Skt NURCaptcha Plugin for WordPress


NURCaptcha stands for New User Register CaptchaSkt NURCaptcha WP Plugin was conceived as a simple solution to a problem I faced with some time ago.

I had decided to change preferences in a WordPress powered site so to allow people to freely register as new subscribers. But as soon as this was done, a lot of bot intruders came in and in a blink the site’s pages were infected by some russian (.ru) malware. Then I digged around for some plugin to give me some security on that wide open gate of my site.

That is how the reCaptcha shows up at your Register Page

As I have not found any plugin fit to solve that simple problem, I decided to build one by myself. That is how Skt NURCaptcha WP Plugin came to being.

Skt NURCaptcha WP Plugin is called to action by the “login_form_register” hook. Then a call is made to a Google’s reCaptcha form which is inserted into the WP native register form. To know more about reCaptcha Safety, go here. If someone wants to register to that site correct responses to the Captcha challenge must be filled in.

It’s a simple idea and a good solution to stop bots attacks. And it’s free also! All you need is to have the plugin properly installed and activated in your WP site, and then you go to Create a reCaptcha Key to create a pair of free criptographic keys to enable the plugin.

Simple, Safe and efficient!


How to implement a reCAPTCHA anywhere in your theme

This article is intended to help the user of Skt NURCaptcha WordPress plugin to enable and use a Google’s reCAPTCHA anywhere on the pages of a WordPress site. It suposes you are familiar to PHP and WordPress programming.
Version 3.4.3+ of the plugin is required, for the instructions given here work properly

First step – enable Google’s reCAPTCHA widget

In order to get rendered in a page, reCAPTCHA requires a call to a script provided by Google to be inserted within the <head></head> tag on that page. To get this done, you may go to the Settings page of Skt NURCaptcha (in the back end of your site) and scroll down till you find “enable reCAPTCHA on selected front pages“. Then click on the button “Toggle selector” to see a list of your site’s pages, each one sided by a small checkbox. Select the pages where the reCAPTCHA should show up and then click on “Update options”.

If you want to display the captcha on a sidebar widget or on the footer, and not only on selected pages, you must enable it sitewide. To do that, just drop anywhere in your theme’s functions.php file the line below. It calls a function to provide the insertion of that Google’s small piece of code into the ‘head’ tag of every and all pages at the front side of your site:

add_action('wp_head', 'skt_nurc_sitewide_enable_captcha');

Second step – get reCAPTCHA rendered in a page

To get the reCAPTCHA rendered in a front page on your site, supposed you have gone successful through step one, you will need a special <div class=”g-recaptcha”></div> block to be placed anywhere within a form on that page. To get detailed info on that block’s attributes, visit the page at Google’s.

Skt NURCaptcha has a function that renders the reCAPTCHA with the attributes you selected on the plugin’s settings page. So you may use a call to this function within your PHP code, by simply adding this code:


Keep in mind that this line must be inserted somewhere within the form intended to be protected by the reCAPTCHA. That’s say you must find a place for it in between a tag-pair <form></form>, otherwise it will not work, though displaying on the page.

Third step – verifying the user’s response

The use of a captcha only makes sense if you have the response of the user verified by your code. So, you must add this code to the landing page (see form’s action=”” attribute), at the point where the $_POST[ ] data are being verified:

$result = nurcResponse();
if ($result->is_valid) {
// the user passed through the reCAPTCHA - so go on with your code...
// user's response is wrong - so, stop and go back to the form, with an error message in $result->error

These steps will extend the reCAPTCHA protection to any form at any page in your site, provided you can add the code lines to the appropriate places within your theme or plugin. They work fine with Skt NURCaptcha version 3.4.3+, connected to the new version of Google’s reCAPTCHA (since dec/2014).

New improvements from Version 3

Skt NURCaptcha Plugin now brings your WordPress site to a new level of security.

From version 3 on, we added antispam databases assessment, so even if the spammer gets the spambot gone through Google’s reCAPTCHA challenge, the IP and email will be checked against StopForumSpam and BotScout spammer databases.

This additional checking became a real need since some spammers found some way to cross the captcha barrier, a few months ago. They are probably using a cross-site game, by making someone else unadvertedly solve the captcha challenge for them.

Version 3.1 also changed storage of blocked attemptives from text file mode to database mode, so there will be no more data loss at the plugin update.

Version 2.4 Released

Though it was first released on september 21st, Skt NURCaptcha Plugin for WordPress has now reached it’s version 2.4 which gives you support for user registration in WPMU (Multisites) and in BuddyPress.
WordPress for Network, aka Multisites, introduces some changes in the registration process which allow user to create a new blog on the network. The registration functions are declared at . BuddyPress is a special kind of plugin, as it introduces many changes to the internal structure of WordPress. BP registration routines are present at and they differ a lot from those of the regular WP installation.
It’s hard for a plugin to do a good job when so many changes cross his way. In fact, when we compare those routines, we see a jungle of non-standardized changes. The hooks are not the same and even field names on the registration form are different. See, as an example, the “username” field. In standalone WordPress this field is called “user_login”, but if you reconfigure your installation to allow Multisites, this field’s name becomes “user_name”. If you install BuddyPress plugin, however, this same field changes it’s name to “signup_username”.
Nevertheless, when we have a clear goal in sight and a lot of enthusiasm in heart, no bad times come across our road to a brand new version of Skt NURCaptcha. So, enjoy it as we keep one eye on further improvements.
Commentaries and suggestions are very welcome to help improving this plugin, as it is meant to protect your site the best way possible, at that “user registration” door.