Create a reCAPTCHA Enterprise API key

Step 1: Create or Select a Google Cloud Project

First, you need a Google Cloud project to house your reCAPTCHA keys. If you don’t have one, you’ll need to create one.

Go to the Google Cloud Console at console.cloud.google.com.
In the project selector at the top of the page, choose an existing project or click “Create Project” to start a new one.

Even for the standard reCAPTCHA service, you need to enable the reCAPTCHA Enterprise API within your project.

From the navigation menu (the “hamburger” icon ☰) on the top left, go to “APIs & Services” > “Library.”
Search for “reCAPTCHA Enterprise API” and select it from the results.
Click the “Enable” button.

Now you’ll create the actual key pair for your website.

In the navigation menu, go to “Security” > “reCAPTCHA.”
Click “Create key.”
Fill out the key details:
- Display name: Give your key a descriptive name (e.g., “My WordPress Site”).
- Application type: Select “Web.”
- Domain list: Add your website’s domain name (e.g., example.edu). You can add multiple domains if needed.
- Additional settings (optional): These settings allow you to choose the type of reCAPTCHA challenge, difficulty of those challenges, and threshold for policy-based challenges.
Click “Create key.”

After creating the key, you’ll be shown a screen with your public Site Key and a private Secret Key.

Copy both keys immediately.
- Site Key – shown at the top of the page next to the name you chose for your project
  (e.g., ID: 6LfRCZ0rAAAAALt7CJbYYbk237vjiOvpu00xw5l_)
- Secret Key – look for a link labeled Use legacy key or Integrate with a third-party-service or plugin to open a popup that displays your Secret Key.
- Important! The Secret Key is sensitive information and should be stored securely. LastPass is recommended for this purpose.
These are the values you’ll use in your WordPress plugin settings. The Site Key is used on the front-end of your website, and the Secret Key is used by the plugin’s back-end to verify requests.