How to Get Public and Private Keys for Google reCAPTCHA

Websites that use forms will need to be secured from spamming by “Spam-Bots“. Spam-Bots will visit your site and fill out forms that are not secured. This can result in comment spamming in forums, spam emails being sent from your server, and other spam related activities. Google has what’s called “reCAPTCHA” that allows you to add an image with a special code to your forms. This requires the person filling in and submitting the form to type the code correctly before the form can be submitted.

When setting up web forms in Content Management Systems like Drupal, WordPress, Joomla, Moodle, and others, you will need to have 2 keys created for your reCAPTCHA to work. ReCAPTCHA requires a public and a private key in order for the code to function in your web forms. These are free to get from Google if you have a Gmail account. The following will explain how to get a free reCAPTCHA key from Google.

Generating a Public and Private reCAPTCHA Key

  1. Log into your Google account.

    Important! If you do not have a Google account, you will need to sign up for a Gmail account. You can do this for free here.

  2. Search for Google reCAPTCHA

    To find the reCAPTCHA site, type “Recaptcha” in Google search.

    You should see a link that says “reCAPTCHA: Stop Spam, Read Books“. Select that link and you should be directed to the following:

    https://www.google.com/recaptcha


  3. Click Use Google reCAPTCHA

    On the reCAPTCHA page, click “Use reCAPTCHA ON YOUR SITE“.

  4. Sign up for Google reCAPTCHA

    Click “Sign up Now!“.

  5. Create keys Google reCAPTCHA

    Type your domain you are using the reCAPTCHA for. Select the “Enable this key on all domains (global key)” so you can use the same reCAPTCHA key for all your sites.

    Click Create Key.


    Google reCAPTCHA public and private keys

    Google will have 2 keys generated for your site, a public and a private key. These are the reCAPTCHA keys you will use in your Software.

37 thoughts on “How to Get Public and Private Keys for Google reCAPTCHA

  1. update, just found out that someone has used another set of keys, so this problem is at our end.
    Although it would be nice to know if it is possilbe to find out whether or not an account has been set up to allow for multiple domains.

    thanks.

     

  2. Thanks for the reply,
    But I don’t think I have explained my problem fully, because…I can see the admin list no problem, and can add to this list too.
    My problem is that I am not sure if this account allows multiple domains? and not sure how to check whether or not multiple domains is allowed by the same key?

    I presume that – because it lets me add multiple domains – multiple domains should be possible with this account?

    In Step 5 above it says:

    Select the “Enable this key on all domains (global key)” so you can use the same reCAPTCHA key for all your sites.

    I am not sure if this option was enabled on set up – to allow for multiple domains?

    e.g.
    on set up we used sypa-upmweb and captcha works for this name.
    Now we’ve changed our domain name for the same site and simple added this new domain name under the same key: sypensions.org.uk, but now we get an error which suggests the wrong key is in use. So I am trying to find out if the problem is with Google CAPTCHA set up or at our end.

     

  3. how can i tell if ‘allow multiple domains ‘was set up on my google captcha account?

    we’ve just changed domains to where our captcha was and tried adding the new domain to the list. but it’s not working

    1. Hello mark,

      Thank you for contacting us. If you have multiple domains setup, they will be listed on the reCAPTCHA Admin list.

      If they are not there, you must add them. If you are having trouble, I recommend checking their Support site for similar reports.

      Thank you,
      John-Paul

  4. can you help me with this error???  ERROR: Invalid domain for site key,,, I deployed my app in DigitalOcean.

    1. Hello dim,

      You may need to https://www.google.com/recaptcha/admin and check your domain is there and ensure have the correct keys.

      Kindest Regards,
      Scott M

  5. Hi ,

    We have implemented nocaptcha-recaptcha using angular Js and java on tomcat on backend. Everything works fine but for the certs. 

    The problem is , each time the cert is changed at the google end, the code stops working, it doesnot work. Then we have to reload new cert into Tomcat truststore to make it work. In DEV it is ok. But not for PROD, it would break .

    Anyone came accross this scenario? Any tips highly appreciated.

     

    Thanks

  6. Hi,

    I have multiple domains (several 1000s) where I need to add the recaptcha widget. I cannot possibly register all of them on the recaptca website beforehand.

    1. Is there an API available where I can make a call to recaptcha to register the domain and get the key, when I access the domain for the first time?
    2. Is there an API available to retrieve the key for the domain for subsequent calls to the domain? I guess this would need more security parameters in place, so only I can retreive the key for my domain.

    I tried looking but could not find any APIs to do this programatically.

