How to add reCAPTCHA to your Squarespace forms

Why This Matters

Picture the scene: you open your inbox on a Monday morning, hoping for some genuine business, perhaps a heartfelt message from a potential client… only to be greeted by a barrage of offers for suspicious weight loss supplements, “business proposals” from distant lands, and form submissions in enough Cyrillic to keep a Kremlin translator busy. When your Squarespace forms aren’t protected, spam quickly spirals from nuisance to full-blown productivity slayer.

Spam doesn’t stop at clogging your mailbox. Malicious bots can use your forms to probe your site’s weaknesses, wear out your patience, and even cost you credibility with genuine customers who find your site suspicious. If you value your time (and sanity), it makes sense to put up a reliable bouncer at your website’s door.

Enter reCAPTCHA from Google. This challenge-and-response system checks that real, breathing humans are submitting your forms rather than bots. And, crucially, adding reCAPTCHA to your Squarespace forms is much easier than many assume. You don’t need to write any code. A few clicks, some copy and paste, and you’re ready to shift your focus back to the work that counts.

Common Pitfalls

A common myth still hangs around: “Adding security to a website must involve a labyrinth of code and confusion.” That’s not true for modern Squarespace sites. Yet, every week, we hear from people who have:

• Tried to muscle in the wrong type of reCAPTCHA (Squarespace only plays nicely with v2)
• Pasted their API keys in the wrong fields, or swapped them around (cue error messages)
• Ticked the wrong domains, and then wondered why the “I’m not a robot” box doesn’t appear
• Forgotten to actually tick the reCAPTCHA option on each form (easy to miss in a late-night editing session)
• Assumed adding reCAPTCHA once automatically covers every form on their site (that’s not the case)
• Panicked when it doesn’t show up immediately, blaming Google, Squarespace, or both

If you’ve tripped over any of these, you’re among friends. The good news: it’s genuinely simple if you work step by step.

Step-by-Step Fix

Step 1: Create your Google reCAPTCHA keys

This part involves talking to Google and getting your set of secret “keys.” These are unique codes that allow Squarespace and Google to trust each other.

1. Open your favourite browser and head to the Google reCAPTCHA page.
2. Click the friendly blue “Admin console” button in the top right (you will need to sign in with a Google account — use your business one if you want to keep things tidy).
3. Register a new site. Here’s what matters:
   • Label: Give your site a clear name (e.g. StellarWebDesignContact).
   • reCAPTCHA type: Pick reCAPTCHA v2, which shows the “I’m not a robot” tick box. Squarespace does not support v3.
   • Domains: Add every domain you use with Squarespace. This means both your built-in Squarespace address (e.g. yoursite.squarespace.com) and your custom domains (like pixelhaze.academy). Leave off the https:// at the start or you’ll have issues later.
   • Owners: Your email goes here.
   • Accept the terms, confirm you’re not a bot in disguise, and hit “Submit”.
4. Google provides a Site Key and a Secret Key. Copy both (they’ll look like long strings of letters and numbers).

Step 2: Connect reCAPTCHA to your Squarespace site

At this stage, you need Squarespace and Google to work together so that they can screen out undesirable submissions.

1. Log in to Squarespace and go to the main menu for your site.
2. Find Settings (usually near the bottom left; it isn’t colour-coded yet).
3. Click Advanced, then choose External API Keys.
4. Scroll to the Google reCAPTCHA section.
5. Paste your Site Key and Secret Key into the matching fields.
6. Press Save (don’t skip this, or nothing else will work, trust me).

Step 3: Enable reCAPTCHA on your actual forms

Once your keys are in place, you still need to enable reCAPTCHA individually for every form block you want to protect.

1. Navigate to one of your contact forms (or newsletter, or event registration — wherever you collect submissions) in the Squarespace editor.
2. Hover over the form, and select Edit.
3. Once inside the editor, look for the panel or tab labelled Captcha.
4. Check the box for Add Google reCAPTCHA.
5. Hit Apply, then Save.

Repeat this process for any other forms you want to protect from spam. Squarespace does not provide a button to enable this universally for all forms.

Step 4: Test, test, and test again

Always run a few tests once reCAPTCHA is enabled, both while logged in and from a private browser window.

1. Visit your public website as a normal visitor.
2. Fill out a form as if you were a genuine user. The “I’m not a robot” tick box should appear under your Submit button.
3. Try again on a mobile device or different browser, since people use all sorts of devices now.

