How to Build a Fast & Secure PHP Contact Form with reCAPTCHA v3

A fast-loading, secure contact form is essential for any website, but many tutorials overcomplicate the process. In this guide, I’ll show you how to build a lightweight PHP contact form with Google reCAPTCHA v3 to prevent spam—without unnecessary bloat. This form is simple, secure, and easy to customize. Plus, you can grab the full working code from my GitHub repository here. Why Use a Custom PHP Form? Many website builders and plugins offer form solutions, but they often come with downsides: Slower page loads due to excessive scripts. Higher security risks with unverified submissions. Less customization compared to a lightweight hand-coded form. A manually coded form ensures speed, security, and full control over its functionality. See in action here. Setting Up the Contact Form Creating the Form (index.html) Start with a simple HTML form that submits user input to a PHP script. Contact Form Contact Us Name: Email: Message: Send grecaptcha.ready(function() { grecaptcha.execute('your-recaptcha-site-key', { action: 'submit' }).then(function(token) { document.getElementById('recaptchaResponse').value = token; }); }); Replace your-recaptcha-site-key with your actual Google reCAPTCHA v3 Site Key. Processing the Form (send_email.php) Create a PHP script that validates reCAPTCHA and sends the email.

Feb 17, 2025 - 00:27
 0
How to Build a Fast & Secure PHP Contact Form with reCAPTCHA v3

A fast-loading, secure contact form is essential for any website, but many tutorials overcomplicate the process.

In this guide, I’ll show you how to build a lightweight PHP contact form with Google reCAPTCHA v3 to prevent spam—without unnecessary bloat.

This form is simple, secure, and easy to customize. Plus, you can grab the full working code from my GitHub repository here.

Why Use a Custom PHP Form?

Many website builders and plugins offer form solutions, but they often come with downsides:

  • Slower page loads due to excessive scripts.
  • Higher security risks with unverified submissions.
  • Less customization compared to a lightweight hand-coded form.

A manually coded form ensures speed, security, and full control over its functionality. See in action here.

Setting Up the Contact Form

Creating the Form (index.html)

Start with a simple HTML form that submits user input to a PHP script.


 lang="en">

     charset="UTF-8">
     name="viewport" content="width=device-width, initial-scale=1.0">
    </span>Contact Form<span class="nt">


    

Contact Us

method="POST" action="send_email.php"> Name: type="text" name="name" required> Email: type="email" name="email" required> Message: name="message" required> type="hidden" name="g-recaptcha-response" id="recaptchaResponse"> type="submit">Send

Replace your-recaptcha-site-key with your actual Google reCAPTCHA v3 Site Key.

Processing the Form (send_email.php)

Create a PHP script that validates reCAPTCHA and sends the email.


if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $recaptcha_secret = "your-recaptcha-secret-key";
    $recaptcha_response = $_POST['g-recaptcha-response'];

    $recaptcha_url = "https://www.google.com/recaptcha/api/siteverify";
    $recaptcha = file_get_contents($recaptcha_url . '?secret=' . $recaptcha_secret . '&response=' . $recaptcha_response);
    $recaptcha = json_decode($recaptcha, true);

    if (!$recaptcha['success'] || $recaptcha['score'] < 0.5) {
        echo "";
        exit;
    }

    $to = "your-email@example.com";
    $subject = "New Contact Form Submission";
    $message = "Name: " . $_POST['name'] . "\nEmail: " . $_POST['email'] . "\nMessage: " . $_POST['message'];

    $headers = "From: noreply@yourwebsite.com\r\n";
    $headers .= "Reply-To: " . $_POST['email'] . "\r\n";

    if (mail($to, $subject, $message, $headers)) {
        echo "";
    } else {
        echo "";
    }
}
?>

Replace your-recaptcha-secret-key and your-email@example.com with your own values.

Why Use reCAPTCHA v3?

Unlike reCAPTCHA v2, which requires users to click a checkbox or solve puzzles, reCAPTCHA v3 runs invisibly in the background. It assigns a score based on user behavior, blocking bots while allowing real users to submit the form smoothly.

A custom PHP contact form is faster and more secure than many plugin-based alternatives. By implementing reCAPTCHA v3, you protect your site from spam while ensuring a smooth user experience.

Grab the full source code on GitHub: php-fast-contact-form

Let me know in the comments if you have any questions or suggestions!