PrestaShop reCAPTCHA hCaptcha protection helps your store reduce spam messages, fake accounts and automated login attempts on the storefront forms bots target most. Contact, registration, login and newsletter checks can stop bad submissions before PrestaShop continues, saving staff time and keeping real customer requests easier to spot.
The module supports Google reCAPTCHA v2, Google reCAPTCHA v3 and hCaptcha. You choose protected forms, add site and secret keys, and set the v3 score threshold when invisible scoring is used. Each submission is checked with the selected provider, including visitor IP, so missing, failed or low-score responses are blocked before the form reaches your team.
Protection only runs when enabled and both keys are configured. The contact-form handling avoids showing the captcha twice on native contact pages and can work alongside compatible GDPR-consent contact form layouts.
- Three captcha providers. The configuration supports Google reCAPTCHA v2, Google reCAPTCHA v3 and hCaptcha. The selected provider controls how the captcha appears and how each form submission is checked.
- Form-level activation. Merchants choose which protected forms are active, with contact and registration enabled by default in the module defaults. Login and newsletter checks are available from the same form list.
- Submission checks before spam reaches staff. Each form response is verified with the selected captcha provider and visitor IP. Missing, failed or low-score responses stop the form submission before it becomes a support problem.
- v3 score threshold. For reCAPTCHA v3, the response score must meet the configured threshold, defaulting to 0.5. This lets the store tune invisible captcha strictness without changing provider.
- Contact form duplicate handling. The contact form placement avoids rendering a duplicate widget when the native contact form module already uses the same page area. A GDPR-consent placement is also used on contact pages for compatible contact form output.
- Inactive until keys are complete. The module only behaves as active when enabled and both site key and secret key are configured. The admin warning logic reports missing keys separately.
PrestaShop reCAPTCHA hCaptcha protection for forms
PrestaShop reCAPTCHA & hCaptcha - Anti-Spam Forms protects the customer-facing forms that bots commonly abuse: contact, login, registration and newsletter forms. Spam messages, fake accounts and credential-stuffing attempts waste staff time, hide real customer enquiries and can damage trust in your store. This module adds Google reCAPTCHA v2, Google reCAPTCHA v3 or hCaptcha checks and validates submissions server-side before PrestaShop processes them.
Keep real enquiries from being buried in spam
Every junk contact message creates work, and the bigger problem is that real customer questions can get missed among the noise. By protecting the contact form, the module helps your team spend more time answering buyers and less time deleting automated messages. Faster, cleaner support protects sales because shoppers with unanswered questions often leave and buy elsewhere.

Reduce fake registrations and login abuse
Bot-created accounts and automated login attempts create risk, clutter and operational distraction for store owners. The module can protect registration and login forms, checking the CAPTCHA response before the submission continues. This is targeted form protection that helps reduce abuse without claiming to replace a full firewall or broader security suite.

Choose the friction level that fits your audience
Some stores prefer a visible checkbox because customers recognise it, while others want invisible scoring to keep the form experience smooth. The module lets you choose reCAPTCHA v2 checkbox, invisible reCAPTCHA v3 or hCaptcha, and v3 includes a sensitivity threshold. That flexibility matters because blocking bots should not create so much friction that genuine shoppers abandon registration or support.

Provider choice, server checks, and v3 scoring
The module is configured from Back Office with provider choice, site key, secret key, protected form selection and v3 score threshold. Protection stays off until credentials are added, which makes installation safer because incomplete keys should not break customer forms. It is honest, targeted anti-spam protection for forms, while broader firewall, rate limiting, admin hardening and vulnerability scanning remain separate security concerns.

-
Referencemprrecaptcha
-
In stock2147483647 Items
-
PrestaShop CompatibilityPS 1.6 – 9.x
-
Pricing ModelOne-time Purchase
-
Module TypeFront & Back-office
-
GDPR RelevantYes
-
Business GoalLegal & Compliance
-
External Account NeededYes
-
Module ComplexityFeature-Rich Module
-
Customer Journey StageConvert to Buyers
-
Works With PlatformGoogle Services
What customers say about us
Be the first to share your experience with this module.
Write a Review
reCAPTCHA & hCaptcha Protection helps block bot submissions on the main public forms in your PrestaShop store. It protects contact messages, customer login, customer registration, and newsletter signup with Google reCAPTCHA v2, Google reCAPTCHA v3, or hCaptcha.
- Maintenance release: refreshed bundled shared libraries and module icon
Works Well With reCAPTCHA & hCaptcha Protection
Modules our team genuinely pairs with this one — and exactly why each belongs in the same setup.
A merchant running reCAPTCHA & hCaptcha Protection is reducing spam and automated submissions on storefront forms bots target, like contact, registration and login. Cutting bot noise matters most where customers actually submit information, and a richer contact setup gives bots more forms to probe.
Better Contact Form is a separate tool that lets you create multiple storefront forms for support, returns, quote requests or business messages, with multilingual text, custom fields and required validation. It builds the enquiry forms, while the captcha layer screens them.
Used together, Better Contact Form provides the structured enquiry forms your team needs and the captcha protection filters automated junk before it reaches you. A merchant gets clearer customer enquiries with less spam, two complementary tools where one shapes the forms and the other reduces bot submissions, without claiming any given message is guaranteed genuine.
A merchant using reCAPTCHA & hCaptcha Protection is cutting automated abuse on registration and login forms, which are exactly the points where account creation happens. Reducing bot signups is one side of registration friction; the human effort of choosing a password is another the captcha tool does not touch.
Automatic Customer Password is a separate tool that fills password and confirmation fields with generated values, applied to registration, checkout or both, with hidden or visible field options, so shoppers do not stop to invent a password. It smooths the field, not the abuse.
Run alongside each other, the captcha layer filters automated submissions while the password tool removes the password pause for genuine shoppers. A merchant gets fewer bot accounts and an easier path for real ones, two complementary tools where one screens out automated traffic and the other reduces friction for the people who should get through.
A merchant running reCAPTCHA & hCaptcha Protection focuses on a specific defence, filtering spam and automated submissions on storefront forms with reCAPTCHA v2, v3 and hCaptcha. Form spam is one threat surface; the broader security posture of the store, monitoring and cleanup is a much larger concern the captcha tool does not address.
Security Revolution is a separate tool that brings protection, monitoring and operational cleanup into one back-office workflow, reducing damage from risky requests, spam, fake registrations and suspicious traffic before they consume staff time. It handles the wider security picture.
Used together, the captcha layer screens the specific forms bots target while Security Revolution covers monitoring and operational defence more broadly. A merchant gets focused form protection plus a wider security workflow, two complementary tools where one filters automated form abuse and the other manages the store's overall security work.
A merchant using reCAPTCHA & hCaptcha Protection keeps automated submissions off the forms bots target, so adding any new public form raises the question of whether it too will attract spam. An on-page product enquiry form is exactly such a new submission point.
Ask About Product is a separate tool that adds an Ask a question button near product details, opening a popup form with name, email and message fields so shoppers can ask about fit or buying doubts without leaving the page. It creates the enquiry channel; it does not screen it.
Run alongside each other, Ask About Product captures genuine pre-purchase questions while the captcha layer reduces the automated junk that public form would otherwise collect. A merchant gets a useful enquiry route with less spam, two complementary tools where one opens the conversation and the other filters bot submissions, without implying every message is guaranteed genuine.
Easy return - no questions asked
Install, set up and take profit
Priority Help & Satisfaction Over Sales