How to Use CAPTCHA in Magento 2

This tutorial will give you an idea about how to enable CAPTCHAs for an online store in Magento 2. The main purpose of using a CAPTCHA is to prevent both spam bots and spammers from accessing the protected Front and Backend sections of your site.

If you are a site administrator who wants to protect a web resource with the use of a CAPTCHA, set this element up by going through the following steps:

Set Captcha for Admin

1. Log in to your Admin account;

2. Using the menu from the left sidebar, go to Stores --> Settings --> Configuration;

3. Open the "Advanced" section and click the "Admin" button;

4. Once you’re in, scroll the page down and expand the "CAPTCHA" section;

5. Choose to "Enable CAPTCHA in Admin" by selecting "Yes" from the drop-down menu to see the advanced configuration options;

6. Choose the appropriate options from the following sections:

(a) Font. Choose the appropriate fonts from a drop-down menu;

(b) Forms. Which forms you would like to set a protection for? You can either protect your Admin Login Form or Admin Forgot Password Form.

(c) Displaying Mode. If you would like the new CAPTCHA to appear on the login form, select “Always” from the list of available options. On the other hand, if you prefer the CAPTCHA to be displayed after a certain number of unsuccessful actions, go for “After number of attempts to login” option instead.

(d) Number of Unsuccessful Attempts to Login. What is the number of unsuccessful logins you would prefer to have after which you would like your CAPTCHA to be displayed? Keep in mind that if you select “0” as an answer, a CAPTCHA will always be available on the Login form.

(e) CAPTCHA Timeout (minutes). This is simply a CAPTCHA Timeout option measured in minutes.

(f) Number of Symbols for your CAPTCHA code. Specify 8 symbols at most. Number ranges are also allowed.

(g) Symbols Used in CAPTCHA. Type in the exact symbols you would your CAPTCHA to have. Use either letters or numbers in this field.

(h) Case Sensitive. Would you like your CAPTCHA to have case-sensitive features?

7. Click "Save config" once you’re done setting up your CAPTCHA.

Set Captcha for Customers

Setting up a CAPTCHA code will help you protect the backend section of the site. Let us now turn to the question how to protect the Frontend from the malicious attacks.

(a) Sign in to your Magento 2 Admin account;

(b) Select Stores → Settings → Configuration;

(c) As the next step, open the "Customers" section and select "Customer Configuration".

(d) Scroll down to "CAPTCHA" and open this section up.

(e) Fill in all the necessary fields mentioned in Section 6 and click "Save config".

And that’s it! As you can see, the actual process of setting up a CAPTCHA code is quite a straightforward one, with the benefits of an increased protection for your front and backend.