If you are still using the old Google reCAPTCHA on your website written in PHP, update and use the latest version of the anti-bot and spam protection mechanism of Google. Using the new reCAPTCHA v2.0, your site will be protected against abusive spam bots without the trouble of typing a CAPTCHA but instead a simple click will be made by your users to verify that they are human. Here I will share a simple PHP code that will let you start implementing the new reCAPTCHA in your site.
First, you need to get a site key (this is a public key, used in the HTML and necessary to render it) and a secret key (this is a private key used by your site to communicate with Google server. Make sure that it is not published in the HTML source of your site). You can get these keys from https://www.google.com/recaptcha/intro/.
Next, paste the following code before the closing </head> tag of your page with the form to use it:
Then, paste the following snippet inside the form where you want the reCAPTCHA widget to appear:
<div class="g-recaptcha" data-sitekey="[YOUR-SITE-KEY-HERE"></div>
See how it is done below:
You can see these codes in action via my HTTP / HTTPS Header Checker tool. This is a simple tool that let you view the header of a website so that you can analyze it. It’s useful for you to find out if a certain page of your site returns the correct HTTP Status Codes. For example if you are testing a Soft 404 (not found) page if it actually returns the right 404 code or 200 (found / ok) code.
Now the most important part of this reCAPTCHA v2 demo is how to verify if the user pass the anti-bot test. The following PHP code will show you how to verify the user’s entry using the URL: https://www.google.com/recaptcha/api/siteverify after the user submitted the form. This URL requires the private key aka your secret key, the response of the user and the IP address of the end user.