WP Simple Pay Documentation

Documentation, Reference Materials, and Tutorials for WP Simple Pay

How to Prevent Fraud by Using a CAPTCHA System (Recommended)

A CAPTCHA is an anti-spam technique which helps to protect your website from spam and abuse while letting real people pass through with ease. This can help automatically protect your custom payment forms from excessive declines occurring due to card testing, spam, and other fraud.

We strongly recommend that you enable and configure and use a CAPTCHA implementation as well as email verification to help prevent fraudulent payments.

Choosing a CAPTCHA Service

WP Simple Pay supports two popular services, hCaptcha and Google’s reCAPTCHA.

ServiceTypePriceRecommended For
hCaptchaImage ChallengeFreeOn-site payment forms
reCAPTCHAInvisible/No FrictionFreeOff-site Stripe Checkout forms

Google’s reCAPTCHA uses an “invisible challenge” by monitoring the user’s behavior on your site to look for what it considers suspicious activity. When a payment form is submitted reCAPTCHA will assign the user a score. If the score is below the set threshold the request will be rejected.

hCaptcha is a free reCAPTCHA alternative that focuses on user privacy. It only ever collects necessary user data, and clearly lays out which information it collects and how it uses those details. hCaptcha offers you control over the difficulty of the image challenge, ranging from Easy to Always On. Each difficulty level influences how often your users will see an image challenge.

hCaptcha

hCAPTCHA works by preventing non-humans from interacting with your page, meaning that an attacker’s automated system will not be able to use your payment form.

Register for hCaptcha

To enable hCAPTCHA, register your site with hCaptcha:

If you find the Moderate Passing Threshold setting is not reducing card testing, spam, etc., you can switch to the Difficult setting which will show harder challenges.

Configure hCaptcha in WP Simple Pay

After registering you will be redirected to a page where you can retrieve your Sitekey to enter into your WP Simple Pay Pro settings.

wp simple pay hcaptcha sitekey

Your Secret Key can be found by clicking on your avatar in the top right corner of the screen to open your account menu. Then click on Settings. Next, copy your secret key from the Secret key section on this screen.

You will find the hCAPTCHA settings in the WP Simple Pay β†’ Settings β†’ General β†’ Anti-Spam tab.

wp simple pay settings anti spam hcaptcha

You’ll know things are set up correctly when you visit or preview your payment form and see hCAPTCHA’s challenge added to the payment form.

wp simple pay hcaptcha challenge

Google reCAPTCHA

Google’s reCAPTCHA works by preventing non-humans from interacting with your page, meaning that an attacker’s automated system will not be able to use your payment form.

Register for reCAPTCHA

To enable invisible reCAPTCHA, register your site with Google choosing the reCAPTCHA v3:

Google reCAPTCHA settings

If your website can be also be accessed via www. please ensure both domains are added to the list: www.my-website.com and my-website.com

Configure reCAPTCHA in WP Simple Pay

After registering you will be redirected to a page where you can retrieve the necessary credentials to enter into your WP Simple Pay Pro settings.

You will find the reCAPTCHA settings near the bottom of the WP Simple Pay β†’ Settings β†’ General β†’ Anti-Spam tab.

wp simple pay settings recaptcha

If you find the Default Score Threshold setting is not reducing card testing, spam, etc., you can switch to the Aggressive setting which will be more stringent in its analysis.

You’ll know things are set up correctly when you visit your website and see Google’s reCAPTCHA privacy and terms overlay in the lower right-hand corner of the page.

google's recaptcha badge

Using additional reCAPTCHA implementations

If you have multiple plugins using reCAPTCHA in addition to the WP Simple Pay implementation, such as Contact Form 7 or another payment plugin, please ensure they are set up using reCAPTCHA v3. Also, use the same Site and Secret keys as entered above to avoid any potential conflicts.

Still have questions? We’re here to help!

Last Modified:

Start Accepting Payments Today

Start accepting one-time and recurring payments or donations on your WordPress website.