Why I Removed Google reCAPTCHA & Why You Probably Should Too

Google reCAPTCHA is probably the most popular anti spam service in the world. But there are several strong arguments for considering a move away from reCAPTCHA over to an alternative anti spam solution. Here are the facts that made me leave reCAPTCHA.

Why Google reCAPTCHA could be a problem for your WordPress website

It’s easy to see why Google reCAPTCHA is a popular anti spam service: It’s free, most WordPress plugins and themes offer simple integration and Google is a fairly trusted developer. I myself have been an advocate in several Google reCAPTCHA v3 tutorials.

But external factors like increased integrity awareness, GDPR and the importance of page speed makes many web developers question if reCAPTCHA is a good choice – or even a feasible choice. Here are three reasons why I have abandoned Google reCAPTCHA and why you maybe should consider moving to another anti spam service.

1. Google reCAPTCHA might not be GDPR compliant

In January 2022, a German court ruled that Google Fonts is not in compliance with GDPR (the General Data Protection Regulation in EU). The reason is that Google collects IP data from the visitors when the fonts are called from the Google server. The website owner got away with a €100 fine, but the court warned that the next fine could be much higher. In order to be GDPR compliant, you need to self-host your Google fonts.

So there is a lot at stake. The official EU website on GDPR fines states:

The less severe infringements could result in a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher.

But what does Google fonts has to do with reCAPTCHA? The thing is that the Google reCAPTCHA script forces the visitor to load the Google Font Roboto via Google’s servers at fonts.gstatic.com. As you can see in the waterfall screenshots below, Google actually makes two separate external calls for the Roboto font. And there is not way to remove this call since it’s an external script. This goes for both reCAPTCHA V2 (puzzle recaptcha) and reCAPTCHA V3 (invisible recaptcha).

Google reCAPTCHA call for two Google fonts (Roboto)
Google reCAPTCHA Robot font call 1
Google reCAPTCHA Robot font call 2
I will not give legal advice. But I can say this with certainty: If requesting fonts from the Google server violates GDPR, then Google reCAPTCHA is not GDPR compliant since it requests fonts from the Google server without offering an option.

2. Google reCAPTCHA is bad for your pagespeed

It’s ironic that Google has pushed pagespeed as a crucial SEO ranking factor at the same time as they add unnecessary bloat to websites using their reCAPTCHA anti spam service. In the chapter above, you can see that two (unnecessary) fonts are loaded for every visitor. The combined size of the fonts is 30 kb which equals a small image.

But this is not the only calls that have to be processed by your visitors. Using the Chrome Inspector tool or a service  like GTMetrix reveals several reCAPTCHA related calls:

reCAPTCHA calls effects pagespeed

The reCAPTCHA script calls recaptcha__en.js, styles__ltr.css and logo_48.png from the Google server.

When taking a closer look at a Divi website using Google reCAPTCHA v3 protection for Divi forms, I can track down 10 reCAPTCHA related calls + 2 font calls which adds up to a total of 12 calls with a combined file size of 406 kb. This equals the size of a full screen image with a pretty high resolution. This could have a negative effect on your pagespeed and thus be bad for the SEO and user experience of your website.

3. Google reCAPTCHA adds clutter to your website layout

Yes, I’m referring to the annoying reCAPTCHA v3 badge. When you add reCAPTCHA v3 to your website, a badge will automatically appear in the bottom right corner. The badge contains a blue and grey reCAPTCHA logo + links to Google’s Privacy policy and Terms of use.

Google reCAPTCHA v3 badge to the right

The default reCAPTCHA V3 badge could overlap other elements and contrast in color and design.

This badge has a tendency to overlap other design elements or simply add unwanted contrast to your design style and add an unwanted distraction for your visitors. And Google does not offer a single design setting from their end. Sure, you can use custom CSS to move the badge to the left side or move the badge up a few pixels but it still adds clutter.

To be fair, I should mention that you are allowed to hide the reCAPTCHA badge – but, and there is a but – then you must “include the reCAPTCHA branding visibly in the user flow.”. And the external calls are still loaded in the background if you hide the badge with CSS.

