Hubsine Spam Protection With Fallback For ReCAPTCHA Wordpress Plugin - Rating, Reviews, Demo & Download
Plugin Description
Hubsine Spam Protection with Fallback for reCAPTCHA integrates Google reCAPTCHA V3 and V2 with WordPress native forms and popular form plugins. Choose between three protection modes and configure each form independently.
Protection modes:
- V3 only — Invisible score-based protection. No user interaction required. Submissions scoring below the threshold are blocked silently.
- V2 only — Classic “I’m not a robot” checkbox. Full user interaction required.
- V3 with V2 fallback (recommended) — V3 runs invisibly first. Only users who score below the threshold are shown the V2 checkbox, giving real users a second chance.
Supported forms:
- WordPress login form
- WordPress registration form
- WordPress lost password form
- WordPress comment form
- Contact Form 7 (via
[hubsine_recaptcha]tag) - Ninja Forms (via a draggable field in the form builder)
Key features:
- Internal token system — the Google V3 token is pre-verified server-side before form submission. Submissions carry a short-lived signed token instead of a raw Google token, reducing API latency on submit.
- Per-form configuration — set the V3 action string and score threshold independently for each form.
- Token auto-refresh — the internal token is refreshed in the background so users on long forms always have a valid token.
- No dependencies — no Composer, no npm, no jQuery. Plain PHP 7.4+ and vanilla JavaScript.
- WordPress.org compliant — no obfuscated code, no outbound calls other than the documented Google API.
Donate
Hubsine Spam Protection with Fallback for reCAPTCHA is free, open-source, and has no ads or premium tier. If it saves you time or keeps your site safe from spam, consider supporting its development with a small donation — every contribution helps.
https://donate.stripe.com/00w8wO0V197Ca376tP4Ni01
Thank you!
External Services
This plugin communicates with external services operated by Google LLC.
Google reCAPTCHA API script
- URL:
https://www.google.com/recaptcha/api.js - Purpose: Loads the reCAPTCHA widget and provides the
grecaptchaJavaScript object used to generate tokens. - Triggered: On every front-end page where at least one protected form is present.
- Data sent: The visitor’s IP address and browser fingerprint are sent to Google as part of the reCAPTCHA scoring process. No data from your site’s database is included.
- Google Privacy Policy: https://policies.google.com/privacy
- Google Terms of Service: https://policies.google.com/terms
Google reCAPTCHA siteverify API
- URL:
https://www.google.com/recaptcha/api/siteverify - Purpose: Server-side verification of reCAPTCHA tokens. Called from your server (not from the visitor’s browser) when a form is submitted or during the pre-submission precheck.
- Triggered: On every protected form submission and on every precheck AJAX request.
- Data sent: The reCAPTCHA response token and your secret key. The visitor’s IP address (
REMOTE_ADDR) is also forwarded to improve scoring accuracy. - Google Privacy Policy: https://policies.google.com/privacy
- Google Terms of Service: https://policies.google.com/terms
By using this plugin, you agree to Google’s Terms of Service and Privacy Policy. You are responsible for informing your users about the use of reCAPTCHA in your privacy policy.
Screenshots
No screenshots provided
