Laravel applications are not exempted from registration spams. Once bots find your forms, they are going to populate your users table non-stop. One of the most effective ways to protect your Laravel app from spam and abuse is by integrating reCAPTCHA. This powerful tool helps distinguish between human and automated access, reducing the risk of malicious attacks, and maintaining the integrity of your application. By implementing reCAPTCHA, you can enhance user experience, safeguard sensitive data, and maintain the overall health of your platform.
Packages for Integrating reCAPTCHA
When it comes to integrating reCAPTCHA into your Laravel application, there are several packages available to simplify the process. Here are some of the most popular ones
1. anhskohbo/no-captcha : All of the reCAPTCHA packages for Laravel this is the easiest to use. It is currently active and I use it for my Laravel Jetstream 5 applications.
2. biscolab/laravel-recaptcha : This package provides an easy-to-use interface for adding reCAPTCHA to your Laravel forms. It supports both reCAPTCHA v2 and v3, offering flexibility depending on your security needs.
3. greggilbert/recaptcha : Unfortunately, this package is no longer maintained. It was one of the most popular reCAPTCHA packages for Laravel applications.
I’m going to make a quick run-down on how to integrate the anhskohbo/no-captcha package to Laravel application. We will use the package to install reCAPTCHA to the registration form of a Laravel Jestream 5 application.
1. Install the package via composer
composer require anhskohbo/no-captcha
2. Create reCAPTCHA credentials here to get your SITE KEY and SECRET KEY. You will be asked to choose v3 or v2. I haven’t tried for v3 but the package works for v2
3. In your Laravel Jestream files, find register.blade.php which is under resources\views\auth
Below the code block below which is the confirm pass field:
<div class="mt-4">
<x-label for="password_confirmation" value="{{ __('Confirm Password') }}" />
<x-input id="password_confirmation" class="block mt-1 w-full" type="password" name="password_confirmation" required autocomplete="new-password" />
</div>Add this code:
<div class="mt-4">
{!! NoCaptcha::renderJs() !!}
{!! NoCaptcha::display() !!}
</div>This will add the reCAPTCHA form below password field.
4. The reCAPTCHA will show up but it can be skipped. We need to require it so that user won’t be able to get pass through the registration without clicking on reCAPTCHA.
Find the file named CreateNewUser.php which is in app/Actions/Fortify folder (Note this is Jetstream 5 and might be located somewhere else if you have different version of Jetstream)
Add 'g-recaptcha-response' => 'required|captcha' as show below
Validator::make($input, [
'name' => ['required', 'string', 'max:255'],
'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
'g-recaptcha-response' => 'required|captcha',
'password' => $this->passwordRules(),
'terms' => Jetstream::hasTermsAndPrivacyPolicyFeature() ? ['accepted', 'required'] : '',
])->validate();This should require now the user to go through reCAPTCHA before the form is submitted.
About the Author
Hi, my name is Roel. I am a TALL stack developer. I created this site to document all web applications I created using the TALL stack. I exclusively built products using Laravel because I like the experience writing applications using the simplest framework/stack available.