How to Add a CAPTCHA Test to Your Feedback Form Script

Reducing Spam in Your Contact Form with ReCAPTCHA

How to Add a CAPTCHA Test to Your Feedback Form Script: Reducing Spam in Your Contact Form

by Christopher Heng,

Over the years, I have received many requests from webmasters to add some sort of spam filtering capability to the contact form script generated by the Free Feedback Form Script Wizard. The reason, of course, is that spammers nowadays send automated computer programs, called "spam bots", to scour the web for feedback forms to dump spam into. As such, if your email software or email service doesn't have extensive spam removal facilities, you will probably be inundated by spam submitted through your own contact form.

This article teaches you how you can add a basic spam reducing facility, called the CAPTCHA test, to the feedback form generated by the wizard. You've probably encountered such tests before: after filling in a contact form, you are usually required to enter some string of letters or numbers to prove that you are a human and not a spam bot. If you don't know what I'm talking about, take a look at one such form at the Feedback Form with CAPTCHA Demo page.

More About CAPTCHA Tests

CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart". The idea is to create a test that any human can pass easily but computer programs will fail. It is useful for things like feedback forms since you want humans to be able to send you feedback, but you don't want spam programs to send you its junk.

There are many different types of CAPTCHA tests around. One commonly found test places a series of words in a graphical image and asks your human visitor to enter the words he/she sees. The hope is that most computer programs won't be able to "see" the words (since programs can't actually "see" anything) and so will be unable to give the correct answer.

Of course this is not foolproof. There are a number of ways to defeat this, such as to incorporate optical character recognition (OCR) technology into the spam bots, or to employ cheap (human) labour to decode it, etc. However, the plan is that having such a test will at least reduce some of the spam entering your mail box by weeding out the less sophisticated spam bots wandering around the Internet.

Who is this article for?

This article is for the ordinary non-technical webmaster, who simply wants to add a CAPTCHA test to their web form. It is NOT for the programmer who wants to learn how to implement their own CAPTCHA test.

If you are a programmer, looking for a way to create your own CAPTCHA test, you may want to check out the following, more relevant, articles:

If you don't want to reinvent the wheel, you may also be interested in checking out the Free PHP CAPTCHA Scripts page to see how others have implemented the CAPTCHA facility.

Disadvantages of Adding the CAPTCHA Test

Before you rush out to add the CAPTCHA test, note that there are important disadvantages to adding it.

If your email server and software have sufficiently good spam filters that have warded off spam in the past, and you think you don't really need the CAPTCHA facility, consider holding off on it. Otherwise, you may be introducing a problematic cure for a non-existent disease. But it's up to you, of course. I just wanted to make sure you have enough information to make an informed decision.

How to Add the CAPTCHA Test to Your Feedback Form

To enable the CAPTCHA option in the feedback form generated by the wizard, do the following.

  1. Sign up with the ReCAPTCHA site

    Go to the ReCAPTCHA website, and sign up for an account. The service is free, or at least it was when I wrote this article. (If it ever stops being free, please let me know and I'll modify the wizard to use a different CAPTCHA facility.) You'll be required to supply a username, password, your email address and your website's domain name.

    After you sign up, you will see a section with the heading "Register a new site". You will be given two choices for the type of CAPTCHA used: "reCAPTCHA V2" and "Invisible reCAPTCHA". If you are not sure which to choose, take a look at the ReCAPTCHA V2 demo and the Invisible ReCAPTCHA demo and see which you prefer.

    Note that "Invisible ReCAPTCHA" does not really mean that there is no CAPTCHA. It just means that the test only occurs when the user clicks the "Send Feedback" button. Try out the demo to see what I mean. I think the test is not supposed to show at all if Google has gathered enough data on you to be sure that you are a human being. However, it always seems to appear for me.

    Remember which option you selected on the ReCAPTCHA website. You will need to choose that exact same option later in the Feedback Form Wizard.

