The latest version of Magento 2 includes an excellent feature for adding CAPTCHA.
Magento offers tons of great security features to protect your ecommerce store from unwanted attacks, brute force, and much more. As everyone who’s ever had to prove they’re not a robot to Google knows, CAPTCHA ensures that it’s humans interacting with your website, not robots. Configuring Magento 2 Captcha helps your site differentiate between robots and humans, thus preventing spam and robot attacks.
This blog will detail how to configure CAPTCHA, and list the major types of CAPTCHA available with Magento 2.
So stick around!
- What is Magento 2 CAPTCHA?
- How to Configure Magento 2 CAPTCHA for Admin Panel
- How to Configure Magento 2 Storefront CAPTCHA
- How to Configure Google reCAPTCHA for Magento Stores
- Why is Magento CAPTCHA Important for Your Stores?
- Final Words
What is Magento 2 CAPTCHA?
CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It’s a tool that helps to differentiate between a robot and a real person (human being).
So how does this program work?
You’ve likely come across CAPTCHA forms asking you to input characters like a number, letter or symbols in a box. CAPTCHAs manipulate or stretch out these characters in a way that requires humans to figure out the symbols. A bot can’t solve these problems, thus deterring scammers and ensures security online.
You can deploy Magento 2 CAPTCHA in multiple areas, such as during l admin access, or before users can engage in various storefront actions. Magento supports both kinds of CAPTCHA mechanisms – standard CAPTCHA and Google reCAPTCHA, which we will discuss later in this blog.
Scalable, Super Fast, & Secure Magento Hosting
Our clients love us because we never compromise on security, performance and support.
How to Configure Magento 2 CAPTCHA for Admin Panel
For an extra layer of security, you can add a CAPTCHA to your Magento 2 admin panel at the time of login. Follow the steps below to configure Magento 2 CAPTCHA setting.
- Log in to your Magento account. On the Admin sidebar, navigate to Stores > Settings > Configuration.
2. Scroll down a bit on the left panel. Expand Customers, and choose Customer Configurations.
3. Expand the CAPTCHA section.
There are seven optional steps you can configure according to your requirement:
- Use the default Font name to be used for Magento 2 CAPTCHA symbols.
- You can choose multiple Forms to be used for Magento 2 CAPTCHA. Hold the CTRL or Mac key to select multiple options.
- Set Displaying Mode to Always.
- For CAPTCHA Timeout (minutes), mention the number of mins before the Magento 2 CAPTCHA session expires
- Enter range (5-8) for Number of Symbols to appear in the Magento CAPTCHA. The maximum range is 8.
- Mention the Symbols Used in CAPTCHA (abcdefABCDEF1234560) that you want to appear randomly in the Magento 2 CAPTCHA.
- Set Case Sensitive to YES. You can also select No, your call.
Once done, click the Save Config!
Here’s a graphical representation:
And that’s it! You’re all set for the Magento 2 Admin Panel CAPTCHA.
How to Configure Magento 2 Storefront CAPTCHA
It is usually configured at the Magento 2 checkout CAPTCHA process, contact us, and registration form. For this, the processes would be the same as I have mentioned for the Magento 2 Admin Panel CAPTCHA.
Here, let me give you an example of how to add Magento contact us form CAPTCHA.
Go to Forms, in my case I’ve selected Contact Us. So here is the result of Magento contact form CAPTCHA. That’s how you can add CAPTCHA for Magento contact us form.
How to Configure Magento 2 Google reCAPTCHA for the Stores
Google reCAPTCHA provides enhanced security, and allows different display options and methods as well. What’s unique about Google reCAPTCHA is that website traffic information is available on the dashboard of your Google reCAPTCHA account.
So without further ado, let’s configure Google reCAPTCHA for Magento stores.
Please note: Google reCAPTCHA is configured separately for the Magento Admin and storefront.
- Step 1: Generate Google reCAPTCHA keys
- Step 2: Configure Google reCAPTCHA Admin Panel
- Step 3: Configure Google reCAPTCHA Storefront
How to Create Magento 2 Google reCAPTCHA Keys for the Stores
To configure Magento 2 Google reCAPTCHA for stores, you would require a pair of API keys. And the great thing is that you can get these keys for free through the reCAPTCHA site.
