innocode-digital/wp-recaptcha

This package is abandoned and no longer maintained. The author suggests using the wp-digital/wp-recaptcha package instead.

Helps to protect website with Google reCAPTCHA v3 or Cloudflare Turnstile.

Installs: 11 193

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 12

Forks: 0

Open Issues: 0

Type:wordpress-muplugin

3.0.5 2023-08-29 12:28 UTC

README

Description

Helps to protect website with Google reCAPTCHA v3 or Cloudflare Turnstile. This plugin provides Login and Lost Password forms protection by default, but it's possible to add protection to any form by following this documentation.

Requirements

  • PHP 7.4+
  • WordPress 6.2+ (you can try with older versions, but it's not tested)

Features

  • Protects Login and Lost Password forms by default.
  • Supports Google reCAPTCHA v3 and Cloudflare Turnstile.
  • Allows IP addresses to bypass verification.
  • Sends verification email to user.
  • Allows to customize verification email subject, message body and link.
  • Allows to customize verification code length.
  • Allows to add protection to custom form.

Screenshots

Google reCAPTCHA v3

Cloudflare Turnstile

Verification

Allowed IPs

Install

  • Preferable way is to use Composer:

    composer require wp-digital/wp-recaptcha
    

    By default, it will be installed as Must Use Plugin. But it's possible to control with extra.installer-paths in composer.json.

  • Alternate way is to clone this repo to wp-content/mu-plugins/ or wp-content/plugins/:

    cd wp-content/plugins/
    git clone git@github.com:wp-digital/wp-recaptcha.git
    cd wp-recaptcha/
    composer install
    

If plugin was installed as regular plugin then activate Bot Protection from Plugins page or WP-CLI: wp plugin activate wp-recaptcha.

Usage

Add required constants (usually to wp-config.php):

define( 'WPD_RECAPTCHA_KEY', '' );
define( 'WPD_RECAPTCHA_SECRET', '' );

or just:

define( 'RECAPTCHA_KEY', '' );
define( 'RECAPTCHA_SECRET', '' );

Depending on constants, plugin will use Google reCAPTCHA v3 or Cloudflare Turnstile. If both constants are empty then plugin will be disabled.

Cloudflare Turnstile is detecting based on WPD_RECAPTCHA_KEY or RECAPTCHA_KEY constant, by using regex: ^\dx.

Allow IP addresses to bypass verification

There are two ways to allow IP addresses to bypass verification:

  1. Add IP addresses to WPD_RECAPTCHA_ALLOWED_IPS constant:

    define( 'WPD_RECAPTCHA_ALLOWED_IPS', '' ); // comma separated list of IP addresses
    
  2. Add IP in admin area: Settings -> Bot Protection -> Allowed IPs, one IP per line (see screenshots).

Customization

Verification

Change verification email subject:

/**
 * @param string  $subject
 * @param string  $code
 * @param WP_User $user
 *
 * @return string
 */
add_filter( 'wpd_recaptcha_verification_email_subject', function ( string $subject, string $code, WP_User $user ): string {
	return 'New subject';
}, 10, 3 );

Change verification email message body:

/**
 * @param string  $message
 * @param string  $code
 * @param WP_User $user
 *
 * @return string
 */
add_filter( 'wpd_recaptcha_verification_email_message', function ( string $message, string $code, WP_User $user ): string {
	return 'New message';
}, 10, 3 );

Modify verification link:

/**
 * @param string  $link
 * @param string  $code
 * @param WP_User $user
 *
 * @return string
 */
add_filter( 'wpd_recaptcha_verification_link', function ( string $link, string $code, WP_User $user ): string {
	return 'https://example.com/verify/' . $code;
}, 10, 3 );

Change verification code length:

/**
 * @param int $length
 *
 * @return int
 */
add_filter( 'wpd_recaptcha_verification_code_length', function ( int $length ): int {
	return 10;
} );

Hooks

Actions

  • wpd_recaptcha_loaded - Fires when plugin is loaded. Accepts one argument: WPD\Recaptcha\Plugin instance.
  • wpd_recaptcha_verify - Fires when verification is required. Accepts one argument: WP_User instance.
  • wpd_recaptcha_form_success - Fires when reCAPTCHA or Turnstile validation is successful. Accepts two arguments: WPD\Forms\FormInterface instance and WPD\Recaptcha\Response instance.

Documentation

Add protection to custom form:

  • Create class which implements form interface WPD\Forms\FormInterface:

     <?php
    
     use WPD\Forms\FormInterface;
    
     class CustomForm implements FormInterface {
     	// @TODO: implement methods
     }
    
  • Add form to wpd_recaptcha_forms filter:

     /**
      * @param array $forms
      *
      * @return array
      */
     add_filter( 'wpd_recaptcha_forms', function ( array $forms ): array {
     	$forms[] = new CustomForm();
    
     	return $forms;
     } );