     

    Thanks,

    FI

    1. I am using reCAPTCHA with the wordpress custom contacts form plug-in and got both of the keys however I am recieving the following error: ERROR: Invalid domain for site key

    2. Hello up2peace,

      Thank you for your question. On Google’s Official guide on How to Setup reCAPTCHA, they state: “The keys are unique to your domain and sub-domains and will not work for other domains unless you:
      Sign up for multiple keys (one for each site)
      Create a global key by checking the box for “Enable this key on all domains (global key)”

      I would first check that you are abiding by these rules.

      We are happy to help further, but will need some additional information to replicate and troubleshoot the problem.

      What version of “Custom Contact Forms” are you using?

      What version of WordPress are you using?

      Can you provide the specific steps you are taking?

      If you have any further questions, feel free to post them below.

      Thank you,
      John-Paul

    3. Hello Vijay,

      Thank you for letting us know. We will update this guide as soon as possible. Let us know of any additional suggestions you may have.

      Sincerely,
      John-Paul

  7. I was hoping someone more familiar with this would have spotted it somewhere int he documentation.  Thanks for the try.

  8. I’m fully aware of domain privacy w.r.t. anon registration.  The domain in question is anonymized, and only the registrar is information is public, the real ownership is hidden by the registrar.  No issue there.  The issue here is that the google registration for captcha will associate a google id with a domain at google.  I’m unable to find a statement on whether google considers that information confidential (subject to court order etc. etc. etc.) or whether it’s freely accessible to everyone.

    1. Hello Fromage,

      Thanks for the reply. As far as I know, the information provided by registration of Recaptcha is not information that is available to the general public. If you want to be absolutely clear, you will need to contact Google for that particular information. I looked to see if there was anything explicit on the subject, but the only thing that might be related is the Privacy policy link that Google provides. Apologies that I can’t provide you a more specific answer.

      Regards,
      Arnel C.

  9. Question: does registration of a web site for recaptcha mean that the registration itself becomes publicly visible? That could be kinda sticky if you’re trying to keep web site ownership anonymous.

    1. Hello Fromage,

      Thanks for the question. Registration for recaptcha has nothing to do with domain privacy, so there would be no issue. Also, bear in mind that per ICANN rules, a registrar will maintain a record of the actual owner of the domain. Depending on the privacy service, the actual owner’s name may not be shielded by the domain privacy service. You can tell by looking at a WHOIS query. ICANN is the governing body for internet domain names.

      I hope this information helps to clarify the matter. If you have any further questions, please let us know.

      Regards,
      Arnel C.

  10. @Arn: Since hours I try to find a solution for the same problem: Input error: k: Format of site key was invalid 🙁

    I read a lot of descriptions+youtube-videos, but I didn’t find a solution. Maybe you can help me?!

    On this site is my code: blackbox030.com

    And like this looks my varify.php (without keys, but public is at public and private at private – sure!

     <?php

      require_once(‘recaptchalib.php’);

      $privatekey = “my_private_key_like_acqjhnp9fzqp…”;

      $resp = recaptcha_check_answer ($privatekey,

                                    $_SERVER[“REMOTE_ADDR”],

                                    $_POST[“recaptcha_challenge_field”],

                                    $_POST[“recaptcha_response_field”]);

     

      if (!$resp->is_valid) {

        // What happens when the CAPTCHA was entered incorrectly

        die (“The reCAPTCHA wasn’t entered correctly. Go back and try it again.” .

             “(reCAPTCHA said: ” . $resp->error . “)”);

      } else {

        // Your code here to handle a successful verification

      }

      ?>

    PS: I found nearly a solution. I had the reCaptcha already, but it directed me to another page ‘verify.php’ But I don’t want to change my page. Is it possible?

    1. Hello Yoshi,

      Sorry for the problem you’re seeing. The error message you’re reporting has been seen by others as well. The best documentation I saw on resolving it can be found here. Please review this post and let us know if it resolves your problem.

      Regards,
      Arnel C.

    1. Hello Zeeshan,

      Sorry to hear that you’re having problems with the Captcha. However, we do need more information in order to provide you assistance. Can you please provide your domain name, any error messages, and the steps you’ve taken to set up the recaptcha?

      Also, make sure that you have clear your browser cache before reviewing the page. This may help to prevent you from seeing an old cached page.

      Otherwise, please send us more information and we would happy to look into the issue further for you.

      Regards,
      Arnel C.

    1. Hey come on…. its awesome already.. you are rocking mate… keep going…
      PS:
      make this as a link ( https://www.google.com/recaptcha ) not a text.. 🙂

Was this article helpful? Join the conversation!