ReCaptcha from Google is the most popular spam prevention tool available, and certainly with good reason as it seems to work and is widely-adopted and therefore easily implemented for most instances. Most contact forms on WordPress come with their own reCaptcha integration, and if not available, many third-parties have developed reCaptcha plugins to adapt to these forms. So far, so good for spam prevention and open-source collaboration.
There is, however, a significant issue overlooked by many, which is the impact on your user’s privacy. Spam prevention might suggest reCaptcha is functional in practice and does not need consent, principles, and guidelines laid out by GDPR and other privacy laws oppose this as reCAPTCHA does not adhere to the data minimization principle in the slightest, as explained in more detail in this article.
Leaving reCAPTCHA behind. A Simpler solution.
To leave this all behind and conform with GDPR simultaneously, privacy by design is always the best option.
A solid option to have a Captcha without blocking functionality and checking dependencies is Friendly Captcha for WordPress.
For now, it has integrations with;
- WordPress native forms (registration, login etc)
- Contact Form 7
- WP Forms
If you’re missing your contact form plugin, you can create an integration request here; https://github.com/FriendlyCaptcha/friendly-captcha-wordpress
When installed, you can now disable reCaptcha as an integration in the Complianz wizard and keep moving toward a more privacy-friendly set-up. If you’re willing, self-hosting your Google Fonts will remove other requests to Google as well. And when you’re at it, do the same for analytics!