Setting Up hCaptcha in AffiliateWP

Would you like to set up hCaptcha to help prevent spam on your affiliate registration and login forms? hCaptcha is a free, privacy-conscious alternative to Google’s reCAPTCHA that provides reliable spam protection with minimal impact on user experience.

In this tutorial, we’ll show you how to set up and use hCaptcha in AffiliateWP.

Generating hCaptcha Keys

To connect hCaptcha to AffiliateWP, you’ll first need to create a set of keys in your hCaptcha account.

Log in to your hCaptcha account at hcaptcha.com, then click the Add Site button in the top-right corner of the dashboard.

On the setup screen, enter a name for your site in the Name field. This label is for your reference and won’t be shown to visitors.

Under the Domains section, enter the URL of the site where AffiliateWP is installed.

Next, review the options in the hCaptcha Behavior section. The Always Challenge mode is selected by default and is suitable for most use cases. This will show a visual challenge to users before form submission.

Other modes, such as Passive and 99% Passive, are available only with an upgraded hCaptcha account. These modes attempt to reduce user interaction by using risk scores instead of a challenge prompt.

Below that, you’ll see the Passing Threshold setting. This controls how strict the verification challenge is. Selecting Auto will adjust the challenge difficulty based on user behavior, and is recommended for most sites.

When you’re done configuring the settings, click the Save button to generate your sitekey.

After saving, you’ll be redirected to the Sites dashboard where you can view your newly created sitekey. Click on the name of the site to open its details.

Under the Sitekey section, click the Copy icon to copy the key to your clipboard.
We recommend pasting the site key into a temporary text editor (like Notepad or your preferred notes app) so you can easily access it while setting up AffiliateWP.

To retrieve your secret key, click on your profile avatar in the top-right corner and select Settings from the menu.

On the account settings screen, locate the Secret section and click Generate New Secret.

In the confirmation popup, click Generate to create a new secret key.

Once your key is generated, click Copy Secret and paste it into the same location as your site key.

Configuring hCaptcha in AffiliateWP

Now that you’ve copied your site and secret keys, return to your WordPress site to complete the setup.

Navigate to AffiliateWP » Settings and click the Affiliates tab.

Scroll down to the Affiliate Registration & Login Security section. Here, you’ll see the available CAPTCHA options.

Click the hCaptcha icon to enable hCaptcha on your site. After selecting hCaptcha, two fields will appear: hCaptcha Site Key and hCaptcha Secret Key. Paste your copied keys into their respective fields.

Once your keys are in place, scroll down and click Save Changes to complete the connection.

Enabling CAPTCHA on the Affiliate Login Form

After selecting hCaptcha, you’ll see an additional setting labeled Add CAPTCHA to Affiliate Login form.

Enabling this option will add hCaptcha to your affiliate login form in addition to the registration form. This helps prevent automated login attempts, such as brute-force or credential-stuffing attacks.

Check the box to enable login protection, then save your settings.

Testing hCaptcha

After completing setup, it’s a good idea to test that hCaptcha is working correctly on your site.

Visit your affiliate registration page and attempt to submit a test registration. You should see the hCaptcha widget appear just before the submit button.

If you’ve enabled CAPTCHA on the login form, visit the affiliate login page as well and confirm that the hCaptcha verification is visible.

If the hCaptcha challenge doesn’t appear, double-check that your site and secret keys are correct and saved, and that hCaptcha is selected in the CAPTCHA settings.

Frequently Asked Questions