If you manage a website, you’ve probably seen (or installed) a CAPTCHA to protect your forms from spam and bots. Whether it’s a login screen, contact form, or registration page—CAPTCHA is your first line of defense against bad actors.
But heads up: Google is making a major change to reCAPTCHA by the end of 2025, and if you’re using it on your site, you’ll need to migrate it to a Google Cloud Project to keep it working.
Let’s break down what CAPTCHA is, which version is right for your site, what’s changing with Google, and some alternative tools if you’re using WordPress.
What is CAPTCHA?
CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.” In simple terms? It’s a challenge-response test designed to filter out bots from real people.
It’s what stops your contact form from being flooded by spam, your comments from being hijacked, or your login page from being brute-forced.
Types of CAPTCHA and reCAPTCHA
Here are the most common types you’ll see today:
🧠 1. Text-based CAPTCHA
The OG of CAPTCHAs. It asked you to type distorted letters or numbers. This type is mostly outdated and easy for bots to crack.
🖼️ 2. Image-based CAPTCHA
Think “Click all the bicycles” or “Which squares contain traffic lights.” These are still common but can be annoying and aren’t very accessible.
✅ 3. reCAPTCHA v2 (Checkbox)
Probably the one you know best: a simple “I’m not a robot” checkbox. Google analyzes your behavior before and after clicking it to determine if you’re a bot.
👀 4. Invisible reCAPTCHA v2
No checkbox at all—just Google quietly watching your behavior and only showing a challenge if needed. Great for seamless UX.
🎯 5. reCAPTCHA v3
No user interaction. Google gives a score between 0.0 (suspicious) and 1.0 (likely human). You decide what to block based on that score. Requires more backend setup but is ideal for modern, user-friendly sites.
Which CAPTCHA Should You Use?
Here’s a quick cheat sheet:
| CAPTCHA Type | Best For | User Experience |
| reCAPTCHA v2 | Login and contact forms | Some friction |
| Invisible reCAPTCHA | Signups, payments, gated content | Smooth, low-friction |
| reCAPTCHA v3 | High-traffic sites, logged-in users | Seamless, needs setup |
| Image/Text CAPTCHA | Rarely recommended anymore | Outdated, less secure |
What’s Changing with Google’s reCAPTCHA in 2025?
If you’ve been using reCAPTCHA through the old admin.google.com/recaptcha dashboard, take note:
Google is migrating all reCAPTCHA keys and usage to Google Cloud Projects. That means:
- The legacy reCAPTCHA Admin Console will be deprecated.
- You’ll need to link your reCAPTCHA keys to a Google Cloud Project by the end of 2025.
- You’ll manage access, view usage data, and set permissions through the Google Cloud Console going forward.
Is Google reCAPTCHA Still Free?
Yes—for most websites. Google reCAPTCHA remains free for reasonable usage limits. The pricing only kicks in if:
- You exceed 1 million monthly assessments.
- You want enterprise-level support or detailed threat analysis.
- You use other paid Google Cloud services.
For most small to mid-sized sites: no cost unless you start branching into broader cloud tools.
How to Migrate to a Google Cloud Project
Here’s how to prepare your site:
- Create or log in to your Google Cloud Console.
- Create a new project (or select an existing one).
- In the sidebar, go to APIs & Services > Library, and enable reCAPTCHA Enterprise API.
- Go to reCAPTCHA Enterprise > Keys, and migrate or create your site keys. Make sure Billing is enabled by adding a billing account and then assigning your new project to that billing account.
- Update your website’s code or plugin to use the new credentials (your plugin developer may provide guidance).
Google has step-by-step guides within the Cloud Console, and many WordPress plugins will update to support this migration soon.
Advanced Documentation for Migration
1. Create or Log In to Your Google Cloud Console
- Action: Visit the Google Cloud Console.
- Documentation: Refer to Google’s guide on creating a Google Cloud project for detailed steps and visuals. Google for Developers
2. Create a New Project or Select an Existing One
- Action: In the Google Cloud Console, click on the project drop-down at the top of the page and select “New Project” or choose an existing project.
- Documentation: The Google Workspace guide provides instructions and screenshots on project creation. Google for Developers
3. Enable the reCAPTCHA API Within That Project
- Action: Navigate to “APIs & Services” > “Library”, search for “reCAPTCHA Enterprise API”, and click “Enable”.
- Documentation: Detailed steps with visuals are available in the reCAPTCHA documentation.Google Cloud
4. Migrate or Create Your Site Keys
- Action: Go to “reCAPTCHA Enterprise” > “Keys”, and either migrate existing keys or create new ones.
- Documentation: The migration guide offers comprehensive instructions and screenshots.Google Cloud
5. Update Your Website’s Code or Plugin to Use the New Credentials
- Action: Replace the old reCAPTCHA keys in your website’s code or plugin settings with the new keys from your Google Cloud project.
- Documentation: Refer to the reCAPTCHA settings page for guidance on updating your integration.Google for Developers
By following these links, you’ll access the official Google documentation with detailed instructions and screenshots to assist you through each step of the migration process.
Free CAPTCHA Alternatives for WordPress
Not ready to mess with Google Cloud? WordPress has a few solid alternatives, many of which are free or built into plugins you may already use:
🔐 1. WPForms with anti-spam tools
- Includes its own anti-spam honeypot by default.
- Can integrate with reCAPTCHA v2, v3, or hCaptcha.
- Offers a checkbox CAPTCHA option as well.
🧰 2. Formidable Forms
- Free version includes spam protection.
- Supports reCAPTCHA and hCaptcha with simple setup.
🧱 3. Jetpack (by WordPress.com)
- Includes a CAPTCHA-style anti-spam feature for forms and comments.
- Great if you already use Jetpack for security or stats.
🤖 4. hCaptcha
- A privacy-friendly alternative to Google reCAPTCHA.
- Works similarly but doesn’t track users.
- Free for most sites and integrates with major form plugins like WPForms, Contact Form 7, and Gravity Forms.
🛡️ 5. Wordfence Security
- Known for its firewall and malware scanning, but also offers CAPTCHA options on login pages.
- Good for security-first setups.
Final Takeaway
If your site uses Google reCAPTCHA, you’ve got until the end of 2025 to migrate it into a Google Cloud Project. While it may sound technical, the actual process is pretty manageable—and it’s still free for most.
Not comfortable navigating Google Cloud? You’ve got options. WordPress plugins like WPForms, Jetpack, and hCaptcha offer CAPTCHA protection with less tech setup—and zero cost.
Whether you stick with Google or try a free alternative, make sure your site isn’t left unprotected.
TIP:
Adding captcha to your contact forms is one way to help minimize the amount of general spam your website captures. You can read more on this and other tips in our article: Contact Us Page Design: 9 Amazing Tips+ Examples
Need help migrating or choosing the right CAPTCHA solution for your WordPress site?
Reach out—we’re happy to help you keep your forms clean and your visitors human.
