Summary: Slow down spammers with Google reCAPTCHA.
Version: 0.0.3
Prerequisites: Javascript enabled, two most recent versions of Chrome, Firefox, IE, Safari
Status: Active
Maintainer: DaveG
Download: ZIP
License: Dual licensed under the MIT and GPL licenses.
Users: (View? / Edit)


This recipe implements Google reCAPTCHA. reCAPTCHA can be embedded into forms used by PmWiki. The ReCaptcha recipe works by displaying a "I'm not a robot" test as part of an input form. Requests to save a page that don't pass the ReCaptcha will be denied, with an opportunity to re-submit. For example:

(:input form action={*$PageUrl} method=post:)
(:input default request=1:)
(:input submit:)
(:input end:)


The ReCaptcha widget looks like this using default settings:

Download and Install

  1. Register: Register a new site and obtain public and private keys from Google:
    • Goto reCAPTCHA Admin
    • Register a new site. You can enter mutiple domains.
    • Once registered, you'll be shown a "Site Key" and a "Secret Key". You'll need these in the config step.
    • Optional: Further down the registration page you'll see Advanced settings where you can make the reCAPTCHA easier, or more difficult.
  2. Download: Download the latest version as a ZIP file.
    • Copy contents into the cookbook/ directory. You'll have a recaptcha directory in cookbook.
  3. Configure: Add this to local/config.php, using your own site and secret keys between quotes. The condition will allow users with Edit permissions to by-pass the ReCaptcha:
    $rc_Settings = array (
       'sitekey' => '',  // paste your Site Key between quotes
       'secret' => ''    // paste your Secret Key between quotes
    if (!CondAuth($pagename,'edit'))
  4. Display: Add the widget towards the end of the form you want to protect. For example, to require a captcha in order to edit a page, add the following markup to an appropriate place in the Site.EditForm page:
  5. Settings: Optionally change the behavior or look of the widget.


Global Settings

Some settings apply to all ReCaptchas.

enabled0, 1default is 1
sitekey Required: Site Key
secret Required: Secret Key
languageenFull language code list:
curl0Set this to 1 if you get 'invalid-json' errors.
script't change this!

These are defined in config.php:

$rc_Settings = array (
	'enabled' => 1,
   'sitekey' => '',  // paste your Site Key between quotes
	'secret' => '',   // paste your Secret Key between quotes
	'language' => 'en',
	'curl' => 0,
	'script' => ''

Widget Specific Settings

The following settings can be applied to each widget can be defined either globally or for each widget:

theme'light, darkdefault is light
typeaudio, imagedefault is image
sizecompact, normaldefault is normal
tabindex0The tabindex of the widget and challenge. If other elements in your page use tabindex, it should be set to make user navigation easier.
callback The name of your callback function to be executed when the user submits a successful CAPTCHA response. The user's response, g-recaptcha-response, will be the input for your callback function.
expired-callback The name of your callback function to be executed when the recaptcha response expires and the user needs to solve a new CAPTCHA.

You can define these settings per widget, or globally:

  • Per widget, in the (:recaptcha:) markup.
    (:recaptcha theme=dark type=audio size=compact tabindex=2:)
  • Globally in config.php:
    $rc_Settings['options'] = array(
       'theme' => 'light',
       'type' => 'image',
       'size' => 'normal',
       'tabindex' => '0',
       'callback' => '',
       'expired-callback' => ''


Add this to config.php to translate error codes:

XLSDV('en', array('missing-input-response'=>'Please verify you are not a robot.'));



If your host doesn't support or enable PHP setting file_get_contents you may receive 'invalid-json' errors. In which case there are two options:

  1. either change the setting in php.ini. Be aware of security implications of doing this.
      allow_url_fopen = on
  2. turn on the ReCaptcha 'curl' setting, which uses an alternate communication mechanism:
    $rc_Settings = array ( 'curl' => 1 );

Selective Enabling

If you want all users to have to enter the ReCaptcha just include the configuration with no condition:

$rc_Settings = array (
   'sitekey' => '',  // paste your Site Key between quotes
   'secret' => ''    // paste your Secret Key between quotes

Captcha not Displayed

If you don't see a captcha box, ensure your skin specifies a <!--HTMLFooter--> directive.


Known Issues

None known.

Change Log

0.0.3 (28-Mar-2016)

0.0.2 (28-Mar-2016)

  • chg: First release.

User notes? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.