Successful business is not only a business people buy from, it is a business people rely on and trust in. One of the factors that can undermine that trust is security. Thus, any measures taken to improve Magento security won't be redundant.
Magento 2 CAPTCHA is a great built-in feature you can use to create a safe environment for your customers and admin users.
However, is it enough?
Same as you come up with new ways to protect your store, sophisticated attackers never stop discovering your weak spots. That's why you just have to consider going the extra mile with Magento 2 Google reCAPTCHA and we're going to help you implement it.
What are you waiting for? Dive in.
Post Contents [hide]
Magento 2 CAPTCHA vs Magento 2 Google reCAPTCHA
Many might say there is no difference between standard Magento CAPTCHA and Google reCAPTCHA. And they would be right. Partially.
They serve the same function — to identify a human being rather than a bot browsing your website. However, while standard Magento CAPTCHA provides only letter and number images for the test, Google reCAPTCHA has multiple display methods and options to ensure extra security.
Besides, with Google reCAPTCHA you can track the website traffic in your Google reCAPTCHA account which is of great benefit.
Google reCAPTCHA Implementation
Since Google reCAPTCHA is more advanced, you can verify whether it's a human or a robot browsing your website via 3 different ways:
- reCAPTCHA v2 (“I am not a robot”) — requires a user to tick the "I am not a robot" checkbox for verification.
- reCAPTCHA v2 Invisible — verifies users automatically with no user interaction required, but may ask to select specific images for verification
- reCAPTCHA v3 Invisible — determines the user by rating user interactions by a certain algorithm.
Magento allows you to set up each of them with a separate Google reCAPTCHA configuration. However, each requires you to generate the reCAPTCHA keys.
Generate Google reCAPTCHA Key for Your Store
1. Navigate to the Google reCAPTCHA page.
2. Label your Domain for internal reference.
3. Select the reCAPTCHA type.
Important: you have to know what type of reCATCHA you want to use before generating the keys since separate keys are required for each reCAPTCHA type. Otherwise, it will block the reCAPTCHA functionality.
5. Set your Domain in the corresponding field. Specify different domains in each line if you have several of them.
6. Accept the reCAPTCHA Terms of Service.
7. Check the Send alerts to owners option in case you want Google to send you the notification in case of suspicious traffic.
8. Submit to receive the reCAPTCHA keys.
Was it hard?
Once you receive your keys, you're good to move on to the Magento configuration. Since the latest available reCAPTCHA is reCAPTCHA v3 Invisible, we'll configure it for both admin and the storefront.
Configure Google reCAPTCHA Admin Panel
As specified before, Magento 2 Google reCAPTCHA for the admin panel will work on sign-in and reset password pages.
1. Go to Stores > Configuration and set the Store View to Default Config.
2. Move on to the Security section and find Google reCAPTCHA Admin Panel.
3. Set up reCAPTCHA v3 Invisible.
- Enter your Google API Website and Secret Keys you just generated.
- Set the Minimum Score Threshold to define the user interaction as a potential risk. By default, it is set to 0.5. However, 1.0 is considered a typical user interaction, and 0.0 is a bot.
- Select the Invisible Badge Position for the Google reCAPTCHA box.
- Choose the Theme to style the reCAPTCHA box accordingly.
- Specify the Language Code to define the language used for Google reCAPTCHA message text.
4. Enter the reCAPTCHA Failure Messages to appear if the user validation fails. You can set both reCAPTCHA Validation Failure and Technical Failure Messages.
5. In the Admin Panel section Enable Google reCAPTCHA type for Login and Forgot Password to be used for sign in page and password reset requests correspondingly.
Note: once again, you have to generate separate Google reCAPTCHA keys for each reCAPTCHA type. You can't use the same keys for reCAPTCHA v3 Invisible and reCAPTCHA v2 ("I am not a robot").
This is how the Google reCAPTCHA v3 Invisible will be displayed in the admin panel:
Set Up Magento 2 Google reCAPTCHA Storefront
Magento 2 Google reCAPTCHA storefront configurations are the same as for the admin panel. You also have to set the invisible badge position, theme, language code, and failure messages, etc.
The only thing is you have much more pages to add the Google reCAPTCHA to on the storefront.
Once you Save Config, Google reCAPTCHA should take care of your storefront security.
Now that you've set up Google reCAPTCHA for your store pages and admin panel, your store is more secure than it was before. Though Magento experts always come up with new security algorithms to make the platform as safe as it could be, you always have to implement the best security practices.
Follow these tips to improve Magento security and ensure better security of your website environment.