Protect forms (captcha)
What you need: Simply Static Pro
Simply Static can automatically protect your forms (and comments) on your static site with a CAPTCHA, helping keep out spam and bots.
Choose a service
Go to Simply Static > Forms and scroll to the Captcha section. Pick a service from the dropdown:
- Cloudflare Turnstile
- Google reCAPTCHA v3
Add your keys
Once you've chosen a service, fill in the details:
- Site key: your public key. This is used on the static site.
- Secret key: stored safely in WordPress and used to validate submissions.
- Theme: choose how the widget looks, for example, Light or Dark.
- Size: choose the widget size.
If you already use a captcha with a form plugin like Contact Form 7, WPForms, or Fluent Forms, click Copy existing Credentials to automatically pull the keys instead of entering them by hand.
How validation works
Captcha validation happens server-side. When a visitor submits a form, the response is checked against the CAPTCHA service through your WordPress site. This means your WordPress install must be reachable from the internet for CAPTCHA protection to work. A purely local or firewalled WordPress site can't validate CAPTCHA responses.