You are allowed to hide the badge

You are allowed to hide the reCAPTCHA badge – if you add the branding manually.

Summary: Pros and cons of Google reCAPTCHA anti spam service

Let me be clear: I really like Google and I use many of their services (Chrome, Analytics, Fonts, Drive, Gmail etc.) on a daily basis. But being one of the biggest corporations in the world with the motto “don’t be evil”, we should expect more from them. If they want to mantain the position as the most popular anti spam service, they need clear all doubts about GDPR compliance, remove unnecessary bloat and add basic design settings.

The choice is yours. Here are the pros and cons of Google reCAPTCHA summarized:

Advantages of reCAPTCHA

  • There is no fee for licensing – it’s a free anti spam service
  • It’s supported by most major WordPress form plugins and themes (like Divi)
  • You can analyze spam analytics data in the reCAPTCHA dashboard
  • Google has huge amounts of data to pinpoint both human spammers and spam bots

Disadvantages of reCAPTCHA

  • It might not be GDPR compliant
  • It tracks your users behavior and data which could be used by Google
  • It adds bloat to your website which could reduce your pagespeed and hurt your SEO
  • It adds design elements that might conflict with elements and the layout of your website. 

3 Alternative Anti Spam Services to Google reCAPTCHA

There are good anti spam alternatives to reCAPTCHA that will not share unauthorized user data, load extensive resources or mess with your web design. Here are my three favorite anti spam services for WordPress (and yes, it contains affiliate links):

1. WP Armour – Honeypot Anti Spam

My rating: ⭐⭐⭐⭐⭐

The honey pot technique is as simple as it is clever: It adds a hidden field that only spam bots can see to your forms. When the spam bot uses the hidden field, the form submission is blocked by the plugin. Just activate the plugin and the invisible protection is added automatically  no setup is required.

The free version if WP Armor is compatible with many of the major WordPress forms like the Divi Contact Form, WP Comments, WP Registration, Gravity Form 7 (non-ajax and single page forms) as well as BBPress forums, Elementor Forms and Gravity Forms and more.

The paid version WP Armour Extended adds 2-level spam check, IP blocking and spam logs. It adds support for WooCommerce Checkout and Registration, Ninja Forms, Gravity Forms (Ajax-based forms and multi-step forms), BuddyPress, Easy Digital Downloads and more.

The pricing ranges from the single site lifetime license for $19.99 to the unlimited lifetime license for $99.99 (but you might find a discount coupon here, wink wink).

2. CleanTalk Spam Protect

My rating: ⭐⭐⭐⭐⭐

If you are looking for a more powerful anti spam service that doesn’t cost much, CleanTalk is an excellent choice.

While it has a free WordPress plugin, you need to register and pay for the service (after the free 7 days trial period). The license starts at $12/year (yes, per year) for one website or $20/month for unlimited website so it’s a fair price. You can also check out some CleanTalk discounts here.

The feature list is simply to long to sum up in this post, but I recommend that you explore their impressive list of spam protection features.

3. The good old Divi Form Spam Protection

My rating: ⭐⭐⭐

Are you on a slim budget and hesitant to add more plugins to your Divi website? The default Divi spam protection is a simple method to reduce spam. It will add a basic mathematical task (X+Y=Z) that the visitor needs to solve before submitting a form.

Yes, it might be a bit annoying for your visitors and no, it might not stop all spam messages, but for a small website with an even smaller budget, it might just be good enough.

That’s all for today!

I hope that you enjoyed this post. Do you agree or disagree? Please let me know your opinion in the commets below.

Subscribe to DiviMundo on YouTube and join our Facebook group for more crisp content on WordPress and web design.

👉 Related post: Divi form plugin comparison – which is better?

👉 Free course: Create a website from scratch with Divi

Related posts

0 Comments

Submit a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Affiliate Disclaimer

All content on DiviMundo is funded by you – our beloved readers. Some of the links are affiliate links. This means that if you click on the link and purchase something, I will receive an affiliate commission. But it will never cost more for you. Thanks for your support!

Victor Duse, founder of DiviMundo