Drupal 8 Recaptcha


The internet can be a dangerous place, what with so many hackers and people potentially looking to make a quick profit off bad practices. In such an environment, it becomes increasingly important to make your Drupal site as secure as possible.

Drupal 8 Recaptcha

Fortunately, Drupal is well-known for being a pretty secure CMS out of the box. However, it is by no means perfect, and, owing to its flexibility and support for various modules, there are a number of modules you can install to make it a lot more secure.

So, in this, post let’s take a look at some of the best security modules that you can download and install on your Drupal site to make it as foolproof as possible.

Django book for beginners: Tutorial on how to enable Google's user-friendly spam protection. Where is the problem and how can I render two Captcha in Drupal 8 theme programmatically? 8 javascript captcha. Improve this question.

Login Security

The login page to your site is like the gate to your house. It only makes sense, then, that the first thing to strengthen would be the login process. An excellent module for this purpose is the Login Security Module.

It allows you to set a limited number of login attempts, failing which the account will be automatically blocked. In addition to that, it also allows you to block IP addresses as well as sends you alerts via email if there’s a potential brute force attack on your site.

Captcha Module

Quick question: what’s the easiest and most widely used method of keeping spammers away? It is, of course, captcha. With the captcha module, you can integrate captcha on your Drupal site in a couple of minutes and keep those pesky spammers and bots at bay.

Security Kit

A module that’s going to become your best friend on your journey to make you site foolproof, Security Kit is an all-in-one module for your site that allows your to configure, tweak and set up various options in order to minimize the chances of any attacks on your site.

On top of that, it also gives you helpful directions such as setting up http headers etc. to make your site as resistant to malicious attacks as possible. A module which is very much worth its weight in any secure Drupal site’s arsenal.

Password Policy

Setting up a password policy for your site is a good idea, as it not only keeps bots away, but also helps to ensure that users keep a strong password and not just the ‘password123’ type. A strong password helps prevent breaches on your site, making it a lot more secure in the process.

The password policy module allows you to do just that by giving you options to define a set of constraints which need to be met by the user before their password is accepted. While the Drupal 8 version is currently in the alpha stage, it works perfectly well, so go ahead and enable it on your site.

Session Limit

Arcade game 2012 free download pc. As the name implies, this module allows you to configure the maximum number of sessions allowed per user. The number of sessions is the number of browsers a user is logged in at. Using this module, you can also configure various other options such as prompting the user to log out of another session before logging into a new one etc.


Using these modules, you can ensure your Drupal site stays a lot more secure. Since these are modules that anyone can grab for their site, there’s really no excuse not to use them. While there are additional techniques which can be implemented on a Drupal site to secure it, they are advanced techniques.

To get started, these modules will do the job nicely. Another thing to note is that with Drupal 8, a lot of security measures have been implemented out-of-the-box, hence it currently sports a smaller amount of additional security modules than Drupal 7.

Are you confused about how to set up security measures for you site? Worried about whether your site isn’t safe enough? Contact us at Agiledrop and let our extensive Drupal experience help you with this!

In an ideal world, only real and well-behaved users access websites. Unfortunately, many “visitors” knocking on your website’s doors are malicious bots that masquerade as humans. Their goals are spam comments, spam emails, and spam forms — and these are just some relatively innocent examples. They, so websites need to learn to distinguish between real people and bots and use the blocking mechanisms.

It’s great to know there are helpful technologies in this sphere, one of which is Google reCAPTCHA. If your website is based on Drupal, you can rely on the special reCAPTCHA module for Drupal that will make it easier to install reCAPTCHA and stop website spam.


What is reCAPTCHA?

Most readers, both tech-savvy and not, must have heard the term “reCAPTCHA” and definitely met with reCAPTCHA on the Web. Still, we would like to make it clear and answer the question “What does reCAPTCHA mean?” in more detail.

ReCAPTCHA is a free service that helps websites distinguish between human and automated access. It was created by experts at Carnegie Mellon University and later purchased by Google. It is widely used for website protection from spam and abuse that can be caused by malicious software. Real users will be able to fully use the website in usual ways. To tell humans from bots, machine learning and advanced risk analysis are used.

An interesting fact is that ReCAPTCHA was initially invented for book digitization. Its original slogan was “Stop Spam, Read Books.” That’s why its text tests have never been random word combinations but excerpts from books that were going through digitization.

ReCAPTCHA is a type of CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). As its full name suggests, it is based on the Turing test — a test invented in 1950 by English mathematician Alan Turing to determine whether a machine is capable to show intelligent behavior equivalent to that of a human being.

