WordPress noob here wondering how to include reCaptcha authentication in my login without a plugin?
So far I have added the captcha div into the login using a hook:
add_action('login_form','my_added_login_field');
function my_added_login_field(){
?>
<p>
<div class="g-recaptcha" data-sitekey="mySiteKey"></div>
</p>
<?php
}
The script is enqueued. Now I just need to add an authentication process to verify the captcha before loggin the user in. I know I need to use something like this filter:
add_filter( 'authenticate', 'my_custom_authenticate', 10, 3 );
function my_custom_authenticate( $user, $username, $password ){
$my_value = $_POST['g-captcha-response'];
if (!)
return $user;
}
But I’m a little stuck. According to google once the captcha is solved a field named “g-captcha-response” is populated and the response in a JSON object:
{
"success": true|false,
"challenge_ts": timestamp, // timestamp of the challenge load (ISO format yyyy-MM-dd'T'HH:mm:ssZZ)
"hostname": string, // the hostname of the site where the reCAPTCHA was solved
"error-codes": [...] // optional
}
I’m just a noob so I have no idea what to do with that info. Any help is appreciated!
1 Answer
you can use this function i think it works properly.
add_filter( 'wp_authenticate_user', 'verify_recaptcha_on_login', 10, 3 );
function verify_recaptcha_on_login($user, $password) {
$secretkey = "your secret key";
if (isset($_POST['g-recaptcha-response'])) {
$response = wp_remote_get( 'https://www.google.com/recaptcha/api/siteverify?secret=".$secretkey."&response=" . $_POST["g-recaptcha-response'] );
$response = json_decode($response['body'], true);
if (true == $response['success']) {
return $user;
} else {
// FIXME: This one fires if your password is incorrect... Check if password was incorrect before returning this error...
return new WP_Error( 'Captcha Invalid', __('<strong>ERROR</strong>: You are a bot') );
}
} else {
return new WP_Error( 'Captcha Invalid', __('<strong>ERROR</strong>: You are a bot. If not then enable JavaScript.') );
}
}