6 min read

How to stop Google reCAPTCHA scripts from loading sitewide

Liquid Web logo Liquid Web
WordPress

Tired of seeing that reCAPTCHA badge floating around on every single page of your WordPress site? 

While reCAPTCHA effectively protects your forms from spam, its sitewide implementation can increase bounce rates and decrease user engagement, particularly on mobile devices

Thankfully, although Google requires proper disclosure and visibility of reCAPTCHA on protected forms, there’s no requirement to load these scripts across your entire site. 

WordPress sites typically use one of two reCAPTCHA versions: Version 2, with its familiar checkbox or image selection challenges, or Version 3, which works invisibly in the background to detect bots. Whichever version you’re using, this guide explores the most effective ways to control reCAPTCHA’s presence on your site, helping you maintain security while ensuring fast, clutter-free pages.

Key points

  • You can control reCAPTCHA through either simple plugin settings or performance-optimized code implementation.
  • Each reCAPTCHA script can slow your site by up to 1.5 seconds, significantly impacting user engagement.
  • Liquid Web’s managed hosting provides comprehensive security features that protect your forms without the performance penalties of traditional CAPTCHA systems.

Shop managed hosting

Quick guide: Stop reCAPTCHA loading on every page

Before diving into the methods, it’s worth noting that while reCAPTCHA can be a performance drain when loading sitewide, completely removing it from form pages isn’t recommended. 

The goal is to optimize its implementation while maintaining security. There are two reliable methods to prevent it from loading everywhere while keeping your forms secure: 

Method 1: Disable sitewide reCAPTCHA through plugins

Managing reCAPTCHA through WordPress plugins is the most straightforward approach for non-technical users. Here’s how to do it using a popular plugin like reCAPTCHA by BestWebSoft:

  1. Log into your WordPress dashboard.
  2. Navigate to reCaptcha > Settings in the dashboard menu.
reCaptcha settings
  1. Under Enable reCaptcha for, you can customize where reCAPTCHA appears, including login forms, registration forms, reset password forms, and more. 
Enabling reCaptcha
  1. Save changes and clear your website’s cache. 

Pro tip: It’s best to keep reCAPTCHA active on critical forms like login and registration pages for security.

If you face issues during setup, verify your site and secret keys are correct. Sometimes, security plugins can conflict with reCAPTCHA settings, so you may need to temporarily deactivate them. Always test your forms in incognito mode after making changes to ensure everything works as expected.

Method 2: Remove reCAPTCHA scripts with code

For more precise control, you can use a code-based approach. While plugins are simpler, the code-based approach is ideal for sites that need maximum performance and flexibility. This method also works better with caching solutions, making it a solid choice for performance-focused websites. Here’s how to implement it:

  1. Add this function to your child theme’s functions.php file to remove reCAPTCHA from pages without forms:
function disable_recaptcha_scripts() {    global $post;    if ( is_a( $post, 'WP_Post' ) && !has_shortcode( $post->post_content, 'contact-form-7') ) {        wp_dequeue_script( 'google-recaptcha' );        wp_dequeue_script( 'wpcf7-recaptcha' );    }}add_action('wp_print_scripts', 'disable_recaptcha_scripts');

This code intelligently checks each page for Contact Form 7 shortcodes and only loads reCAPTCHA when necessary, improving your overall page load times.

  1. To hide the reCAPTCHA badge while maintaining functionality, add this CSS to your theme’s Additional CSS section or style.css file:
.grecaptcha-badge {    visibility: hidden !important;}

When hiding the reCAPTCHA badge, Google requires adding this disclaimer text near your forms: “This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.”

You can add this disclaimer through your theme’s footer.php file, as a widget in your footer area, or directly within your form template. The main thing is ensuring it’s visible to users wherever reCAPTCHA is active on your site.

After implementing these changes, thoroughly test your forms to ensure they maintain their security functionality. Monitor your spam submission rates for a few days to confirm that the protection remains effective.

Securing WordPress forms without reCAPTCHA

While reCAPTCHA is a popular choice for form security, it has several drawbacks. 

For starters, the system can create unnecessary friction in your user experience, often flagging legitimate users as suspicious and forcing them to solve puzzles. For users with disabilities, these challenges can be particularly problematic, sometimes making forms completely inaccessible. Add in the potential impact on page load times, and it’s clear why many site owners are looking for alternatives.

Fortunately, modern WordPress security offers several effective alternatives to traditional CAPTCHA systems. These include:

  • Honeypot fields: These invisible form fields trick bots while remaining completely hidden from real users. Bots typically try to fill every field they find, making it easy to identify and block their submissions.
  • Time-based tokens: Forms receive a timestamp when loaded and reject submissions that happen too quickly for human completion.
  • IP-based rate limiting: This technique prevents mass submissions by limiting the number of form submissions allowed from a single IP address.

Liquid Web’s managed WordPress hosting incorporates these advanced security measures and more. Their platform includes an enterprise-grade web application firewall, advanced DDoS protection, automated malware scanning, and regular security updates – all working together to keep your forms secure.

For additional form-specific protection, consider pairing Liquid Web’s hosting with Solid Security

Solid Security homepage

This powerful plugin offers enterprise-grade protection against form spam and brute force attacks, working behind the scenes without challenging your users. It uses advanced techniques like real-time IP blacklisting and intelligent monitoring of login attempts to stop malicious actors while keeping forms smooth and accessible.

Optimize your site security with Liquid Web’s managed WordPress hosting

Managing reCAPTCHA’s presence on your WordPress site is about finding the right balance between security and user experience. Whether you choose to remove it entirely or just control where it appears, the key is ensuring your forms remain protected without compromising performance or accessibility.

Instead of relying solely on reCAPTCHA, consider upgrading to Liquid Web’s managed WordPress hosting for comprehensive security. Liquid Web provides enterprise-grade protection through advanced firewalls, DDoS protection, and automated malware scanning – all working seamlessly behind the scenes without frustrating your users.

Ready to enhance your WordPress security while delivering a better user experience? Explore Liquid Web’s managed WordPress hosting plans today!

Shop managed WordPress
Shop managed hosting

Related articles

WordPress 11 min read
Best free WordPress themes ranked by real performance Liquid Web
WordPress 5 min read
We Asked: What’s your biggest WordPress secret? Liquid Web
SSH 3 min read
How to create and manage site backups using SSH Jason Dobry
WordPress 9 min read
AI tools to enhance your WordPress site Liquid Web
WordPress 9 min read
How to eliminate render-blocking resources in WordPress Liquid Web
WordPress 8 min read
Fixing the “not a valid JSON response” WordPress error Kiki Sheldon

Wait! Get exclusive hosting insights

Subscribe to our newsletter and stay ahead of the competition with expert advice from our hosting pros.

Loading form…