If reCAPTCHA doesn’t show, or the form throws errors, double-check:

• The keys are in the right place and have saved
• You’ve added all relevant domains
• You ticked the box on the correct form

Step 5: Keep your keys and settings up to date

Web development includes regular changes. If you switch domains (for example, from .com to .co.uk), add new subdomains, or retire an old site, update your reCAPTCHA settings both in Google’s console and in Squarespace.

Neglecting this step often results in clients reporting that your forms have stopped working because of reCAPTCHA puzzles.

What Most People Miss

There's more to this than putting a tick in a box. Here are the issues that often trip up even experienced Squarespace users:

• You must re-enable reCAPTCHA on every individual form block. Even that one hidden on an old landing page. No exceptions.
• API Keys are sensitive to typos. One stray character and nothing will work.
• Don’t mix and match domain styles. If you accidentally include https:// or www., Google gets fussy.
• If you use multiple custom domains or switch over from your built-in Squarespace domain, update EVERYWHERE.
• Accessibility matters: The v2 “tick box” is generally accessible, but make sure your forms are otherwise screen-reader-friendly. The more barriers you put up, the more you want to double-check usability for real users.

A key mindset shift is helpful here: treat security settings as part of your site’s essential maintenance, just like checking your backups or swapping out expired privacy policies. This approach delivers peace of mind and saves significant time dealing with nuisance submissions.

The Bigger Picture

When you secure your Squarespace forms, you prevent spam from reaching your inbox and reassure visitors that you take security seriously. Clients notice when your website appears professional and safe.

A few minutes spent properly setting up reCAPTCHA provides the following benefits:

• Stops spam before it ever reaches your inbox (or your brain)
• Reduces admin stress, letting you spot the real leads hiding among the chaff
• Makes your marketing lists healthier, keeping your opening rates high and your bounce rates low
• Shows attention to detail — something clients value, even if they don’t say it out loud
• Provides protection against new waves of spam and abuse, saving you time in the future

Put simply: this fix helps you maintain a well-ordered site and keeps your inbox organized for better business.

Wrap-Up

Admin tasks aren’t most people’s favourite way to start the week, but with the right approach, securing your Squarespace forms with Google reCAPTCHA is quick and straightforward. Start with your API keys, link them up, enable reCAPTCHA on your forms, and double-check that everything is working smoothly. By doing so, you drastically reduce incoming spam and protect your valuable time.

If you’d like more practical guidance on design, running a digital business, and Squarespace tips, you’re in the right place.

Want more helpful systems like this? Join Pixelhaze Academy for free at https://www.pixelhaze.academy/membership.

FAQs and Jargon Buster

What’s an API key and why should I care?

An API key is a unique code that lets one website “talk to” another. In this context, it allows Squarespace to check your forms with Google’s anti-spam tools. Don’t share them in your email footer or on Twitter — keep them private.

Can I use reCAPTCHA v3 on Squarespace?

No. You must stick with v2 (the type that needs a tick box). If you pick v3 in the Google console, Squarespace will ignore it completely and your forms remain wide open to spam.

How often do I need to update my keys?

You only need to update them if you change domains or make significant site changes. Otherwise, you can set and forget them, but it’s wise not to lose them.

My reCAPTCHA box is missing — now what?

Check that:

• reCAPTCHA is enabled in both Google and Squarespace
• The correct keys are pasted in the right boxes
• Each relevant form block has reCAPTCHA enabled
• All domains are included (don’t forget www if you use it publicly!)
  If there are still problems, clear your cache or contact Squarespace support with a screenshot.

Does reCAPTCHA slow down my forms?

No, not in any noticeable way. The v2 tick box is quick and straightforward for users to complete. If you have lots of third-party scripts, check your site speed just to be sure.

Is there an alternative if I want fancier forms or more options?

Yes. Some users choose services like Jotform for more design options and built-in anti-spam features. Jotform forms can be embedded on Squarespace sites and offer more integration features, but for most cases, built-in reCAPTCHA is sufficient.

Visual cues (for your publishing team)

• Use screenshots of each main settings page, especially Google reCAPTCHA setup and Squarespace API entry screens.
• Annotate the squarespace form editor “Captcha” toggle with a call-out.
• Show examples of “successfully protected” forms with reCAPTCHA visible.

Posted by Elwyn Davies
Pixelhaze Academy Blog
Category: Squarespace Security & Forms
Published: [Add date here]

If you want more practical content like this — from web design tips to proven business systems, all free from jargon —
Join Pixelhaze Academy for free at https://www.pixelhaze.academy/membership.