GDPR-compliant ReCaptcha for all forms and logins


Protect all your forms and logins against spam and brute-force attacks. The plugin is invisible and compliant to GDPR (RGPD, DSGVO).
It has a lot of options on the one hand and comes with a well balanced default configuration. Thus it starts working very well, as soon as it is activated.

Key features

  • Blocks spam on all(!) public forms, comments and logins
  • Invisible. No user-input required
  • Still receive 100 percent of the real requests
  • Compliant to GDPR (respectively DSGVO, RGPD)
  • The Plugin is for free
  • No tracking, no cookies, no sessions
  • No external ressources
  • Easy to use
  • SEO-friendly
  • Only necessary code
  • Optionally messages can be flagged instead of blocking them

Examples WordPress

  • Login Form
  • Registration Form
  • Password Reset Form
  • Comments Form

Examples WooCommerce

  • Checkout
  • Login Form
  • Registration Form
  • Password Reset Form
  • Comments form
  • Product Evaluation Form

Examples other Plugins

  • Forminator
  • Thrive Architect & Thrive Apprentice
  • WPForms
  • Fluent Forms
  • Contact Form 7
  • Gravity Forms
  • Formidable Forms
  • Elementor Pro Forms
  • Mailchimp for WordPress Forms
  • BuddyPress Registration Form
  • bbPress Create Topic & Reply Forms
  • Ultimate Member Forms
  • wpDiscuz Custom Comments Form

Thank you!

I hope you enjoy using the plugin! If you are happy with it, I would be glad to get your review and probably a coffee too.

For developers (Integration of the spam check)

* Get the instance of the plugin
$plugin_instance = \VENDOR\RECAPTCHA_GDPR_COMPLIANT\Stamp::getInstance();

* The fields (just for simulation)
* of the submitted form
$fields = [
‘field1’ => ‘value1’,
‘field2’ => ‘value2’,
‘field3’ => ‘value3’,

* The method to get the information,
* whether the current submission is spam or not
* and holding the corresponding fields from flagging
* spam
$filteredValue = $plugin_instance->spam_check( $fields );

* True if spam is identified
$isSpam = $filteredValue[ ‘isSpam’ ];

* True if spam shall be blocked. Alternatively, the
* spam is just flagged with a suffix, or a new field.
* This is, for instance, if spam shall be filtered
* i.e., in a local mail program.
$blockSpam = $filteredValue[ ‘blockSpam’ ];

* If spam is just flagged, the fields corresponding
* from that flagging can be taken from here. There are
* two possibilities to flag spam:
* (1) A suffix can be added to a certain field.
* (2) A new field can be added containing a certain value.
$newFields = $filteredValue[ ‘fields’ ];


  1. Install and activate the plugin via WordPress Plugins page. Done!
  2. Optionally: After activation, you can adjust precisely how messages shall be blocked, flagged or saved in plugin’s settings menu.


Submissions are incorrectly treated as spam

This may happen if the Javascript of your page doesn’t work properly. Therefore 3 reasons are known:
1. The problem sometimes occures directly after the installation due to caching. Therefore the required JavaScript to do the proof-of-work, isn’t loaded as intended. To fix this, clear the cache on your webserver (WordPress-caching is usually done by plugins which serve an option to clear the cache) and in your browser.
2. JavaScript is crashing because of incompatibility of the plugin with another plugin. If you recognize that, I would be happy if you report it to me. Usually I’ll fix it within the same day.
3. Javascript is crashing even without this plugin. Even without this plugin, you should always ensure that JavaScript is working correctly on all of your pages.
4. In the most browsers you can identify Javascript errors by pressing F12 on your page and navgigating to console. Here you can see what happens on your page.

Parsing error

Appears in Elementor, if your submission was identified as spam. Look at question “The plugin recognizes submissions incorrectly as spam” for further information.

Neither messages, nore spam is shown in the inbox

First of all: Whereas the blocking, should work for every form and login on the one hand, on the other hand there may exist several reasons why the inbox and the flagging of spam doesn’t work.
The spam-check and the respective blocking of spam happens independently of all your plugins and technical settings for every POST-request.
To flag and to save submissions correctly in your inbox requires your form to use WordPress-standards. Many form-builders define an own standard and therefore manipulate post-variables.
Therefore the initially posted parameters either do not achieve the processing of the plugin, or they achieve it in an unknown form that is not treated correctly.
If you recognize this behaviour, I would be glad if you gave me a notice in the support forum and usually I would ad specific support for your form-builder.

Problems with WooCommerce/ Jetpack activation

If you face problems with the activation of Jetpack this may occur during the handshake-procedure of jetpack. This procedure acts like a bot, when it passes a passphrase from a certain IP adress to an automatically generated form on your site.
In order to get this fixed, you need either to disable the option “Apply on REST-API”, or to whitelist the respective form that is used to exchange the passphrase.
Usually you need to process the following steps for whitelisting:
1. Check the spam folder for the respective message that has been blocked
2. Copy the site-adress “from_site”
3. Paste the site-adress into the option “Site-Whitelist” on the properties site
4. Press save
Usually you need to whitelist two different sites to connect jetpack:
1. To connect the site: your-domnain-without-protocol/?rest_route=/jetpack/v4/verify_registration/
2. To connect your user: your-domnain-without-protocol/?rest_route=/jetpack/v4/remote_authorize/

Problems with activation/ installation of other plugins

If you face problems with other plugins (i.e. during plugin installation/ activation) this may occur during handshake-procedures, or during maintenance of your plugin from the vendor. These procedures usually act like bots, as they pass a code or contents via certain automatically generated forms on your site.
In order to get this fixed you can either disable the option “Apply on REST-API”, or whitelist the IP address of your vendor, or you can whitelist the page which contains the maintenance form. In order to check whether such a problem occurs you can check the spam folder of this plugin. Here you find the site adress that you can use for whitelisting as “from_site” too

Problems with Borlabs Script Blocker

When you use the Borlabs Script Blocker to scan for JavaScripts, the scan doesn’t work properly, as it doesn’t show any JavaScripts. Just deactivate this plugin for the scan and activate it again after the scan.

