TrustedCaptcha TrustedCaptcha
Sign in Get started
Documentation

Migrating from reCAPTCHA

Two URL changes. Existing form code keeps working. About 10 minutes.

The short version

  1. Sign up at trustedcaptcha.com/signup and add a site with your existing hostnames. Get a sitekey + secret.
  2. Replace the reCAPTCHA loader script URL with ours.
  3. Replace the reCAPTCHA verify URL with ours.
  4. Optional: rename g-recaptcha-response to trustedcaptcha-response if you want — but the widget fills both, so it's optional.

That's it. Your existing form code, validation logic, and error handling all keep working.

The frontend change

Before (reCAPTCHA v2):

<script src="https://www.google.com/recaptcha/api.js" async defer></script>

<form action="/signup" method="POST">
  <div class="g-recaptcha" data-sitekey="6Le..."></div>
  <button>Sign up</button>
</form>

After (TrustedCaptcha):

<script src="https://cdn.trustedcaptcha.com/widget/v1/api.js" async defer></script>

<form action="/signup" method="POST">
  <div class="trustedcaptcha" data-sitekey="0x..."></div>
  <button>Sign up</button>
</form>

The widget still fills g-recaptcha-response alongside trustedcaptcha-response in the same form, so your server-side code that reads $_POST['g-recaptcha-response'] keeps working with no changes.

The backend change

Change the verify URL. The request shape is identical (secret, response, remoteip) and the response shape is identical (success, score, hostname, challenge_ts, error_codes).

Before: https://www.google.com/recaptcha/api/siteverify

After: https://challenges.trustedcaptcha.com/api/v1/siteverify

What about hCaptcha / Turnstile?

Same pattern. The token-input names h-captcha-response and cf-turnstile-response are also filled automatically. The verify endpoint shape is the same.

The score is different — is that a problem?

Our score is also 0.0 (bot) to 1.0 (human), so the same threshold logic works. But the distribution is different — we tend to give legitimate users 0.85–1.0 while bots cluster below 0.3. If you were using 0.5 as a reCAPTCHA threshold, start with the same here, but watch your false-positive rate for the first week and adjust if needed.

Running both side-by-side during cutover

If you want to switch gradually, you can run both widgets simultaneously: keep reCAPTCHA on 50% of pages, TrustedCaptcha on the other 50%, and compare conversion rates and false-positive rates. Both fill the same hidden field, so your server logic can stay one-path during the test.

We've never seen TrustedCaptcha perform worse than reCAPTCHA in this kind of A/B test, but we're not asking you to take that on faith.

Removing reCAPTCHA from your privacy policy

If your privacy policy explicitly mentions reCAPTCHA / Google as a third-party processor, remove that section after migration. You may want to add a short note about TrustedCaptcha (we provide template text in the privacy guide).