Enable Customer Login / Register Captcha

Magento 2 supports administrators to set CAPTCHA requirement for each time customers log into their accounts. The website is enabled to avoid spam and the Robots login to website. Thus, this feature will increase effectively your store security. To protect your store, you should enable Admin login Captcha and install Security module.

In the backend, you can configure whether customers are required to enter a CAPTCHA each time they log into website, or after several unsuccessful attempts to log in. Moreover, admins can configure to show CAPTCHA requirement for the following forms in the storefront

Create User
Login
Forgot Password
Checkout as Guest
Register During Checkout
Contact Us

62% stores have vulnerability and 14% stores have 4+ security issues, see why
Security Checklist
Secure Your Admin
Quick login without password
How To Stop Brute Force Attacks
Magento 2 Google reCaptcha extension help websites prevent spam and abuse from bots

Configure a Storefront CAPTCHA in Magento 2

On the Admin panel, click Stores. In the Settings section, select Configuration.
Select Customer Configuration under Customers in the panel on the left
Open the CAPTCHA section, and continue with following:

How to Enable Customer Login / Register Captcha

In the Enable CAPTCHA on Frontend field, select “Yes” to enable CAPTCHA on Frontend
In the Font field, select the name of the Font to be used for the CAPTCHA symbols. The default is LinLibertine.
In the Forms field, select one of the following forms where CAPTCHA is to be used
- Create User
- Login
- Forgot Password
- Checkout as Guest
- Register during Checkout
In the Displaying Mode, choose one of the following
- Always
- After number of attempts to login
In the Number of Unsuccessful Attempts to Login field, enter the number of unsucessful attempts to login before captcha appears. If you enter Zero, the Captcha will be always available
In the CAPTCHA Timeout (minutes) field, enter the number of minutes before the CAPTCHA expires. When the CAPTCHA expires, the user must reload the page to generate a new CAPTCHA.
In the Number of Symbols field, enter the range number of symbols that CAPTCHA will be changed in, for example: 3-7. The maximum number of symbols is eight.
In the Symbols Used in CAPTCHA field, specify the symbols that can be used in the CAPTCHA. Set only letters (a-z and A-Z), or number (0-9) to enter into the box. No spaces or other characters are allowed and the similar symbors is not used in the default.
In the Case Sensitive field, select Yes if you require that the user enter the upper-and lowercase characters exactly as shown
When complete, click Save Config