Configure a Storefront CAPTCHA in Magento 2

Magento 2 supports administrators to set CAPTCHA requirement for each time customers log into their accounts. This CAPTCHA enables the website to avoid spam and prevents the robots from login to the website. Thus, to effectively increase your store security and build customers’ trust, you should enable Admin login Captcha and install the Security module.

In the backend, you can configure whether customers are required to enter a CAPTCHA each time they log into the website, or after several unsuccessful attempts to log in.

Ways to implement reCAPTCHA

Google reCAPTCHA can be integrated through various methods:

• reCAPTCHA v3 Invisible: Utilizes an algorithm to assess user interactions, assigning a score to determine the likelihood of the user being human.

• reCAPTCHA v2 Invisible: Verify background without direct user interaction. Users may be automatically verified but might need to choose specific images to finish a challenge.

• reCAPTCHA v2 (“I am not a robot”): Validates requests with the “I’m not a robot” checkbox.

Where can you enable CAPTCHA in Magento 2

Admins can configure to show CAPTCHA requirement for the following forms in the storefront:

• Create User
• Login
• Forgot Password
• Checkout as Guest
• Register During Checkout
• Contact Us

You can check these FREE Mageplaza’s module help you protect online store:

• Magento 2 Two-Factor Authentication
• Magento 2 Google reCAPTCHA

Importance of CAPTCHA for eCommerce Stores

CAPTCHA is crucial for Magento 2 stores due to the following reasons:

• Spam and bot attack prevention: CAPTCHA acts as a barrier against spam and bot attacks, effectively decreasing the chances of unauthorized access and minimizing fraud risks.

• Enhanced security for user interactions: By implementing CAPTCHA, the login, registration, and checkout processes are secured, ensuring that only human users can interact with the store. This safeguards sensitive information and transactions.

• Customer trust and data protection: The use of CAPTCHA demonstrates a commitment to security and data protection. This commitment, in turn, helps build customer trust in the store’s integrity and reliability in safeguarding their information.

Steps to Configure a Storefront CAPTCHA in Magento 2

Please follow these steps to complete enabling a CAPTCHA at the storefront:

• On the Admin panel, click Stores. In the Settings section, select Configuration.
• Select Customer Configuration under Customers in the panel on the left
• Open the CAPTCHA section, and continue with following:

• In the Enable CAPTCHA on Frontend field, select “Yes” to enable CAPTCHA on Frontend
• In the Font field, select the name of the Font to be used for the CAPTCHA symbols. The default is LinLibertine.
• In the Forms field, select one of the following forms where CAPTCHA is to be used
  • Create User
  • Login
  • Forgot Password
  • Checkout as Guest
  • Register during Checkout
• In the Displaying Mode, choose one of the following
  • Always
  • After number of attempts to login
• In the Number of Unsuccessful Attempts to Login field, enter the number of unsucessful attempts to login before captcha appears. If you enter Zero, the Captcha will be always available
• In the CAPTCHA Timeout (minutes) field, enter the number of minutes before the CAPTCHA expires. When the CAPTCHA expires, the user must reload the page to generate a new CAPTCHA.
• In the Number of Symbols field, enter the range number of symbols that CAPTCHA will be changed in, for example: 3-7. The maximum number of symbols is eight.
• In the Symbols Used in CAPTCHA field, specify the symbols that can be used in the CAPTCHA. Set only letters (a-z and A-Z), or number (0-9) to enter into the box. No spaces or other characters are allowed and the similar symbors is not used in the default.
• In the Case Sensitive field, select Yes if you require that the user enter the upper-and lowercase characters exactly as shown
• When complete, click Save Config

A better CAPTCHA solution for your store

To protect your store without effort, Google reCAPTCHA by Mageplaza supports you with easier and quicker installation, as well as outstanding features:

• Visible and Invisible CAPTCHA supported
• Use reCaptcha in any forms
• Support reCAPTCHA in the backend
• Enable multi languages in CAPTCHA puzzles
• Works out of the box with other extensions: Blog, Social Login, One Step Checkout

Discover Mageplaza Google reCAPTCHA here

FAQs

How do I customize the invisible badge position for reCAPTCHA?

Adjust the invisible badge position in reCAPTCHA by modifying the “data-badge” attribute in the widget code. Choose from options like “bottom right,” “bottom left,” or “inline.”

Can I use different types of reCAPTCHA for the admin panel and storefront?

Yes, you can choose different types of reCAPTCHA for each. Options include reCAPTCHA v2 invisible, reCAPTCHA v3 invisible, or the robot checkbox. Configure them separately in the Magento 2 admin panel by navigating to Stores > Settings > Configuration. Then, select either Google reCAPTCHA Admin Panel or Google reCAPTCHA Storefront.

What does the ‘send alerts to owners’ checkbox do in reCAPTCHA settings?

Enabling this checkbox triggers email notifications to registered site owners when Google identifies issues or suspicious traffic on the Magento store. This helps address security concerns and maintain store integrity.

What happens when I accept the send alerts to owners in reCAPTCHA settings?

Accepting this checkbox indicates your agreement to receive notifications via email when Google finds some problems or suspicious traffic on your store. This keeps store owners informed and ensures store integrity.

Can I simultaneously use reCAPTCHA v2 Invisible and reCAPTCHA v3 Invisible in Magento 2?

Unfortunately, you can’t. Simultaneous use of reCAPTCHA v2 and v3 Invisible in Magento 2 is not possible. Choose the version that aligns with your needs and configure it accordingly.

How do I disable CAPTCHA in Magento 2 after enabling it?

To deactivate CAPTCHA in Magento 2, perform the following steps:

• Log in to the Magento admin panel.
• Go to Stores > Settings > Configuration.
• Expand the Customers section and select Customer Configuration.
• Under the CAPTCHA section, switch Enable CAPTCHA on Frontend to No.
• Save the configuration to implement the changes.

Can I use reCAPTCHA v2 Invisible and reCAPTCHA v3 Invisible at the same time in Magento 2?

No, you can only use one type of reCAPTCHA at a time. Select the version that best suits your needs and configure it according to the steps in this guide.

How can I change the language of the CAPTCHA in Magento 2?

• Log in to your Magento admin panel.
• Navigate to Stores > Settings > Configuration.
• Expand the Customers section and select Customer Configuration.
• Under the CAPTCHA section, locate the “Symbols Used in CAPTCHA” field.
• Enter the desired characters for the CAPTCHA in your preferred language, such as letters (a-z, A-Z) or numbers (0-9).
• Click Save Config to apply the changes.

Final words

Today we have discussed how to enable Customer Login and Register CAPTCHA in Magento 2 to give your store a secure protection. However, the default Magento 2 only gives basic CAPTCHA solutions, while online stores need more than that. That is why we highly recommend you to try our Google reCAPTCHA to increase user experience without effort. If you still have doubts, take a look at these actual case studies.

Additionally, for more security-related topics and an essential step in fortifying your admin login, explore How to Enable Admin Login Captcha in Magento 2. Strengthening these security measures collectively ensures a resilient and trustworthy online shopping environment.

Also, please find some other security related topics below for your interest.

Related Topics

• How to Add Google reCAPTCHA into Magento 2
• Security Checklist
• Secure Your Admin
• How To Stop Brute Force Attacks