What forms does it take? The ReCAPTCHA versions

Drupal 8 Recaptcha V3

  1. ReCAPTCHA V1. The first tests were presented as tasks to decipher hard-to-read text or distorted digits, match images, do math calculations, or answer general-knowledge questions. However, V1 was shut down by Google in 2018.
  2. ReCAPTCHA V2. V2 has three subversions:
    - The “I’m not a robot” checkbox is shown to users before they submit some form on a website. Suspicious users get extra tests to pass. - There is also an Invisible reCAPTCHA badge in V2 that does not require users to click on any checkbox but is just invoked when a user clicks a submit button on your site.
    - Finally, there is reCAPTCHA v2 Android for integrating the technology into native Android apps.
  3. ReCAPTCHA V3. This is the newest technology that runs automatically and checks the legitimacy of a user’s action without ever asking them to perform any actions. It is a JavaScript API that returns a probability score from 0.0 to 1.0 of a user being a human so website admins can take action.

How to install reCAPTCHA on a Drupal website

It would be surprising if Drupal didn’t have a module for integrating with some popular technology. The Drupal reCAPTCHA module easily connects your website to Google’s reCAPTCHA web service in order to make it “tough on bots and easy on humans.”

The module’s compatibility

The Drupal ReCAPTCHA module has stable versions for Drupal 7 and Drupal 8. The Drupal 8 reCAPTCHA module version supports Drupal 9 as well, so if your site uses the latest Drupal core, you can rely on this module for website spam protection.

The reCAPTCHA versions supported by the module

Given that reCAPTCHA V1 has been shut down by Google, the Drupal module currently supports only one reCAPTCHA version — the V2 checkbox. The work for the Invisible reCAPTCHA support is still in progress, so the module may start supporting it in the near future.

Tutorial to using the module

  1. Module installation
    The reCAPTCHA Drupal module needs to be installed together with the CAPTCHA Drupal module it depends on. We are using the 8.x-3.0 module version in this example.
  2. Basic module settings
    You need to go to the Configuration > People page of your Drupal admin dashboard and select the “CAPTCHA module settings.” Under “Form protection,” set the “Default challenge type” to “reCAPTCHA (from module reCAPTCHA).” Then scroll down to the bottom of the page and save the configuration. Select the “reCAPTCHA” tab. In “General settings,” you will see that it asks you to enter the site key and the secret key that you can obtain from Google. Just open one of the links next to these two fields (preferably, in a new tab).
  3. Getting your Google reCAPTCHA keys
    You will arrive at Google reCAPTCHA’s new site registration form where you will need to register your site by filling out a form. This includes specifying a label, the reCAPTCHA type, and your website domain. Remembering about the Drupal module’s capabilities, select V2 and the “I’m not a robot” checkbox as the reCAPTCHA type. You will also be asked to add your email address, check the box for accepting the Terms of Service (obligatory), and select whether or not to receive alerts (optional). With the latter option enabled, you will get alerts from Google in case it detects problems with your Drupal website like configuration issues or suspicious traffic increases. Once you have submitted the registration form, Google will give you the site key and the secret key that you need to copy.
  4. Adding your Google keys to Drupal
    Go back to your reCAPTCHA general settings in the Drupal admin dashboard and paste the site key and the secret key into the respective fields. Save the result.
  5. Enabling website forms to use reCAPTCHA
    Next, go to the “Form settings” tab and enable the Drupal forms you want the “I’m not a robot” checkbox to appear on. Of course, you will want to stop contact form spam, stop spam comments, stop spam emails, and so on, so look carefully through your Drupal form list.
  6. Testing the result
    Let’s test what happens if you get, for example, the user login form enabled in “Form settings.” When you go to your Drupal website’s login page, you will see the “I’m not a robot” checkbox. Success!
  7. Adding design tweaks
    If you go back to the reCAPTCHA tab and scroll down its main settings, you will be able to change the checkbox theme from light to dark, the type from image to audio, the size from normal to compact, and more. Here is how the dark compact checkbox looks.

Drupal 8 Add Recaptcha To Custom Form

Ready to stop website spam with reCAPTCHA?

Website spam protection is an important item on the list of security measures, so it cannot wait. If you need any assistance with spam prevention or more security enhancements, send a note to our team of Drupal geeks. We will make sure your Drupal website is well protected using the best modules and practices.

Recaptcha V3 Drupal 8

Eager to make the Web a safer place,

Drupal 8 Recaptcha Not Working

Your Golems
Useful links: