WordPress
Protect WordPress forms with Crovly captcha. 22+ integrations, all free.
Installation
- Download the latest release from GitHub
- Upload the
crovlyfolder to/wp-content/plugins/ - Activate the plugin in Plugins → Installed Plugins
- Go to Settings → Crovly
Configuration
Enter your keys from the Crovly dashboard:
| Setting | Description |
|---|---|
| Site Key | Your public site key (crvl_site_...) |
| API Key | Your private API key (crvl_secret_...) |
| Theme | Auto (match system), Light, or Dark |
| Error Message | Custom message on verification failure (optional) |
| Skip Logged-in | None, Admins only, or All logged-in users |
| IP Allowlist | IPs that bypass captcha (one per line) |
Supported Integrations
All integrations are free — no premium gating. The settings page dynamically shows only integrations for plugins you have installed and active.
WordPress Core
| Form | Setting Key |
|---|---|
| Login | login |
| Registration | register |
| Lost Password | lostpassword |
| Comments | comment |
WooCommerce
Requires WooCommerce to be installed and active. A single toggle protects all WooCommerce forms:
- Checkout (before "Place Order" button)
- Login form
- Registration form
- Lost password form
- Pay for order page
Form Builders
| Plugin | Forms Protected |
|---|---|
| Contact Form 7 | All forms (auto-injected before submit button) |
| WPForms | All forms |
| Gravity Forms | All forms |
| Elementor Pro | Registered as a "Crovly Captcha" field type |
| Ninja Forms | All forms |
| Fluent Forms | All forms |
| Formidable Forms | All forms |
| Forminator | All forms |
| Jetpack | Contact forms |
Page Builders
| Plugin | Forms Protected |
|---|---|
| Divi Builder | Contact Form module, Login module |
Membership & Community
| Plugin | Forms Protected |
|---|---|
| BuddyPress | Registration, Activity Post |
| bbPress | New Topic, Reply |
| Ultimate Member | Login, Register, Password Reset |
| MemberPress | Checkout, Login |
| Paid Memberships Pro | Checkout |
E-Commerce & Payments
| Plugin | Forms Protected |
|---|---|
| Easy Digital Downloads | Checkout, Login, Register |
| GiveWP | Donation forms |
Other
| Plugin | Forms Protected |
|---|---|
| Mailchimp for WP | Signup forms |
| wpDiscuz | Comment forms |
| wpForo | New Topic, Reply |
How It Works
- Plugin loads
widget.jsfrom the Crovly CDN on protected pages - Widget renders in the form and runs Proof of Work in the background
- On form submit, the token is sent with the form data (
crovly-token) - Plugin calls
api.crovly.com/verify-tokenfrom your server to validate - If verification fails, the form submission is rejected with an error
Fail-Open Behavior
If the Crovly API is unreachable (network error), the plugin allows the request through to prevent locking users out. This is a deliberate safety measure.
Shortcode
Add the captcha widget to any page, post, or widget area:
[crovly]
[crovly theme="dark"]PHP Functions
For theme developers and custom integrations:
// Render the widget (echo)
<?php crovly_render(); ?>
// Verify the token (returns bool)
<?php
if (!crovly_verify()) {
wp_die('Captcha verification failed.');
}
?>Or using the class directly:
// Render
Crovly_Plugin::instance()->render_widget();
// Get HTML (returns string, doesn't echo)
$html = Crovly_Plugin::instance()->get_widget_html();
// Verify
$passed = Crovly_Plugin::instance()->verify_token();Custom Form Integration
For forms not covered by the built-in integrations:
1. Add the widget to your form template:
<?php if (function_exists('crovly_render')): ?>
<?php crovly_render(); ?>
<?php endif; ?>2. Verify in your form handler:
if (function_exists('crovly_verify') && !crovly_verify()) {
wp_die('Captcha verification failed.', 'Error', [
'response' => 403,
'back_link' => true,
]);
}Advanced Settings
IP Allowlist
Add trusted IPs (one per line) that skip captcha verification entirely. Useful for:
- Office/corporate IPs
- Staging servers
- Monitoring services
Skip for Logged-in Users
| Option | Behavior |
|---|---|
| None | Verify everyone (recommended) |
| Admins only | Skip for users with manage_options capability |
| All logged-in | Skip for all authenticated users |
Troubleshooting
Widget not appearing:
- Ensure the plugin is activated and Site Key is set
- Check that the form type is enabled in Settings → Crovly
- Verify no caching plugin is serving a stale page
- For form builder plugins, ensure the plugin is active (settings only show active plugins)
"Captcha verification failed" on every submit:
- Verify your API Key is correct in Settings → Crovly
- Check server can reach
api.crovly.com(not blocked by firewall) - Test with
test_always_passas the Site Key to isolate the issue
Plugin integration not showing in settings:
- The integration only appears when the target plugin is installed and active
- Install and activate the plugin first, then refresh the Crovly settings page
WooCommerce widget position:
- The widget appears before the "Place Order" button by default
- Some themes with custom checkout templates may need adjustment