Before generating the keys, ensure that you have registered domain name and the type of Magento reCAPTCHA that you want to use.
Google reCAPTCHA can be implemented in three ways:
reCAPTCHA v3 Invisible: It uses an algorithm to rate user interactions and determines the user’s interactions on the website based on a score.
reCAPTCHA v2 Invisible: This option executes the background verification without interacting with the user. Users and customers are automatically verified,
but there is sometimes also a pop-up with a specific image selection challenge.
reCAPTCHA v2 (“I am not a robot”): The user needs to check the “I’m not a robot” checkbox to proceed further.
- Open the Google reCAPTCHA page and register a new site.
- For Label, enter a name to make it easy for your future reference.
- Next, select the Magento reCAPTCHA type and choose the method that you want to use.
reCAPTCHA v3 Invisible
reCAPTCHA v2 Invisible
reCAPTCHA v2 (“I am not a robot”). In my case, I went with this option.
4. For Domain, enter your registered store’s domain.
5. Accept the terms & conditions. Check the send alerts to owners’ checkbox to send a notification. (This is optional or whenever Google detects issues or suspicious traffic on your Magento store.)
6. Hit SUBMIT to complete registration and receive keys.
Optimize Magento Speed Like a Pro
Subscribe now and get a free ebook to your inbox.
Your Ebook is on it’s Way to Your Inbox.
How to Configure Google reCAPTCHA for Magento Admin Panel
- Log in to your Magento admin panel and navigate to Stores > Settings > Configuration.
- Ensure that you have set the set Store View to Default Config. You can see this in the upper-right corner.
- Next, expand the Security section and select Google reCAPTCHA Admin Panel.
- Here you will see the three options to configure the Google reCAPTCHA. As I selected reCAPTCHA v2 (“I am not a robot”), I will enter the following details:
- Add the Google API Website Key you received.
- Do the same with the Google API Secret Key.
- Choose the size of the Google reCAPTCHA size box that will appear for your users. I’ve selected the default size.
- For Theme, choose between the light or dark theme for your Google reCAPTCHA box.
- Enter the two-character code to specify the language used for Google reCAPTCHA text.
- Type the reCAPTCHA Validation Failure Message, or leave it with the default message.
5. Scroll down and expand the Admin Panel section.
- Select Enable for Login to the reCAPTCHA type that you want to use.
- Select Enable for Forgot Password to the reCAPTCHA type that you want to use.
How to Configure Google reCAPTCHA Storefront
- From the left side panel, expand Security and select Google reCAPTCHA Storefront.
- Complete the reCAPTCHA type that you want to use in the storefront. You can refer to the above section.
- Expand the Storefront option and set the values that you want to use:
- Enable for Customer Login
- Enable for Customer Login
- Enable for Forgot Password
- Enable for Create New Customer Account
- Enable for Contact Us
- Enable for Product Review
- Enable for Newsletter Subscription
- Enable for Send To Friend
- Enable for PayPal PayflowPro payment form
4. Finally, hit the Save Config.
Why is Magento CAPTCHA Important for Your Stores?
The main purpose of Magento 2 CAPTCHA is to block spam scripts from posting comments on pages and blogs or buying too many products at once. Magento developers use CAPTCHA to strengthen the security process and prevent fake registration using a script or program.
Importantly, Magento 2 CAPTCHA also makes online shopping more secure by ensuring that it is humans ordering products at the time of checkout. Thus it reduces the ratio of spamming.
And there you have it! This is how you can configure CAPTCHA to secure your store and keep it safe from unwanted scripts and spam.
You can also use Magento 2 CAPTCHA extensions for it but I would not recommend it because I want you to spend your money smartly 😉 If you are looking for reliable Magento 2 hosting then prefer Cloudways that help you to manage critical applications. If you have any queries or want me to add anything, do let me know in the comment section.
Customer Review at
“Great speed, features, knowledgebase, dashboard, UX and fast, expert support. Very happy!”
Stefan [Management Consultant]
Ashmal is the Magento Community Manager at Cloudways. He loves helping out merchants and developers in establishing and maintaining online stores. In addition, he is often busy interacting with the Magento community and figuring out integration tactics for emerging tech. When not working, you could find him playing COD & CS GO. Feel free to contact him at [email protected]