How to Add a CAPTCHA Test to Your Feedback Form Script

Reducing Spam in Your Contact Form with ReCAPTCHA or hCaptcha

How to Add a CAPTCHA Test to Your Feedback Form Script: Reducing Spam in Your Contact Form

by Christopher Heng,

Over the years, I have received many requests from webmasters to add some sort of spam filtering capability to the contact form generated by the Feedback Form Wizard. The reason, of course, is that spammers nowadays send automated computer programs, often called "spam bots", to scour the web for contact forms to dump spam into. As such, if your email software or email service doesn't have extensive spam removal facilities, you will probably be inundated by spam submitted through your own contact form.

This article shows you how to add a basic spam reducing facility, called a CAPTCHA test, to the contact form generated by the wizard. You have probably encountered such tests before: after filling in a form, you are required to complete some task, such as enter a string of letters or click pictures of a particular object from a selection of images, to prove that you are a human and not a spam bot. If you don't know what I'm talking about, take a look at either the hCaptcha demo or the ReCAPTCHA demo.

More About CAPTCHA Tests

CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart". The idea is to create a test that any human can pass easily but computer programs will fail. It is useful for things like contact forms since you want humans to be able to send you feedback, but don't want spam programs to send you junk mail.

There are many different types of CAPTCHA tests around. One common test places a series of words in a graphical image and asks your human visitor to enter the words he/she sees. Another displays a set of pictures and asks the user to choose the ones that depict a particular object (eg cars, signs, etc). The hope is that most computer programs will fail it, since they can't actually "see" anything.

Of course this is not foolproof. There are a number of ways to defeat it, such as to incorporate optical character recognition (OCR) technology into the spam bots, employ cheap (human) labour to decode it, etc. However, the plan is that having such a test will at least reduce some of the spam entering your mail box by weeding out the less advanced spam bots surfing the Internet.

Who is this article for?

This article is for the ordinary non-technical webmaster, who simply wants to add a CAPTCHA test to his/her web form. It is NOT for programmers who want to learn how to implement their own CAPTCHA test.

If you are a programmer, looking for a way to create your own CAPTCHA test, you may want to read the following, more relevant, articles:

If you don't want to reinvent the wheel, you may also be interested in the Free PHP CAPTCHA Scripts page to see how others have implemented it.

Disadvantages of Adding a CAPTCHA Test

Before you rush out to add a CAPTCHA test, note that there are important disadvantages to adding it.

If your email server and software have sufficiently good spam filters that have warded off spam in the past, and you think you don't really need the CAPTCHA facility, consider not including it. Otherwise, you may be introducing a problematic cure for a non-existent disease. But it's up to you, of course. I just wanted to make sure you are aware of these caveats, so that you can make an informed decision.

How to Add the CAPTCHA Test to Your Feedback Form

To enable the CAPTCHA option in the feedback form generated by the wizard, do the following.

  1. Sign up with a CAPTCHA service

    The Feedback Form Wizard can generate the code needed for two different CAPTCHA services, ReCAPTCHA and hCaptcha. Decide which service you want, and sign up with them. (For those who are thinking, "How? Where do I go?", just click the relevant link in the first sentence of this paragraph to get there.)

    If you want to take a look at what their CAPTCHA challenges look like on a form before deciding, see the ReCAPTCHA v2 checkbox demo, ReCAPTCHA v2 invisible demo and the hCaptcha demo.

    Both services are free, or at least they were when I wrote this article. In fact, hCaptcha even says that they will pay you for the CAPTCHAs solved by your visitors. If either of these services stops being free, please let me know, and I will remove that option from the Wizard. You will be required to provide them your email address. ReCAPTCHA also requires that you tell them your website's domain name. The latter seems to be optional for hCaptcha.

  2. For ReCAPTCHA, choose either the ReCAPTCHA v2 checkbox option or the Invisible ReCAPTCHA v2 option. Do not choose the Android or v3 options, since these are either not relevant or not supported. Note that "Invisible ReCAPTCHA" does not guarantee that there is no CAPTCHA. It just means that the test pops up only when the user clicks the "Send Feedback" button. Try the demo to see what I mean. I think the test is not supposed to show at all if Google has gathered enough data on you to be sure that you are not a robot.

