Laravel 13 - Integrate Google reCAPTCHA v3 for Bot Protection.
Laravel 13 - Integrate Google reCAPTCHA v3 for Bot Protection.
In this tutorial, we will learn how to integrate Google reCAPTCHA v3 in Laravel 13 with Livewire authentication to protect registration forms from bots and spam by validating requests and using score based verification.
Quick Overview
This guide walks you through integrating Google reCAPTCHA v3 into a Laravel 13 application. It begins with setting up a fresh Laravel project with Livewire authentication, followed by installing the reCAPTCHA v3 package and configuring your Site Key and Secret Key inside the .env file. You’ll then learn how to initialize reCAPTCHA v3 in your authentication layout, add the hidden reCAPTCHA field to your registration form, and validate incoming requests on the backend. The tutorial also explains how to inspect the reCAPTCHA score for debugging and implement optional custom validation logic for enhanced security. By following these steps, you can effectively protect your authentication system from bots and spam while maintaining a smooth user experience.
Step # 1 : Initialize a Laravel 13 Project with Livewire Authentication.
To get started, you'll need a Laravel 13 application with Livewire authentication. In this tutorial, we'll create a fresh project named reCAPTCHAV3. Before proceeding, make sure Composer is installed on your system, as Laravel uses it to manage dependencies. It is also recommended to install the Laravel Installer globally, which makes creating new applications much easier. If you haven't installed it yet, run the following command.
composer global require laravel/installer
Once the Installer is available, create a new Laravel 13 project by running.
laravel new reCAPTCHAV3
During the installation process, Laravel will prompt you to choose several options. Use the following settings for this tutorial.
- Starter Kit: Select Livewire to build the application using Livewire components.
- Authentication Provider: Choose Laravel's built-in authentication for user registration and login.
- Single-file Livewire Components: Select Yes to keep component logic and views together in a single file.
- Teams Support: Choose No since team functionality is not required for this project.
- Testing Framework: Select Pest for a modern and lightweight testing experience.
- Laravel Boost: Choose No because it isn't needed for this setup.
- Frontend Assets: Select Yes to automatically install and build the frontend assets.
After the installation is complete, you'll have a Laravel 13 project named reCAPTCHAV3 with Livewire authentication ready to use.
Step # 2 : Navigate to the reCAPTCHAV3 Project Directory.
Next, open your preferred terminal application, such as Git Bash, Command Prompt, or the VS Code integrated terminal, and switch to your reCAPTCHAV3 project folder using the following command.
cd c:xampp/htdocs/reCAPTCHAV3
After navigating to the project directory, you'll be ready to execute Artisan commands and continue configuring the application.
Step # 3 : Add the reCAPTCHA V3 Package.
Next, install the Laravel reCAPTCHA v3 package, which provides an easy way to integrate Google's invisible bot protection into your application. This package handles communication with the reCAPTCHA API and simplifies the verification process. To do so, run the following command from your project directory.
composer require josiasmontag/laravel-recaptchav3
Once installed, Composer will download the package and automatically update your project's dependencies.
Step # 4 : Generate the Configuration File.
After installing the package, you'll need to publish its configuration file so that you can customize the package settings. To do this, execute the following Artisan command.
php artisan vendor:publish --provider="Lunaweb\RecaptchaV3\Providers\RecaptchaV3ServiceProvider"
Running this command will create the recaptchav3.php file inside the config directory, making it available for further customization.
Step # 5 : Get Google reCAPTCHA v3 Site Secret Keys.
To use reCAPTCHA v3, you need to obtain the Site Key and Secret Key from Google’s reCAPTCHA Admin Console. Follow the steps below to get these keys, which are required to connect your Laravel application with Google’s reCAPTCHA service.
- Go to the reCAPTCHA Admin Console (Link : https://www.google.com/recaptcha/admin/create).
- Sign in with your Google account, or create one if you don’t already have an account.
- Create a label for your site to easily identify your keys later.
- Select reCAPTCHA v3 as the version.
- Add your site’s domain(s) for security purposes. Since we are working on localhost, you can use 127.0.0.1 as your domain.
- Click Submit to generate your Site Key and Secret Key.
- After submitting, you will be redirected to a page where both your Site Key and Secret Key will be displayed.
Now open your .env file in your Laravel project and add the keys as shown below.
RECAPTCHAV3_SITEKEY="Your Site Key here"
RECAPTCHAV3_SECRET="Your Secret Key here"
Replace "Your Site Key here" and "Your Secret Key here" with the actual keys you generated. This connects your Laravel application with Google’s reCAPTCHA service.
Step # 6 : Load the reCAPTCHA JavaScript.
Next, you need to initialize the reCAPTCHA v3 script so it can generate tokens in the background when users interact with your forms. To do this, open file: resources/views/layouts/auth/simple.blade.php. Inside the <head> section, add the following line.
<!-- Initialize reCAPTCHA V3 -->
{!! RecaptchaV3::initJs() !!}
This ensures that the reCAPTCHA JavaScript loads early in your layout, allowing the system to generate hidden verification tokens automatically when forms are submitted.
Step # 7 : Integrate reCAPTCHA V3 into the Registration Form.
