:
- Size: Normal, Compact, or Invisible.
- Theme: Light or Dark, to match your page background.
- Badge position (v3 and Invisible v2): bottom-right, bottom-left, or inline.
Click Update. Open the live page in an incognito window and submit a test entry. A passing submission lands in your Elementor > Submissions log or your configured email action.
Here’s a quick visual walkthrough showing the full setup across several form types:
How to add reCAPTCHA without Elementor Pro
Elementor’s free version doesn’t include the Form widget, so there’s nowhere native to attach reCAPTCHA. You need a free form widget that supports reCAPTCHA on its own. The Plus Addons for Elementor provides both: a free-tier Plus Form widget and a global reCAPTCHA configuration.
- Install The Plus Addons for Elementor from the WordPress plugin directory and activate it.
- Register your site on the reCAPTCHA console and grab the Site Key and Secret Key as described above.
- In WordPress, go to The Plus Settings > Extra Options. Paste the Site Key and Secret Key into the reCAPTCHA fields and save.
- Edit a page with Elementor, drag the Plus Form widget onto the canvas, and add a reCAPTCHA field from the form fields panel.
The Plus Form widget also supports Cloudflare Turnstile and a HoneyPot field if you want a reCAPTCHA alternative or a second layer. Alongside form security, the plugin bundles 120+ Elementor widgets that cover listing, animation, form, and marketing use cases.
Troubleshooting reCAPTCHA on Elementor forms
A few patterns account for most reCAPTCHA failures on Elementor sites.
The badge or checkbox never appears
Check the browser console. If you see ERROR for site owner: Invalid site key or a 400 error from google.com/recaptcha/api.js, the Site Key is wrong or is registered for a different domain. Re-copy it from the console and confirm the domain matches exactly (no www mismatch, no typos).
Form submits fine but still gets spam
You’re likely on v3 with too low a threshold, or the v2 field is present visually but not validated server-side because the Secret Key is blank or wrong. Verify the Secret Key is saved in Elementor > Settings > Integrations (or The Plus Settings > Extra Options) and raise the v3 threshold to 0.7.
Real users report “please verify you’re human” loops
This is v3 with a too-aggressive threshold, or a conflict with a caching plugin or firewall that strips the reCAPTCHA token. Lower the threshold to 0.3, exclude the form page from aggressive page caching, and allowlist google.com/recaptcha in your firewall if you have one.
Keys work on staging but not production (or vice versa)
reCAPTCHA keys are domain-scoped. Add every domain the site serves on (staging subdomain, production domain, and localhost for local dev) to the same reCAPTCHA entry in the console, or create separate keys per environment.
Mixed v2 and v3 keys
v2 and v3 keys aren’t interchangeable. Pasting a v3 Site Key into the v2 field (or the reverse) silently fails. Double-check the version label in the reCAPTCHA console before copying.
Do you Manage WordPress Websites? Download Our FREE E-Book of 20+ Checklist for WordPress Site Maintenance.
Wrapping up
Adding reCAPTCHA to an Elementor form is a 10-minute job that stops the vast majority of bot-driven form abuse. The short version:
- Register your site in the Google reCAPTCHA console, pick v2 or v3, and copy the Site Key and Secret Key.
- On Elementor Pro, paste the keys into Elementor > Settings > Integrations and add a reCAPTCHA field to your Form widget.
- On free Elementor, use The Plus Addons’ Plus Form widget with keys saved under The Plus Settings > Extra Options.
- Prefer v3 for quiet, score-based filtering; choose v2 when you want a visible security cue or a harder challenge.
- Test submissions in incognito and adjust the v3 threshold (or add Cloudflare Turnstile / HoneyPot) until real users pass cleanly and bots don’t.
Once reCAPTCHA is in place, the same Plus Form widget can layer HoneyPot and Cloudflare Turnstile on top, giving you multiple filters without extra plugins. Get The Plus Addons for Elementor to add reCAPTCHA on Elementor free and extend your forms with 120+ additional widgets.