    For hCaptcha, note that you can also set the difficulty level of the CAPTCHA challenge. At the time I write this, you can change it in the "Settings" section of their website. There are four difficulty levels, Easy, Moderate, Difficult and Always On. My demo is set to the Moderate level, since that is the default setting, and I didn't bother changing it. You don't have to change it either, if you don't know which to choose. The easier settings apparently lead to less user frustration, since your visitors may not even need to complete a picture challenge when they click the checkbox, provided hCaptcha thinks that they are most likely to be human. The harder settings are useful for sites that experience a lot of spam, and they will cause hCaptcha to pop up a challenge more frequently (for Difficult) or all the time (for Always On). Their documentation also says the challenges also become harder for the higher difficulty settings.

    When you have finished signing up, you will be given two cryptic strings of letters and numbers. These are your Site and Secret keys. You will need to enter these keys into the Feedback Form Wizard, so I recommend that you keep the CAPTCHA service's website open, so that you can just copy and paste the strings. Do not type them manually or you may introduce typing errors and give the wrong keys to the wizard.

  3. Enter Your Keys into the Feedback Form Wizard

    Go to the Free Feedback Form Wizard. Read the instructions and the terms of use and fill in the details requested. You will have to choose the PHP script because I did not implement the facility in the Perl version.

    When you reach the "Advanced Options" section, select either "hCaptcha", "ReCAPTCHA v2 (checkbox)" or "ReCAPTCHA v2 (invisible)" from the drop down box for the "CAPTCHA test to use" option. Make sure you choose the option that matches what you signed up for. The Wizard does not know what you did in the earlier step, and will blindly accept whatever you choose. If you select an option different from what you signed up for, the CAPTCHA challenge will not work.

    Once you choose one of the options from the drop down box, two additional fields, "Site key" and "Secret key", will appear. Enter your keys in the appropriate fields. These keys will be integrated into the form and script that is created by the wizard, which is why they are requested.

    (Don't worry. Like all the other data you enter into the wizard, they are not recorded anywhere, not even in my web logs. I'm trying to help you block spam, not introduce it. In addition, just in case you're wondering about the term "Secret key", it is a "secret" because it is meant to be used by the feedback form script and not published on a web page.)

  4. Update Your Website

    Once the wizard has produced its results, insert the script code into your feedback.php file and the form code into your web page. Remember also to create the Thank You and Error pages. Then upload (publish) everything to your site. Detailed instructions for doing this can be found in the usual feedback form tutorials (and a brief version is also mentioned on the results page itself):

That's it. Once the form is "live" on your website, test your form by sending yourself a message.

Important: you can only test the CAPTCHA in a browser on your "live" website. The CAPTCHA test will probably not display correctly, if at all, in your web editor (or anywhere on your own computer). Note also that if you signed up for ReCAPTCHA, the keys will only work on the domain you provided to that service when you signed up.

Troubleshooting and Additional Things to Note


The CAPTCHA test is probably one of the most frequently requested feature for my feedback form script, probably because there are so many beleaguered webmasters struggling with spam. Following the steps given in this CAPTCHA guide will allow you to add the test to your web form without having to learn any programming at all.

Copyright © 2009-2024 by Christopher Heng. All rights reserved.
Get more free tips and articles like this, on web design, promotion, revenue and scripting, from

thesitewizard™ News Feed (RSS Site Feed)  Subscribe to newsfeed

Do you find this article useful? You can learn of new articles and scripts that are published on by subscribing to the RSS feed. Simply point your RSS feed reader or a browser that supports RSS feeds at You can read more about how to subscribe to RSS site feeds from my RSS FAQ.

Please Do Not Reprint This Article

This article is copyrighted. Please do not reproduce or distribute this article in whole or part, in any form.

Related Pages

New Articles

Popular Articles

How to Link to This Page

It will appear on your page as:

How to Add a CAPTCHA Test to Your Feedback Form Script: Reducing Spam in Your Contact Form

Link to Us
No Spam Policy
Privacy Policy
Site Map

Getting Started
Web Design
Search Engines
Revenue Making
Web Hosting
Perl / CGI
.htaccess / Apache


Free webmasters and programmers resources, scripts and tutorials Free How-To Guides
Site Design Tips at
Find this site useful?
Please link to us.