How to add CAPTCHA on Checkout page of Easy Digital Downloads

By | June 30, 2016

The market of Ecommerce has grown up vastly during the last few years. People can sit at home and buy any product from any brand directly on few clicks. WordPress CMS is too growing rigorously from some years with the wide range of WooCommerce themes and plugins available for selling products online. Along with WooCommerce compatible themes, developers also love Easy Digital downloads plugin.

Easy Digital Downloads:

It is a complete e-commerce solution for selling digital products in a light and easy to use way. Rather than attempting to provide every feature under one, Easy Digital Downloads makes selling digital simple and complete by providing just the features you need. On activating this plugin you will get options to add new downloadable or say digital products. Everything works fine with this plugin but when a product is added to cart and further it is taken to checkout you will notice that there is no CAPTCHA field while registering. In order to keep out spammers and spam data being inputted on your site, a CAPTCHA has to effectively test if you are human or machine. Let us see,

How to add CAPTCHA on Checkout page of Easy Digital Downloads?

First of all let us see what is captcha and why it is necessary.

What is CAPTCHA?

CAPTCHA is an image with a code written on it. The website visitor is required to read the code on the image and enter the value in a text field. If the word entered is wrong, the form submission is not processed. As CAPTCHA is a smartly blurred image, the spam bot can’t read it. So the form cannot be auto-submitted by a ‘bot’.

To use reCAPTCHA, you need to sign up for an API key pair for your site. The key pair consists of a site key and secret. The site key is used to display the widget on your site. The secret authorizes communication between your application backend and the reCAPTCHA server to verify the user’s response. The secret needs to be kept safe for security purposes.

In order to integrate the Google reCAPTCHA to the website, one has to register the website with Google and then generate the required Site Key i.e. Public Key and Secret Key i.e. Private Key.

Step 1: Visit the Google reCAPTCHA website from given link. Click on the Get reCAPTCHA button as shown in image to go to next step.


Step 2: The next step is to register the Website in which you need to integrate Google reCAPTCHA API.
You need to provide a Label value and the domain names of the websites for which you want to use the reCAPTCHA.

Adding reCAPTCHA step 2

Step 3: Once the registration is done you get the Site Key (Public Key) and Secret Key (Private Key) and also the procedure to integrate Google reCAPTCHA.

Adding reCAPTCHA step 3

Step 4: Please find the code below, you need to add to functions.php of your theme:

/*Adding recaptcha to EDD registeration form*/

/*Below function will add the necessary JS for recaptcha in the head section of your Checkout page. If you want to embed it on other page/s, you can modify the conditional tag*/
function yourtheme_edd_recaptcha_head(){
	if( is_page( 'checkout' ) ) {
		echo '<script src="" async defer></script>';
add_action( 'wp_head', 'yourtheme_edd_recaptcha_head' );

/*Below function will output the sitekey necessary for Recaptcha verification*/
function yourtheme_edd_register_add_recaptcha(){
	echo '<div class="g-recaptcha" data-sitekey="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"></div>'; //sitekey received from Google
add_action( 'edd_purchase_form_before_submit', 'yourtheme_edd_register_add_recaptcha');

/*Below function runs once user submits the checkout form with details. Here we check if the response from Recaptcha server is not empty and verify it against the secret key for the site. If the verification response is not set, we set an EDD error. If the captcha box is not ticket, still we throw an EDD error. */
function yourtheme_edd_verify_recaptcha(){
   if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
        //your site secret key
        $secret = '----------------------------------------'; //Recaptcha Secret Key received from Google
        //get verify response data
        $verifyResponse = file_get_contents(''.$secret.'&response='.$_POST['g-recaptcha-response']);
        $response = json_decode($verifyResponse);
        if(!isset($response->success)) {
	       edd_set_error( 'wrong_captcha', __( 'Invalid captcha!', 'edd' ) );
    else {
	 edd_set_error( 'enter_captcha', __( 'Please click on the reCAPTCHA box!', 'edd' ) );
add_action( 'edd_checkout_error_checks', 'yourtheme_edd_verify_recaptcha', 10);

Using above steps of adding reCAPTCHA you can easily stop spam attacks on your checkout page. Hope you found this article helpful.

Related Post