Connect WP Ghost’s Brute Force Protection to Google reCAPTCHA Enterprise for advanced risk analysis, credential leak detection, and fraud prevention powered by Google Cloud. Google announced that all Classic reCAPTCHA users will transition to Google Cloud Platform by the end of 2025. WP Ghost supports this transition natively – you can configure reCAPTCHA Enterprise directly in the Brute Force settings. Enterprise offers the same invisible scoring as reCAPTCHA V3 plus additional Google Cloud security features unavailable in standard reCAPTCHA.
What Is Google reCAPTCHA Enterprise?
Google reCAPTCHA Enterprise is Google’s advanced bot detection service, built on Google Cloud Platform. It returns a risk score for each request (like reCAPTCHA V3) but adds enterprise-grade features: Account Defender for detecting compromised accounts, Password Leak Detection, payment fraud prevention, and integration with Google Cloud Armor WAF. It’s designed for high-value sites that need more granular risk analysis than standard reCAPTCHA provides. Learn more at Google Cloud.
Why Enterprise Over Standard reCAPTCHA
WP Ghost supports four reCAPTCHA options: Math, V2, V3, and Enterprise. Here’s why Enterprise is the most advanced choice for your hack prevention strategy:
Google is transitioning all Classic reCAPTCHA to Cloud. By the end of 2025, all Classic reCAPTCHA users will move to Google Cloud Platform. Enterprise keys are already Cloud-native – adopting Enterprise now means you won’t need to migrate later.
Account Defender detects compromised credentials. Enterprise analyzes login patterns across Google’s network to identify accounts that may be using leaked credentials. This goes beyond simple CAPTCHA verification – it catches credential stuffing attacks that standard reCAPTCHA misses.
Password Leak Detection warns about exposed passwords. Enterprise checks submitted passwords against Google’s database of known breached credentials. If a user logs in with a password that’s appeared in a data breach, Enterprise flags it.
Granular risk scoring with Cloud analytics. Enterprise provides more detailed risk scores and integrates with Google Cloud Monitoring and Looker dashboards for real-time traffic analysis. Standard reCAPTCHA gives you a score; Enterprise gives you context.
Score-based or challenge-based – your choice. Enterprise supports invisible scoring (like V3) or the “I’m not a robot” checkbox challenge. WP Ghost lets you toggle between both modes.
How to Set Up Google reCAPTCHA Enterprise
Enterprise requires three credentials from Google Cloud: a Site Key ID, a Project ID, and an API Key. Here’s the complete setup:
- Go to WP Ghost > Brute Force > Settings. Select Google reCAPTCHA Enterprise.
- Enable the reCAPTCHA Enterprise API in your Google Cloud Console.
- Create a new reCAPTCHA Enterprise key for your domain. Choose between score-based (invisible) or checkbox challenge mode.
- If you want the “I’m not a robot” challenge, switch off Use checkbox challenge in Google Cloud’s extra options. Match this setting in WP Ghost.
Important: The checkbox challenge setting must match between Google Cloud and WP Ghost. If one is set to score-only and the other expects a checkbox, the reCAPTCHA will fail.
- Copy the Site Key ID from Google Cloud into WP Ghost’s Site Key field.
- Copy the Project ID from your Google Cloud project into WP Ghost.
- Create a Google Cloud API Key at API Credentials. Copy it into WP Ghost’s API Key field.
For the complete Brute Force configuration including attempt limits, ban duration, lockout messages, and protected form types, see the Brute Force Protection tutorial.
Troubleshooting
reCAPTCHA Enterprise returns “Invalid API Key”
Verify that the API Key was created in the same Google Cloud project where reCAPTCHA Enterprise is enabled. The API Key, Project ID, and Site Key must all belong to the same project. Also confirm the reCAPTCHA Enterprise API is enabled (not just the standard reCAPTCHA API).
Checkbox challenge not showing (or showing when it shouldn’t)
The challenge mode in Google Cloud must match WP Ghost’s setting. If Google Cloud has “Use checkbox challenge” enabled, WP Ghost must also have it enabled – and vice versa. Change the setting in both places, save, and test again.
If you’ve lost access, check the emergency disable guide, use the rollback settings, or add a constant in wp-config.php to disable WP Ghost temporarily.
Frequently Asked Questions
What’s the difference between Enterprise and reCAPTCHA V3?
Both use invisible scoring. Enterprise adds Account Defender, Password Leak Detection, fraud prevention, Cloud Armor integration, and detailed Cloud analytics. V3 gives you a score; Enterprise gives you a score plus context about the risk. If you already use Google Cloud or need advanced risk analysis, Enterprise is the better choice.
Does Enterprise cost money?
Google reCAPTCHA Enterprise offers a free tier (up to 1 million assessments per month). Beyond that, Google Cloud pricing applies. For most WordPress sites, the free tier is sufficient. Check Google Cloud pricing for current rates.
Do I need to switch from V2/V3 to Enterprise?
Google announced that Classic reCAPTCHA will transition to Google Cloud by the end of 2025. If you’re currently using V2 or V3, you’ll eventually need to migrate. Switching to Enterprise now ensures a smooth transition. However, V2 and V3 continue to work for the time being.
Does WP Ghost modify WordPress core files?
No. reCAPTCHA Enterprise integration is handled through WordPress hooks and the Google reCAPTCHA JavaScript API. No core files are modified. Switching reCAPTCHA types or disabling brute force removes all Enterprise code instantly.
Related Tutorials
Complete your brute force and login security setup:
- Register a New Google reCAPTCHA V2 – Setup guide for standard reCAPTCHA V2.
- Two-Factor Authentication – Add a second verification step after the password.
- Change and Hide the Login Path – Move your login page to a custom URL.
- Firewall Security – Block injection attacks at the server level.