Can’t get my problems fixed

  1. Important messages could be shown in browser console (F12) on problematic page
  2. Whenever you post something to the support forum, try to hand over all details
  3. If the recaptcha doesn’t work on any form, give me a notice and I will try to fix that

How to disable this plugin?

  • Use standard WordPress plugins page for deactivation and deletion of the plugin
  • When deactivating the plugin you will be asked for the reason. If you face any problems I would be glad if you report to it me as detailed as possible. Usually I will fix them quickly. If you give me contcat details, I may inform you as soon as it is fixed.


22 Settembre 2023
Wir sind superglücklich, endlich ein DSGVO kompatibles Recaptcha gefunden zu haben, welches mit Thrive Suite kompatibel ist. Es ist kinderleicht einzurichten und funktioniert tadellos. Da es alle Seiten unserer Webseite schützt, nicht nur unsere Formulare, ist ein zusätzlicher Spam- und Botschutz für die gesamte Webseite redundant. Weiterführende Fragen an den Entwickler wurden schnell, engagiert und kompetent beantwortet. 5 Sterne und Danke an Mathias für dieses großartige und lang ersehnte Plugin.
15 Settembre 2023 1 risposta
Really love it and prevents spam 100% as reported by our clients. Awesome! One thing: Admin page background color is strange 😀 Please just remove that!
20 Luglio 2023
I asked for the support of Thrive forms used in Thrive Themes, and shortly after, there it is!So, I am not dependent on the GDPR critical Google reCaptcha any more, as there is an alternative now.
21 Giugno 2023
The plugin works very well and efficiently. It is unobtrusive and completely invisible to our customers, which is great. In the beginning we had a problem that was caused by a 3rd-party-plugin and therefore opened a support request. Matthias responded super fast, offered a hack, and built a great feature into the next release (IP Whitelist). Thanks again!
7 Giugno 2023
I really love the way the plugin works an the perfect support from Matthias - thanks a log!
Leggi tutte le recensioni di 11

Contributi e sviluppo

“GDPR-compliant ReCaptcha for all forms and logins” è un software open source. Le persone che hanno contribuito allo sviluppo di questo plugin sono indicate di seguito.


“GDPR-compliant ReCaptcha for all forms and logins” è stato tradotto in 3 lingue. Grazie ai traduttori per i loro contributi.

Traduci “GDPR-compliant ReCaptcha for all forms and logins” nella tua lingua.

Ti interessa lo sviluppo?

Esplora il Codice segui il Repository SVN iscriviti al Log delle Modifiche. Puoi farlo tramite RSS con un lettore di feed.

Changelog (registro delle modifiche)


  • Deprecated usage of dynamic options replaced
  • Deprecated Filter_Sanitize_String replaced
  • Menu position warning fixed


  • Option to filter WooCommerce shopping carts adjusted


  • Added support for flagging messages for forminator and WPForms
  • Added Whitelisting for sites
  • Added option to disable/ enable REST API – support / may solve several compatibility issues with other plugins that do handshakes, or are maintained from the plugin vendor via REST API
  • Added option to filter WooCommerce shopping carts from beeing saved
  • Added a possibility to integrate this plugin into certain form builders via the new method spam_check( $fields )


  • Dashboad-widget can be seen only by administrators now
  • Support for WP forms added
  • Warning-Bug solved


  • Dashboard widged for the inbox added (has to be activated in the administration area)
  • Style for the administration area renewed
  • New option to disable/able the spam protection for logged-in users
  • Support for Thrive Apprentice added
  • Removed CF7 support-option, as CF7 is supported anyway
  • Order auf messages in the inbox changed (now starting with the most current one)


  • Bug with blocked entries solved


  • Support for Forminator added
  • Optimized namespaces in JavaScript for better plugin-compatibility


  • Support for Thrive Architect / Thrive Automation added


  • New feature to whitelist IPs, that shall be ignored and not beeing blocked from the plugin
  • Errors with PHP version 5.6+ fixed


  • Hash-puzzles are saved in the database right now
  • Raised efficiency of the server-side spam-check


  • Better resilience of the plugin
  • Javascript know is directly echoed from PHP, to save loading time


  • Special thanks to the user vptcnt
  • Error 500 which appeard due to empty line reading in the stamp-log-file resolved


  • Spam-check procedure optimized


  • Complete code-rebuild
  • Shopping carts and all other elements from Woocommerce are now working with the plugin
  • Better integration of Elementor
  • Popup-Bug for login-screen solved
  • Plugin performance optimized
  • The proof-of-work-check now happens before form submission via ajax. Thus collision with other plugins is minimized


  • Elementor support added


  • Problems with multiple forms on one page solved
  • DOM-Integrity problem with non-unique IDs solved


Erroneous behaviour of the inbox with renamed WordPress-table-prefixes fixed


Empty JavaScript file deleted and not loaded anymore, to avoid loading the file uneccesary in the admin menu


Settings menu beautified


New: GDPR-compliant ReCaptcha for all forms has been released!