Discuss

Using Google reCAPTCHA to Protect Forms

Intro

Google reCAPTCHA helps you protect your forms from spam and automated submissions.
In Wappler, it works with two parts:

  • Client-side – adds the reCAPTCHA element to your form.
  • Server-side – checks the reCAPTCHA result before running the rest of your server action.

reCAPTCHA Types

Wappler supports Google reCAPTCHA v2, which comes in two forms:

  • Checkbox (“I’m not a robot”)
    Displays a simple checkbox for the user to confirm they’re human.
    Depending on Google’s detection, the user may be passed instantly or asked to solve a challenge.

  • Invisible reCAPTCHA badge
    No checkbox is shown. The check runs automatically when the user clicks your form’s submit button.
    Only suspicious traffic is challenged, and you can adjust this behavior in Google’s advanced security settings.

[!note]
In this tutorial, we’ll be using the Invisible reCAPTCHA type.

Generating reCAPTCHA Keys

Before adding reCAPTCHA in Wappler, you need a Site Key and a Secret Key from Google.

Open the Google reCAPTCHA Admin Console and create a new site.
When registering your site:

  • Select Challenge v2 as the type.
  • Choose Invisible reCAPTCHA badge.
  • Enter the domains where you’ll use reCAPTCHA (e.g., localhost for local testing and your production domain).

Screenshot 2025-10-03 at 11.17.43
Screenshot 2025-10-03 at 11.17.431600×1314 134 KB

After saving, Google will give you:

  • A Site Key – used on the client side.
  • A Secret Key – used on the server side.

Screenshot 2025-10-03 at 11.18.34
Screenshot 2025-10-03 at 11.18.341600×954 69.3 KB

You’ll need both keys in the next steps.

Client Side

Open your page with the form in Wappler.
We have a registration form on the page:

Screenshot 2025-10-03 at 11.03.11
Screenshot 2025-10-03 at 11.03.111920×1080 212 KB

Click the + where you want to add the reCaptcha in the form. From the Components Picker, select Forms > reCAPTCHA.
This adds the reCAPTCHA component to your form.

Screenshot 2025-10-03 at 11.04.36
Screenshot 2025-10-03 at 11.04.361374×850 94.5 KB

In the Properties panel, paste your Site Key:

Screenshot 2025-10-03 at 11.05.28
Screenshot 2025-10-03 at 11.05.281920×1080 171 KB

Choose your reCaptcha Theme:

Screenshot 2025-10-03 at 11.29.50
Screenshot 2025-10-03 at 11.29.501920×1080 181 KB

Select Invisible for reCaptcha Type:

Screenshot 2025-10-03 at 11.30.09
Screenshot 2025-10-03 at 11.30.091920×1080 182 KB

[!tip]
The keys you generate from Google reCAPTCHA are type-specific.
A key created for the Checkbox option will not work for the Invisible, and vice versa.
Be sure to use the correct key for the reCAPTCHA type you selected.

Server Side

Open the Server Connect panel and select the Server Action that processes your form submission.
Click the + button to add a new step. Make sure to add this step before all the other steps in the server action:

Screenshot 2025-10-03 at 11.39.05
Screenshot 2025-10-03 at 11.39.051920×1080 145 KB

Choose reCAPTCHA Actions > reCAPTCHA Validate:

Screenshot 2025-10-03 at 11.42.03
Screenshot 2025-10-03 at 11.42.031170×810 48.8 KB

In the Properties panel, enter your Secret Key:

Screenshot 2025-10-03 at 11.40.43
Screenshot 2025-10-03 at 11.40.431494×568 27.7 KB

Save your Server Action, and you are done.

You’ve now added Google reCAPTCHA to your Wappler form — with client-side integration and server-side validation. This ensures only human-verified submissions are processed, helping keep your forms secure and spam-free.

Screenshot 2025-10-03 at 11.44.47
Screenshot 2025-10-03 at 11.44.471311×844 47.6 KB