How to set up Google reCAPTCHA in Magento 2?
Magento 2.3.x comes with a built-in Google reCAPTCHA extension. It protects the store from bots and enhances the security of your Magento 2.
Let’s see how to configure it.
Google reCAPTCHA keys generation
Step 1. Go to the Google reCAPTCHA page, log in to your account, and register your website.
Step 2. Enter a Label that will make it easy for you to later understand what website it is.
Step 3. Choose the needed reCAPTCHA type: v3 or v2. reCAPTCHA v2 also has 2 options "I am not a robot" Checkbox and Invisible reCAPTCHA badge. Depending on what type of reCAPTCHA you choose, settings will vary (find them below).
Step 4. Enter your website URL in the Domains field.
Step 5. Accept the reCAPTCHA Terms of Service and click the Submit button. Then the system will generate Site and Secret keys. Save them and move to the Magento 2 admin panel.
Configurations for reCaptcha v2
Step 1. Navigate to Stores > Settings > Configuration and choose Default Config from the Store View dropdown in the upper-left corner.
Step 2. Open the Security tab and choose the Google reCaptcha option.
Step 3. In the General section, enter generated keys in the Google API website key and Google API secret key fields.
Step 4. Choose the reCaptcha v2 from the reCaptcha type dropdown.
Step 5. In the Backend section, set up Yes in the Enable field. For the reCaptcha “I am not a robot” Checkbox, you can also specify Theme and Size.
Step 6. Go to the Frontend section and choose Yes in the Enable field to add Google reCAPTCHA to customer accounts.
Step 7. If you have an Invisible reCAPTCHA badge, set up the Invisible badge position line. Choose between Inline, Bottom Right, or Bottom Left options. For “I am not a robot” Checkbox, specify Theme and Size.
Step 8. Next, choose where you want to use the reCAPTCHA. The following options are available:
- Use in Login
- Use in Forgot password
- Use in Contact
- Use in Create user
- Use in Review
- Use in PayPal PayflowPro payment form
- Use invisible ReCaptcha in newsletter
- Use in Send To Friend
Step 9. Save the changes.
Helpful tip: Protect any form on your website with Google Invisible reCaptcha extension. It allows your Magento 2 store admins to add Google reCaptcha to custom form. What it is more, it allows you to add reCaptcha to specific URLs and CSS Selector, disable verification for registered users, and display a custom message in case the reCaptcha v3 test is failed. This plugin is compatible with other Amasty modules such as Custom Form for Magento 2 and FAQ and Product Questions for Magento 2.
Settings for reCaptcha v3
Step 1. Go to Stores > Settings > Configuration and choose Default Config from the Store View dropdown in the upper left corner.
Step 2. Open the Security tab and choose the Google reCaptcha option.
Step 3. In the General section, enter generated keys in the Google API website key and Google API secret key fields.
Step 4. Choose the reCaptcha v3 from the reCaptcha type dropdown.
Step 5. In the Backend section, you need to set up Yes in the Enable field. Then specify the Minimum score from 0.0 to 1.0 where 1.0 is a human, and 0.0 is a bot. For more information, check the official documentation.
Step 6. Go to the Frontend section and choose Yes in the Enable field to add Google reCAPTCHA to customer accounts.
Step 7. Set up the Invisible badge position line. Choose between Inline, Bottom Right, or Bottom Left options.
Step 8. Enter the Minimum score from 0.0 to 1.0.
Step 9. Next, choose where you want to use reCAPTCHA.
Step 10. Don’t forget to save the changes.
Additional tips
Before starting Google reCAPTCHA configuration, make sure that your PHP.ini file has the allow_url_fopen = 1 setting. Read more about PHP requirements here.
In case you got issues with reCAPTCHA, and you can’t log in to your admin panel, disable reCAPTCHA via command line:bin/magento msp:security:recaptcha:disable
What is Magento 2 ReCaptcha?
MSP ReCaptcha in Magento 2 uses CAPTCHA for adaptive intermediate risk analysis to prevent malicious automated software activity on your site. This feature helps keep your security up to date and keep your store secure without annoying your customers as it protects your store from spam and bots.