WordPress
Official CaptchaLa plugin for WordPress. Adds CAPTCHA verification to core WordPress forms and to the most common form, e-commerce and community plugins without writing any code.
What it covers
Each item below is an individual checkbox in the plugin's settings panel — you only enable the surfaces you actually want to protect.
- WordPress login
- WordPress registration
- WordPress comments
- WordPress lost-password
- WooCommerce checkout
- WooCommerce account creation
- WooCommerce login
- Contact Form 7
- Gravity Forms
- WPForms
- Elementor Forms
- BBPress (topics and replies)
- BuddyPress (registration and activity)
If a form plugin is not installed, its toggle is hidden — the plugin detects available integrations at boot.
Install
1. Install the plugin
Two options:
- WordPress admin —
Plugins→Add New, searchCaptchaLa, click Install then Activate. - Manual upload — download the latest release zip from
github.com/Captcha-La/captchala-wordpress/releases, upload viaPlugins→Add New→Upload Plugin, and activate.
The plugin targets WordPress ≥ 6.0 and PHP ≥ 7.4.
2. Get your keys
Sign up at dash.captcha.la, create an application, then copy:
- App Key — public, embedded in the page
- App Secret — server-side only, used by WordPress to call
/v1/validate
3. Wire it up
In WP-Admin, open CaptchaLa in the left menu:
- Paste the App Key and App Secret.
- Pick a verification mode (popup, bind, embed or float — see Web SDK).
- Toggle the forms you want protected.
- Click Save changes.
Open one of the protected forms in a private window to confirm the challenge renders.
Configuration
All settings live under WP-Admin → CaptchaLa. The plugin stores them as a single WordPress option (captchala_settings).
| Setting | Type | Default | Description |
|---|---|---|---|
| App Key | string | — | Public key (cl_pub_…) from the CaptchaLa dashboard. Required. |
| App Secret | string | — | Server secret. Required. Never exposed to the browser. |
| Verification mode | enum | popup | One of popup, bind, embed, float. Maps to the Web SDK product option. |
| Form toggles | bool[] | all off | One toggle per supported form (see What it covers). |
| Lazy load | bool | true | When on, the CaptchaLa loader is only enqueued on pages that contain a protected form. |
| Theme | enum | auto | light, dark, or auto (follows the user's system preference). |
| Action label | string | per-form | The action string sent on validation (login, register, comment, wc_checkout, etc). The plugin sets sensible defaults — override only if you have a reason. |
| Bind to IP | bool | true | Sends the visitor IP at issuance and validation. Disable behind a proxy that does not forward client IPs. |
| Block on verification failure | bool | true | When off, failed verifications are logged but the form still submits. Use for staged rollout, not production. |
Settings can also be exported / imported as JSON from the settings page footer.
FAQ
Is the plugin free?
Yes. The WordPress plugin is free. The CaptchaLa free plan covers 1,000 verifications a month — paid plans only apply if you need more volume.
Will it slow down my site?
The loader is enqueued lazily, only on pages that render a protected form. The verification call returns from the edge in under 100ms in most regions. There is no front-page tracking script.
Does it work with WooCommerce?
Yes. Checkout, account creation and login are supported out of the box — each is a separate toggle. The plugin hooks WooCommerce's standard validation pipeline, so failed verifications surface as normal WooCommerce form errors.
Do I need to write code?
No. Install, paste two keys, toggle the forms you want to protect. There are filters available if you need to customize behaviour, but they are optional.
Is it GDPR-compliant?
CaptchaLa is privacy-first: no third-party tracking pixels, no advertising signals, and the WordPress plugin transmits only what is needed to verify a single challenge. Per-request export and deletion are available through the CaptchaLa dashboard.
Source
- Plugin repository:
github.com/Captcha-La/captchala-wordpress - Issues / feature requests: filed against the repository above
- Related: Web SDK · PHP Server SDK · API Reference