    When you've finished signing up, you will be given two strings of cryptic letters and numbers. These are your Site and Secret keys. You will need to enter these keys into the Feedback Form Wizard, so I recommend that you keep the ReCAPTCHA web page open, so that you can just copy and paste the strings. Don't type them manually or you may introduce typing errors and give the wrong keys to the wizard.

  2. Enter Your Keys into the Feedback Form Wizard

    Go to the Free Feedback Form Wizard. Read the instructions and the terms of use and fill in the details requested. You'll have to choose the PHP script because I haven't got around to implementing the facility in the Perl version.

    When you reach the "Advanced Options", enter your ReCAPTCHA Site and Secret keys in answer to the question "To enable the CAPTCHA test, please enter both your ReCAPTCHA Site key and your ReCAPTCHA Secret key". Be sure to enter them into the correct blanks: that is, make sure that your Site key goes into the "Site key" field and your Secret key goes into the "Secret key" field. These keys have to be integrated into the form and script that is created by the wizard, which is why they are requested.

    (Don't worry. Like all the other data you enter into the wizard, they are not recorded anywhere, not even in my web logs. I'm trying to help you block spam, not introduce it. In addition, just in case you're frightened by the term "Secret key", it is a "secret" only because if a spam bot discovers it, it can pretend to be a human being to your feedback form and send you spam. That's all. It isn't the key to your kingdom or anything like that.)

  3. Indicate if You Have Chosen the Invisible ReCAPTCHA Keys

    If you have selected the "Invisible reCAPTCHA" option on the ReCAPTCHA site, put a tick in the box for "Put a tick here if the keys are for the Invisible ReCAPTCHA test; leave it unchecked for the visible version". Important: only put a check mark in this box if you have selected the "Invisible reCAPTCHA" option earlier. Leave it empty (unchecked) if you have the normal "reCAPTCHA V2" keys.

    Follow the rest of the instructions in the wizard to create the form and script code.

  4. Update Your Website

    Once the wizard has produced its results, insert the script code into your feedback.php file and the form code into your web page. Remember also to create the Thank You and Error pages. Then upload (publish) everything to your site. Detailed instructions for doing this can be found in the usual feedback form tutorials (and a brief version is also mentioned on the results page itself):

    Your "Error" page should probably also include some mention of the possibility that your visitors arrived there because they failed (or skipped) the CAPTCHA test (it happens). See the demo error page for the CAPTCHA Demo for an example of the kind of things you can say.

That's it. Once the form is "live" on your website, test your form by sending yourself a message.

Important: you can only test the CAPTCHA in a browser on your "live" website. The CAPTCHA test will probably not display correctly, if at all, in your web editor (or anywhere on your own computer). Test it on your actual site, at the domain that you gave ReCAPTCHA when you requested the keys and not elsewhere.

Additional Things to Note


The CAPTCHA test is probably one of the most frequently requested feature for my feedback form script, probably because there are so many beleaguered webmasters struggling with spam. Following the steps given in this CAPTCHA guide will allow you to add the test to your web form without having to learn any programming at all.

Copyright © 2009-2018 by Christopher Heng. All rights reserved.
Get more free tips and articles like this, on web design, promotion, revenue and scripting, from

thesitewizard™ News Feed (RSS Site Feed)  Subscribe to newsfeed

Do you find this article useful? You can learn of new articles and scripts that are published on by subscribing to the RSS feed. Simply point your RSS feed reader or a browser that supports RSS feeds at You can read more about how to subscribe to RSS site feeds from my RSS FAQ.

Please Do Not Reprint This Article

This article is copyrighted. Please do not reproduce or distribute this article in whole or part, in any form.

Related Pages

New Articles

Popular Articles

How to Link to This Page

It will appear on your page as:

How to Add a CAPTCHA Test to Your Feedback Form Script: Reducing Spam in Your Contact Form

Link to Us
No Spam Policy
Privacy Policy
Site Map

Getting Started
Web Design
Search Engines
Revenue Making
Web Hosting
Perl / CGI
.htaccess / Apache


Free webmasters and programmers resources, scripts and tutorials Free How-To Guides
Site Design Tips at
Find this site useful?
Please link to us.