Knowledge Base

How to add CAPTCHA to protect your Magento site

This article describes how to add CAPTCHA protection to a Magento site. CAPTCHAs help protect your site from spamming by bots and other malicious actors.

For general information about what CAPTCHAs are and what they do, please see this article.

Enabling CAPTCHA protection for the administration login page

Magento 2 and 1.9 support CAPTCHA protection for the administration login page, but it is disabled by default.

Magento 2

To enable CAPTCHA protection for the administration login page on Magento 2, follow these steps:

  1. Log in to Magento using your administrator account.
  2. On the left sidebar, click Stores, and then under Settings, click Configuration.
  3. Click ADVANCED, and then click Admin.
  4. Click CAPTCHA.
  5. In the Enable CAPTCHA in Admin list box, select Yes. Additional configuration options appear:
    • In the Font list box, you can select the font that appears in the CAPTCHA.
    • In the Forms box, select which forms you want to protect. You can select the administration login page and the page that appears when a user clicks the Forgot your password? link on the login page.
    • To have the CAPTCHA always appear on the login page, in the Displaying Mode list box, select Always. Alternatively, to have the CAPTCHA only appear after a specific number of failed login attempts, select After number of attempts to login.
    • You can use the remaining configuration options to change the CAPTCHA's appearance and functionality.
  6. Click Save Config.
Magento 1.9

To enable CAPTCHA protection for the administration login page on Magento 1.9, follow these steps:

  1. Log in to Magento using your administrator account.
  2. On the top menu bar, click System, and then click Configuration.
  3. In the Configuration pane on the left side, scroll down the page, and then under Advanced, click Admin.
  4. Click CAPTCHA.
  5. In the Enable CAPTCHA in Admin list box, select Yes. Additional configuration options appear:
    • In the Font list box, you can select the font that appears in the CAPTCHA.
    • In the Forms box, select which forms you want to protect. You can select the administration login page and the page that appears when a user clicks the Forgot your password? link on the login page.
    • To have the CAPTCHA always appear on the login page, in the Displaying Mode list box, select Always. Alternatively, to have the CAPTCHA only appear after a specific number of failed login attempts, select After number of attempts to login.
    • You can use the remaining configuration options to change the CAPTCHA's appearance and functionality.
  6. Click Save Config.

Adding CAPTCHA protection to the Contact Us page

In addition to the administration login page, you can protect the Contact Us page. The Contacts Form Captcha extension is free and enables you to do this.

  • The following procedure only applies to Magento 1.9 and older versions. The Contacts Form Captcha extension does not support Magento 2 yet.
  • The Contacts Form Captcha uses Google's reCAPTCHA service. Before you install the Contacts Form Captcha in Magento, you must sign up for a Google reCAPTCHA account if you do not already have one. To do this, please visit https://www.google.com/recaptcha.

To add CAPTCHA protection to the contact form of your Magento site, follow these steps:

  1. Use your web browser to visit the Contacts Form Captcha page at http://www.magentocommerce.com/magento-connect/contacts-form-captcha.html:
    • Click Install Now.
      You must be registered and logged in to obtain the extension key.
    • Select Magento Connect 2.0.
    • Select the I agree to the extension license agreement check box, and then click Get Extension Key.
    • Click Select Key, and then copy the text in the text box.
  2. Log in to your Magento site as the administrator.
  3. On the top menu bar, click System, and then under Magento Connect, click Magento Connect Manager.

    Magento may prompt you to log in again as the administrator.
  4. Under Install New Extensions, in the Paste extension key to install text box, paste the extension key that you obtained in step 1, and then click Install.
  5. After Magento Connect downloads the extension, click Proceed.
  6. Click Refresh. Under Manage Existing Extensions, contactsformcaptcha should now appear in the list of extensions.
  7. At the top of the page, click Return to Admin.
  8. On the top menu bar, click System, and then click Configuration.
  9. In the Configuration pane on the left side, under General, click Contacts.
  10. Click Contacts Form Captcha:

    • In the Enable Captcha list box, select Yes.
    • In the Public Key text box, type your Google reCAPTCHA site key.
    • In the Private Key text box, type your Google reCAPTCHA secret key.
    • In the reCaptcha Theme list box, select the theme that you want to use for the CAPTCHA interface.
    • In the reCaptcha Language list box, select the language that you want to use for the CAPTCHA interface.
  11. Click Save Config.
  12. Use your web browser to visit the Contact Us page. The CAPTCHA appears above the SUBMIT button.

More Information

For more information about the Contacts Form Captcha, please visit http://www.magentocommerce.com/magento-connect/contacts-form-captcha.html.