Protecting Online Forms Against Spams Using reCaptcha

On a daily basis, there are many so-called spam robots (bots) spidering the web in order to find online forms that can be used to

  1. Boost Search Engine rankings – This affects guest books and forums. The main goal of spammers is to obtain links from other resources. So they put messages with their links in your forums and message boards.
  2. Spam feedback forms to deliver advertisements. This is the same method as spamming mailboxes. Spammers just deliver their advertisements to you using the feedback forms you provide them on your site.

One of the best solutions to protect your forms is to use reCaptcha .

What is reCaptcha?

reCaptcha is a free Captcha service used by many websites to prevent bots from spamming your website forms, harvesting email addresses or worse. It’s likely you have already seen or used Captcha or reCaptcha on the web. They are colorful images with distorted text at the bottom of many web registration forms and works in such a way that it generates and grades tests that humans can pass but computer programs cannot. For example, humans can read distorted text as the one shown below, but current computer programs can’t. As no computer program can read distorted text as well as humans can, bots CANNOT navigate sites protected by reCaptchas/Captchas, therefore protecting your online forms from spams.


In addition to form spam protection, reCaptcha also helps to digitize books, newspapers and old time radio shows. For more information please visit the following webpage at

Implementing reCaptcha on your Web based form

    1. In your PHP script that contains the form and the one which processes the form, include the reCaptcha library using the following command:

      include($_SERVER[‘DOCUMENT_ROOT’] . “/home/newincludes/php/recaptchalib.php”);

    2. In the PHP script that contains the form, add the following lines of code where you would like to display the Captcha image:

      $publickey = “6LeCc7oSAAAAAEB-u1yy2Qb2BBJ5XFYaVcWzKOOc”;

      echo recaptcha_get_html($publickey);

    3. In the PHP script that processes the form, add the following lines of code at the beginning of the script. Please contact the Webmaster for a private key.

      $privatekey = “…”;

      $resp = recaptcha_check_answer ($privatekey, $_SERVER[“REMOTE_ADDR”], $_POST[“recaptcha_challenge_field”], $_POST[“recaptcha_response_field”]);

    4. You can use the $resp variable to condition the processing of the form. For example

      if(!$resp->is_valid) { print “The reCaptcha wasn’t entered correctly. Go back and try it again.”; } else { …. //process the form }


    5. For more information on customizing the look and feel and other features of reCaptcha please visit this quickstart guide.

A cautionary word.

    • reCaptcha or Captcha is not a 100% spammer proof system so please do not put your bank account details or credit card pin behind a reCaptcha/Captcha protected page.
    • reCaptcha or Captcha does not protect you from spammers that are delivering their spam manually, but it will stop all the spam bots. Statistics show that spam delivered manually is less than 0.01% of all web form spams.
Think Big We Do

Copyright © 2017 University of Rhode Island.