Open your register.blade.php file and locate the Create account submit button inside the form. Add the following code just above the submit button.
{{-- Hidden input for reCAPTCHA V3 --}}
{!! RecaptchaV3::field('register') !!}
This injects a hidden reCAPTCHA field into your form, allowing a token to be generated and validated in the background when the form is submitted. If you also want to secure the login form, make sure to add the same field there using the appropriate action name.
Step # 8 : Add reCAPTCHA Validation to User Registration.
Open app/Actions/Fortify/CreateNewUser.php. Inside the create() method, add the following validation rule along with the existing fields.
'g-recaptcha-response' => 'required|recaptchav3:register,0.5',
This ensures that the reCAPTCHA response is verified before a new user account is created. The minimum score is set to 0.5, meaning any request below this threshold will be rejected. Make sure the action name register matches the one defined in your form field.
Step # 9 : Verify reCAPTCHA v3 Integration.
Now it’s time to verify that reCAPTCHA v3 is working correctly in your Laravel application. Start the project using the following command.
php artisan serve
Open the Register page in your browser and use the developer tools to confirm that a hidden input named g-recaptcha-response exists in the form. This field is automatically generated by reCAPTCHA v3 and will be sent when the form is submitted.
To further inspect the submitted data, temporarily add a dd() statement at the beginning of the create() method in app/Actions/Fortify/CreateNewUser.php.
<?php
namespace App\Actions\Fortify;
use App\Concerns\PasswordValidationRules;
use App\Concerns\ProfileValidationRules;
use App\Models\User;
use Illuminate\Support\Facades\Validator;
use Laravel\Fortify\Contracts\CreatesNewUsers;
class CreateNewUser implements CreatesNewUsers
{
use PasswordValidationRules, ProfileValidationRules;
/**
* Validate and create a newly registered user.
*
* @param array<string, string> $input
*/
public function create(array $input): User
{
// Debug incoming request data, including the reCAPTCHA token
dd($input);
Validator::make($input, [
...$this->profileRules(),
'password' => $this->passwordRules(),
'g-recaptcha-response' => 'required|recaptchav3:register,0.5',
])->validate();
return User::create([
'name' => $input['name'],
'email' => $input['email'],
'password' => $input['password'],
]);
}
}
Submit the form, and the dd($input) output will display all incoming request data, including the reCAPTCHA token. This confirms that the integration is working correctly.
Once you have verified the output, remove the dd() statement so that the registration process works normally.
Once you have verified the output, remove the dd() statement so that the registration process works normally.
Step # 10 : Implement Custom Validation Using reCAPTCHA Score (Optional).
You can use the Lunaweb\RecaptchaV3\Facades\RecaptchaV3 facade to apply custom logic based on the reCAPTCHA score. This allows you to control how strict your application should be when handling form submissions. In Laravel Fortify, this can be implemented inside the create() method of app/Actions/Fortify/CreateNewUser.php.
<?php
namespace App\Actions\Fortify;
use App\Concerns\PasswordValidationRules;
use App\Concerns\ProfileValidationRules;
use App\Models\User;
use Illuminate\Support\Facades\Validator;
use Laravel\Fortify\Contracts\CreatesNewUsers;
// Import RecaptchaV3 facade to verify tokens and retrieve score
use Lunaweb\RecaptchaV3\Facades\RecaptchaV3;
class CreateNewUser implements CreatesNewUsers
{
use PasswordValidationRules, ProfileValidationRules;
/**
* Validate and create a newly registered user.
*
* @param array<string, string> $input
*/
public function create(array $input): User
{
// Verify reCAPTCHA v3 score for the "register" action
$score = RecaptchaV3::verify($input['g-recaptcha-response'], 'register');
// Temporary debug check to inspect reCAPTCHA score response)
if ($score > 0.5) {
dd($score, 'High score detected – registration allowed');
} else {
dd($score, 'Low score detected – registration blocked');
}
Validator::make($input, [
...$this->profileRules(),
'password' => $this->passwordRules(),
'g-recaptcha-response' => 'required|recaptchav3:register,0.5',
])->validate();
return User::create([
'name' => $input['name'],
'email' => $input['email'],
'password' => $input['password'],
]);
}
}
RecaptchaV3::verify() is used to fetch the reCAPTCHA score for the register action. In this example, dd() outputs the score so you can review its value during testing. Later on, you can replace this with your own logic to allow, reject, or flag requests depending on the score threshold.
Conclusion
By following this guide, you’ve successfully integrated Google reCAPTCHA v3 into your Laravel 13 application with Livewire authentication, improving the security of your registration form against bots and spam. With reCAPTCHA v3 in place, your application is now better protected, and you can easily extend the same implementation to other forms such as login or contact forms. This simple integration helps maintain strong security while ensuring a smooth and uninterrupted user experience for your users.
For more details, refer to the official docs: https://github.com/josiasmontag/laravel-recaptchav3.
Share this with friends!
To engage in commentary, kindly proceed by logging in or registering
Subscribe to Our Newsletter
Stay ahead of the curve! Join our newsletter to see what everyone’s talking about.
Continue with Google
0 Comments