A fast-loading, secure contact form is essential for any website, but many tutorials overcomplicate the process.
In this guide, I’ll show you how to build a lightweight PHP contact form with Google reCAPTCHA v3 to prevent spam—without unnecessary bloat.
This form is simple, secure, and easy to customize. Plus, you can grab the full working code from my GitHub repository here.
Why Use a Custom PHP Form?
Many website builders and plugins offer form solutions, but they often come with downsides:
- Slower page loads due to excessive scripts.
- Higher security risks with unverified submissions.
- Less customization compared to a lightweight hand-coded form.
A manually coded form ensures speed, security, and full control over its functionality. See in action here.
Setting Up the Contact Form
Creating the Form (index.html)
Start with a simple HTML form that submits user input to a PHP script.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Contact Form</title>
</head>
<body>
<h2>Contact Us</h2>
<form method="POST" action="send_email.php">
<label>Name:</label>
<input type="text" name="name" required>
<label>Email:</label>
<input type="email" name="email" required>
<label>Message:</label>
<textarea name="message" required></textarea>
<input type="hidden" name="g-recaptcha-response" id="recaptchaResponse">
<button type="submit">Send</button>
</form>
<script src="https://www.google.com/recaptcha/api.js?render=your-recaptcha-site-key"></script>
<script>
grecaptcha.ready(function() {
grecaptcha.execute('your-recaptcha-site-key', { action: 'submit' }).then(function(token) {
document.getElementById('recaptchaResponse').value = token;
});
});
</script>
</body>
</html>
Replace your-recaptcha-site-key with your actual Google reCAPTCHA v3 Site Key.
Processing the Form (send_email.php)
Create a PHP script that validates reCAPTCHA and sends the email.
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$recaptcha_secret = "your-recaptcha-secret-key";
$recaptcha_response = $_POST['g-recaptcha-response'];
$recaptcha_url = "https://www.google.com/recaptcha/api/siteverify";
$recaptcha = file_get_contents($recaptcha_url . '?secret=' . $recaptcha_secret . '&response=' . $recaptcha_response);
$recaptcha = json_decode($recaptcha, true);
if (!$recaptcha['success'] || $recaptcha['score'] < 0.5) {
echo "<script>alert('reCAPTCHA failed. Please try again.'); window.history.back();</script>";
exit;
}
$to = "your-email@example.com";
$subject = "New Contact Form Submission";
$message = "Name: " . $_POST['name'] . "\nEmail: " . $_POST['email'] . "\nMessage: " . $_POST['message'];
$headers = "From: noreply@yourwebsite.com\r\n";
$headers .= "Reply-To: " . $_POST['email'] . "\r\n";
if (mail($to, $subject, $message, $headers)) {
echo "<script>alert('Message sent successfully!'); window.location.href = 'thank-you.html';</script>";
} else {
echo "<script>alert('Error sending message. Please try again.'); window.history.back();</script>";
}
}
?>
Replace your-recaptcha-secret-key and your-email@example.com with your own values.
Why Use reCAPTCHA v3?
Unlike reCAPTCHA v2, which requires users to click a checkbox or solve puzzles, reCAPTCHA v3 runs invisibly in the background. It assigns a score based on user behavior, blocking bots while allowing real users to submit the form smoothly.
A custom PHP contact form is faster and more secure than many plugin-based alternatives. By implementing reCAPTCHA v3, you protect your site from spam while ensuring a smooth user experience.
Grab the full source code on GitHub: php-fast-contact-form
Let me know in the comments if you have any questions or suggestions!
Top comments (0)