you can use this function i think it works properly.
add_filter( 'wp_authenticate_user', 'verify_recaptcha_on_login', 10, 3 );
function verify_recaptcha_on_login($user, $password) {
$secretkey = "your secret key";
if (isset($_POST['g-recaptcha-response'])) {
$response = wp_remote_get( 'https://www.google.com/recaptcha/api/siteverify?secret=".$secretkey."&response=" . $_POST["g-recaptcha-response'] );
$response = json_decode($response['body'], true);
if (true == $response['success']) {
return $user;
} else {
// FIXME: This one fires if your password is incorrect... Check if password was incorrect before returning this error...
return new WP_Error( 'Captcha Invalid', __('<strong>ERROR</strong>: You are a bot') );
}
} else {
return new WP_Error( 'Captcha Invalid', __('<strong>ERROR</strong>: You are a bot. If not then enable JavaScript.') );
}
}