BotShield CAPTCHA for Contact Form 7

Add simple CAPTCHA protection to Contact Form 7 forms. No API keys required! Prevent spam with arithmetic or image-based challenges.

Author:	R.Sabbir (profile at wordpress.org)
WordPress version required:	5.0
WordPress version tested:	6.9
Plugin version:	2.0.0
Added to WordPress repository:	22-11-2025
Last updated:	19-01-2026
Rating, %:	100
Rated by:	1
Plugin URI:
Total downloads:	341
Active installs:	20+
Click to start download

Stop contact form spam instantly with BotShield CAPTCHA for Contact Form 7. This all-in-one spam protection plugin integrates Google reCAPTCHA (v2 Checkbox & v3 Invisible), Cloudflare Turnstile (Privacy-Focused), and lightweight Built-in Arithmetic/Image Challenges to block bots while letting real users pass.

Whether you need strict security or a friction-free user experience, BotShield gives you complete control over your specific form protection needs. No more spam submissions, fake leads, or automated bot attacks.

Protect Your Store with Enterprise-grade CAPTCHA & Security. SecureGate CAPTCHA provides full-site protection, blocking bots, spam, and fraud using Cloudflare Turnstile, Google reCAPTCHA, hCaptcha, and Geo-Blocking — keeping your store fast, secure, and bot-free.

Key Features & Benefits

Multi-Provider Support: Choose between Google reCAPTCHA, Cloudflare Turnstile, or Self-hosted challenges.
Google reCAPTCHA Integration: Supports both v2 (“I’m not a robot”) and v3 (Invisible) keys.
Cloudflare Turnstile: The modern, privacy-friendly alternative that stops bots without annoying puzzles.
Lightweight Built-in Protection: Use simple Math or Image CAPTCHAs without needing any external API keys.
Seamless Contact Form 7 Integration: Adds a dedicated “BotShield” tag generator button directly to the CF7 editor.
Mobile Optimized: Fully responsive challenges that work perfectly on smartphones and tablets.
GDPR Compliant Options: Turnstile and Built-in modes offer excellent privacy compliance.
Accessibility Ready: WCAG 2.1 compliant designs for screen reader support.

Flexible Protection Options

1. Google reCAPTCHA (The Industry Standard)
* v2 Checkbox: The classic “I’m not a robot” checkbox users trust.
* v3 Invisible: valid users are verified in the background with zero interaction.

2. Cloudflare Turnstile (Privacy-First)
* Verify visitors without solving complex puzzles. Smart, fast, and respectful of user privacy.

3. Built-in Challenges (No Keys Required)
* Arithmetic: Simple math questions (e.g., 7 + 2 = ?) effective against basic bots.
* Alphanumeric: Distorted text images for traditional verification.
* Zero external dependency, 100% self-hosted.

Perfect For

Contact forms
Registration forms
Quote request forms
Newsletter signups
Any Contact Form 7 form needing spam protection

Requirements

WordPress 5.0 or higher
Contact Form 7 plugin (must be active)
PHP 7.4 or higher
GD PHP extension for image CAPTCHAs

Privacy Policy

BotShield CAPTCHA does not:
* Collect any personal data
* Store user information
* Transmit data to external servers
* Use cookies or tracking
* Share information with third parties

All CAPTCHA processing happens locally on your WordPress server. The plugin is fully GDPR compliant.

Support & Documentation

Support Forum: https://wordpress.org/support/plugin/botshield-captcha/
Developer Website: https://www.rsabbir.com/

Contributing

Contributions are welcome! Contact the developer or visit the GitHub repository to contribute to this plugin’s development.

Credits

Developed by R. Sabbir (https://www.rsabbir.com/)
Tested with Contact Form 7 6.1.4 and later

Technical Specifications

Server Requirements

WordPress 5.0 or higher
PHP 7.4 or higher
Contact Form 7 plugin (active)
GD PHP extension (for image CAPTCHAs)

Browser Support

Chrome (latest versions)
Firefox (latest versions)
Safari (latest versions)
Microsoft Edge (latest versions)
Mobile browsers (iOS Safari, Chrome Mobile)

Security Features

Token-based validation system
HMAC-SHA256 signature verification
Automatic token expiration (5 minutes)
XSS protection
CSRF token protection
No session storage required

Performance

Code: ~50KB total size
Assets: Minified and optimized
Loading: Conditional asset loading on relevant pages
HTTP Requests: Zero external requests
Caching: Compatible with all major WordPress cache plugins

Screenshots
FAQ

Do I need API keys?

For Built-in CAPTCHAs: No, these work out of the box.
For Google reCAPTCHA: Yes, you need a free Site Key and Secret Key from the Google reCAPTCHA Admin Console.
For Cloudflare Turnstile: Yes, you need a free Site Key and Secret Key from the Cloudflare Dashboard.

Which CAPTCHA should I choose?

reCAPTCHA v3 or Cloudflare Turnstile are best for user experience (invisible/frictionless).
reCAPTCHA v2 is best if you want users to explicitly proving they are human.
Built-in is best for strict privacy requirements or local-only environments.

Is BotShield CAPTCHA GDPR compliant?

Yes.
* Built-in Challenges: 100% compliant, no data leaves your server.
* Cloudflare Turnstile: Privacy-focused and generally considered GDPR compliant.
* Google reCAPTCHA: Subject to Google’s privacy policy and terms.

Does this plugin slow down my site?

No. Assets (CSS/JS) are conditionally loaded only on pages where a Contact Form 7 form is present. We prioritize performance and lightweight code.

Can I use multiple CAPTCHAs per page?

Yes! Each Contact Form 7 form can have its own independent CAPTCHA configuration.

does it work on mobile devices?

Absolutely! The CAPTCHA is fully responsive and works perfectly on all devices including smartphones and tablets.

Is it accessible for people with disabilities?

Yes! The plugin includes proper ARIA labels, keyboard navigation, and screen reader compatibility following WCAG 2.1 guidelines.

Can I customize the appearance?

Yes! Choose from three built-in themes (Default, Minimal, Modern) or add custom CSS for further customization.

What is the BotShield CAPTCHA shortcode?

The required shortcode is [captcha* captcha-answer]. This tag ensures that the user completes the CAPTCHA before submitting the form.

Can I use the shortcode for Google reCAPTCHA or Turnstile?

Yes! The same [captcha* captcha-answer] shortcode works for all types. The plugin automatically renders the correct challenge (reCAPTCHA, Turnstile, or Built-in) based on your settings.

How do I make the shortcode optional?

To make the CAPTCHA optional (not recommended), use the tag without the asterisk: [captcha captcha-answer].

Hide FAQ

ChangeLog

Choose right WordPress plugin from thousands others in a moment