How to Add a Custom CAPTCHA Field to WordPress Comments
Spam comments have long been a persistent issue for WordPress websites. If your site has decent traffic and the comment section is open, you’ve likely encountered a flood of unwanted spam. While there are plugins that can add CAPTCHA protection to WordPress comments, introducing an entire plugin for a single feature may negatively affect your site’s performance.
In this tutorial, I’ll show you how to add a custom CAPTCHA field to the WordPress comment form without relying on external plugins. Our CAPTCHA will be a poetic question: “What year is it tonight?”—a twist inspired by traditional Chinese poetry, which we hope will confuse bots.
Step 1: Add a Custom CAPTCHA Field to the Comment Form
To customize the WordPress comment form, we’ll use the comment_form_default_fields filter. This hook lets us modify the array of default form fields and insert our own.
Here’s how to add a new field labeled “What year is it tonight?”:
function wprs_add_captcha_comment_field( $fields ) {
$fields['captcha'] = sprintf(
'<p class="comment-form-captcha">%s %s</p>',
sprintf(
'<label for="captcha">%s %s</label>',
__( 'What year is it today?', 'text_domain' ),
wp_required_field_indicator()
),
'<input id="comment-captcha" name="captcha" size="30" type="text" required>'
);
return $fields;
}
add_filter( 'comment_form_default_fields', 'wprs_add_captcha_comment_field' );After adding this code to your theme’s functions.php file or a custom plugin, refresh your site and check the comment form. If the new field does not appear, your theme or a plugin may be overriding the default comment form. You’ll need to investigate further in that case.
Step 2: Validate the CAPTCHA on Comment Submission
Now that the custom field is visible, we need to validate its input during comment submission. We’ll use the pre_comment_on_post hook, which triggers before the comment is saved.
Here’s the validation logic:
function wprs_verify_comment_captcha() {
if ( empty( $_POST['captcha'] ) || (int) date( 'Y' ) !== (int) sanitize_text_field( wp_unslash( $_POST['captcha'] ) ) ) {
wp_die(
'<p>' . __( '<strong>Verification failed:</strong> Do you even know what year it is tonight?', 'text_domain' ) . '</p>',
__( 'Verification failed. Please don’t post spam comments.' ),
[
'response' => 200,
'back_link' => true,
]
);
}
}
add_filter( 'pre_comment_on_post', 'wprs_verify_comment_captcha' );This function checks:
- If the
captchafield exists - Whether the entered value matches the current year (as returned by
date('Y'))
If either check fails, the comment is rejected with a friendly but firm message.
Summary
As you can see, adding a simple, custom CAPTCHA to your WordPress comment form is straightforward and effective. No need for bulky plugins or external services like reCAPTCHA. With just a few lines of PHP, you can reduce spam and keep your comment section clean.
This method is especially useful for lightweight websites, or those with strict performance and privacy requirements.
