Joomla! Help Support Warrington Cheshire Manchester Merseyside UK

From Joomla! 5 onwards the Joomla! CMS includes one core Captcha plugin: Captcha - Invisible reCaptcha.

And then only if your website was previously built around the Joomla! 4 CMS:

If your website was created using a fresh installation of the Joomla! 5 CMS then it will not include any core Captcha plugins.

There are however several Third Party Extensions listed in the Joomla! Extensions Directory should you wish to use Captcha with your website's interactive elements, for example:

  • user registration (if enabled) and
  • contact form (if published).

View: Joomla! Extensions Directory Captcha Extensions.


Will your website survive without Captcha?

Not everyone is a fan of Google Captcha or Google for that matter.

And you cannot use the core Captcha - Invisible reCaptcha with the Joomla! CMS without first having a Google account.

If you do then be aware that Google Captcha is licensed. Read the small print before you create your Captcha Keys (see below).

If you don't then know there are Captcha developers other than Google.

If you choose one then you will need to find a suitable Third Party Extension (see above link).

Note that the following will not be protected even if choose to use the core Captcha - Invisible reCaptcha plugin in your website:

  • User Login.
  • Password Reset Field.
  • Password Reminder Field.

Many Joomla! CMS website owners should be able to manage without using either the core Captcha plugin or a Third Party Extension.

Here are some things you can do to protect your website when you opt not to use a Captcha plugin.

  1. Disable user registration (default in a WYNCHCO Website Design).
  2. Hide the Contact Form (default in a WYNCHCO Website Design).
  3. Publish an email contact address instead (by default protected from bots using javascript in the Joomla! CMS).
  4. Toggle the setting in a WYNCHCO Template to hide the Password Reset and Password Reminder fields.

Note: the best way to protect Front End and Dashboard Login from bots is to install and configure a Web Application Firewall.

Read more: Web Application Firewall.


Getting started

If you want to use the core Captcha - Invisible reCaptcha Plugin (assuming it is available to you) then you will first need to acquire some Google Captcha Keys.

To do so visit:

and select Get Started with Enterprise.

Remember to read the small print about pricing.

Next, in your website's Dashboard, add the Keys to the plugin (see below).

Enable the plugin.

And finally, select a Default Captcha in the Global Configuration screen of your website's Dashboard.

You will also need to check and change (if necessary) the Captcha settings in the:

  • Users > Options (to protect user registration), and
  • Contacts > Options screen (to protect the contact form).

See below.

When configured and enabled, the Captcha - Invisible reCaptcha Plugin requires no user interaction in the Front End unless the Captcha algorithm identifies a suspect bot.

The plugin places an icon with a slider at the bottom left or bottom right of the screen, or an icon with an open slider directly in the form.

captcha invisible recaptcha v3 button

A dodgy response will trigger a puzzle to be solved.


Contents include:

Enable the plugin.
Captcha with the Contact Form.
Captcha with User Registration.

Subscribers: sign in to read full article