+385 95 578 4732
MON - FRI, 4PM - 10PM
Udemy Course
Ivan Javorović profile image

Ivan Javorović

Full Stack Developer

  • BORN : October 3, 1995
  • NICKNAME : Jawe
  • FAVORITE BAND : The Beatles

How to add Google reCAPTCHA with PHP and Laravel examples


Laravel, php, recaptcha, captcha, google, stop spam, api

Why should I Google reCAPTCHA?


Google reCAPTCHA is used for spam protecting your website, it puts a human step in validating your form post requests.
For example since having this website up for the last 5 months I've received quite a few emails from bots using the
contact form on my site. But now, after adding the reCAPTCHA this spam has finally stopped!



1. Register your domain


Go to: https://www.google.com/recaptcha/admin

You'll be taken to a form in which you will have to Register a website.


You will get a form that looks something like this:



For example in the Label I put "javorovic.com", the Domains section is the to javorovic.com and for the type of reCAPTCHA I put checkbox.

Which will give you this:




After you've entered all of you information and pressed the register button you will be taken to the setting page for your

2. Integration (Client and Server side)


Here you will have 3 sections:

Section 1: "Keys"


Keep this open
, we will need the keys for backend use (PHP and/or Laravel).



Section 2: "Client side integration"


<script src='https://www.google.com/recaptcha/api.js'></script>


This snippet of code will go before the closing head tag in your HTML file.


<div class="g-recaptcha" data-sitekey="paste-your-site-key-here"></div>


This snippet of code goes in your form tag. In most cases people put it just above the submit button, but you can place it anywhere within the tag.


Don't forget to change the data-sitekey value.

The key should already be set in the code snippet after you register a site.



Section 3: "Server side integration"


POST REQUEST URL: https://www.google.com/recaptcha/api/siteverify


For the integration we have a URL that receives a POST request with 3 parameters, 2 of which are required.


secret (required): This key you can find on the right side of the field explanations or within the "Keys" section above.

response (required): You get this value after a user has done the reCAPTCHA ('g-recaptcha-response' is sent),
if he didn't do the reCAPTCHA the value of 'g-recaptcha-response' that is sent will be null.

remoteip: A non required field in which you can pass the end user's IP address.

PHP example:


if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
$secret = 'paste-your-secret-key-here';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$responseData = json_decode($result , TRUE);
curl_close ($ch);

//if success
//if fails


Don't forget to change the $secret variable value!


Laravel example:

$data = $request->all();

$rules = ['title' => 'required|string|max:255',
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255',
'message' => 'required',
'g-recaptcha-response' => 'required'];
$validator = Validator::make($request->all(), $rules);

if ($validator->fails()) {
return back()->withErrors($validator)->withInput();
$secret = 'paste-your-secret-key-here';

$ch = curl_init();

    curl_setopt($ch, CURLOPT_URL,"https://www.google.com/recaptcha/api/siteverify");
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS,
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $result = curl_exec($ch);
    $responseData = json_decode($result , TRUE);
    curl_close ($ch);

    if($responseData['success'] == false){
        return back();

Mail::send('emails.contact', ['data' => $data], function($msg) use ($data){

session()->flash('msg', 'Sent');
return back();

By: Ivan Javorović