Plenty of businesses shift to eCommerce, regardless of the dangers that await them since there is a growing need to move online. And it is not the poor traffic or small conversion rates we're talking about. 

One of the most threatening disadvantages is the robot and brute forces attack your website undergoes regularly. Still, if you choose Magento to run a business on you can breathe a sigh of relief and rely on Magento 2 security measures.

Today we'll talk about the standard Magento CAPTCHA and how you can configure it for both admin users and storefront customers to prevent spam.

However, let's come down to the basics first.

What is CAPTCHA?

CAPTCHA is a challenge-response authentication and a security measure that consists of the randomly generated sequence of numbers and letters in a distorted image which you have to type into the text box.

It is a simple test that stands for "Completely Automated Public Turing test to tell Computers and Humans Apart" and, correspondingly, helps to define it is a human browsing a website, not a robot.

CAPTCHA is utilized by a lot of websites, and Magento is not an exception. So, you can add Magento 2 CAPTCHA on different pages of your website and the admin panel sign in.

Magento 2 Contact Form CAPTCHA

Why Do you Need CAPTCHA in Magento?

Your Magento website is attacked by multiple robots trying to get access to your admin panel, spam you with comments, register fake accounts, etc. The list can go on and on since malicious parties always try to undermine the security of your store.

Magento 2 CAPTCHA allows you to prevent all of that and secure your website from such attacks by applying a test to identify humans and robots apart.

So, now we move on to the configuration part.

Configure Magento CAPTCHA for Admin Panel

Adding CAPTCHA for Magento admin login and reset password pages is one of the steps to improve Magento 2 admin panel security. Taking into account Magento enables you to do this without any integrations, right from the admin panel, you can set it up effortlessly.

To configure Magento 2 admin panel CAPTCHA:

1. Go to Stores > Configuration > Advanced > Admin.

2. Enable CAPTCHA in Admin

Note: if you have a multi-website, choose the website you want to apply the admin CAPTCHA for.

3. Choose the Font you want to use for CAPTCHA in the admin. 

Note: if you want to upload your own font, it must be defined in config.xml file of the CAPTCHA module (app/code/Magento/Captcha/etc) in the same directory as your Commerce installation.

4. Select the Forms where the CAPTCHA should be enabled.

5. Set the Displaying mode for the Magento 2 admin CAPTCHA. 

  • Always — will require CAPTCHA during every login.
  • After number of attempts to login — applied only to the login form and appears after a certain number of unsuccessful attempts to login which you define additionally.

6. Set the Number of Unsuccessful Attempts to Login that will trigger the appearance of the Magento CAPTCHA.

Magneto 2 Captcha for Admin Panel

7. Define the CAPTCHA Timeout (minutes) after which the CAPTCHA expires and the admin is required to reload the page.

8. Set the Number of Symbols in the CAPTCHA. 

Note: you can use up to 8 symbols and a range of symbols like 4-8 so that the number varies for each CAPTCHA.

9. Specify the Symbols Used in CAPTCHA that include upper and lower case letters (a-z/A-Z) together with the numbers (0-9). They will be randomly used in the CAPTCHA. 

Note: I, i,1 symbols are hard to distinguish, so, correspondingly, are not defined in the default set of symbols.

10. Enable the Case Sensitive option so that the admin users will be required to enter the symbols in upper and lower case as specified in the CAPTCHA.

Magento 2 Admin Panel CAPTCHA

Don't forget to Save Config once you finish and check CAPTCHA on a sign in and reset password pages, as per your configuration.

CAPTCHA in Magento Admin Panel

If the image is too distorted for admins to specify the symbols on it, they can reload CAPTCHA and then enter it.

Configure Magento CAPTCHA for Storefront

Basically, the configuration of CAPTCHA for the Magento storefront doesn't differ from the admin CAPTCHA setting that much. It's just that for storefront you can configure different types of forms, like:

  • Applying coupon code
  • Checkout/Placing Order
  • Create user
  • Login
  • Forgot password
  • Contact Us
  • Change password
  • Share Wishlist Form

Most often CAPTCHA is used on the contact us page, change password, login, and create customer forms. The rest of the options are the same. Just jump up to the recap of the CAPTCHA display mode, symbols, and font settings if you need.

Magento 2 Storefront CAPTCHA

Here as well, don't forget to save the configuration and check how the Magento 2 CAPTCHA works on the storefront.

Depending on where you enable CAPTCHA, contact us, login, or customer registration page, your customer will have to submit CAPTCHA to continue browsing through your website.

Magento 2 Add CAPTCHA to Registration Form

CAPTCHA management is not always as smooth, though. At some point you may get the "Incorrect CAPTCHA" error. Thus, you need to know how to fix it to avoid any interruptions in your store.

With Magento 2 CAPTCHA you make sure no malicious actions are taken on your store and protect it from spam. However, to take an extra step and boost your store security even more you can configure Magento 2 Google reCAPTCHA that is also provided by the platform.