If you have any web forms in your Magento 2 store to collect information from the customers you are probably very aware of the spam. Spammers use web forms to try and promote their own businesses and sites and they use them for more malicious purposes as well.
In order to protect your Magento 2 web forms, you need to make it difficult or impossible for an automated tool to fill in or submit the form while keeping it as easy as possible for your customers to fill out the form. The most effective way to protect your web forms is to use a CAPTCHA, Google reCAPTCHA (Checkbox and Invisible), Honeypot, or blocking spammers emails
If you're looking for great alternatives to CAPTCHA, Google reCAPTCHA (Checkbox and Invisible), you can try this Magento 2 Spam Bot Blocker Extension or this Magento 2 Honeypot - Stop Spam Extension to protect your forms from spammers using honeypot solution and by blocking spammers emails via wildcard technique and more. Stop fake accounts registrations, fake forms submission, fake entries, spambots, and more on your Magento 2 site.
What is CAPTCHA?
A CAPTCHA, which stands for "Completely Automated Public Turing test to tell Computers and Humans Apart", is a type of challenge-response test used in computing to determine whether or not the user is human.
There are three different types of CAPTCHA: Regular CAPTCHA, Simple math CAPTCHA, and No CAPTCHA reCAPTCHA
- Regular CAPTCHA - the user has to type a few letters that are displayed on the screen to complete the form submission
- Simple math CAPTCHA - a very easy arithmetic test e.g. "what is 2 + 7?"
- No CAPTCHA reCAPTCHA - an improved form of CAPTCHA developed by Google that simply requires your user to click on a check box which means it is extremely user-friendly. reCAPTCHA provides advanced security, low friction, effortless interaction for users.
Magento 2 CAPTCHA
CAPTCHA can be used in Magento 2 admin (sign in and forgot password page) and storefront (customer account login, register, forget password, checkout, and contact us page).
Magento 2 CAPTCHA In Backend
For an extra level of security, you can add a CAPTCHA to the admin sign-in and forgot password page to protect the back office password of your store where orders, catalog, content, and configurations are managed.
To configure an Admin CAPTCHA:
- On the Admin panel, click
Stores
. In theSettings
section, selectConfiguration
. - Select
Admin
underAdvanced
in the panel on the left - Open the
CAPTCHA
section, and continue with the following:
- In the
Enable CAPTCHA in Admin
field, select “Yes” to enable CAPTCHA in Admin - In the
Font
field, select the name of the Font to be used for the CAPTCHA symbols. The default is LinLibertine. -
In the
Forms
field, select one of the following forms where CAPTCHA is to be used- Admin Login
- Admin Forgot Password
-
In the
Displaying Mode
, choose one of the following- Always
- After a number of attempts to log in
-
In the
Number of Unsuccessful Attempts to Login
field, enter the number of unsuccessful attempts to login before captcha appears. If you enter Zero, the Captcha will be always available -
In the
CAPTCHA Timeout (minutes)
field, enter the number of minutes before the CAPTCHA expires. When the CAPTCHA expires, the user must reload the page to generate a new CAPTCHA. -
In the
Number of Symbols
field, enter the range number of symbols that CAPTCHA will be changed in, for example, 3-7. The maximum number of symbols is eight. -
In the
Symbols Used in CAPTCHA
field, specify the symbols that can be used in the CAPTCHA. Set only letters (a-z and A-Z), or numbers (0-9) to enter into the box. No spaces or other characters are allowed and similar symbols are not used in the default. -
In the
Case Sensitive
field, selectYes
if you require that the user enter the upper-and lowercase characters exactly as shown - When complete, click
Save Config
By default, if you enable Admin Login CAPTCHA and don’t change its settings, it will appear after 3 unsuccessful attempts to log in.
Magento 2 CAPTCHA In Storefront
Customers can be required to enter a CAPTCHA each time they log in to their accounts, or after several unsuccessful attempts to log in.
To configure a Storefront CAPTCHA:
- On the Admin panel, click
Stores
. In theSettings
section, selectConfiguration
. - Select
Customer Configuration
underCustomers
in the panel on the left - Open the
CAPTCHA
section, and continue with the following:
- In the
Enable CAPTCHA on Frontend
field, select “Yes” to enable CAPTCHA on Frontend - In the
Font
field, select the name of the Font to be used for the CAPTCHA symbols. The default is LinLibertine. -
In the
Forms
field, select the forms where CAPTCHA is to be used- Create User
- Login
- Forgot Password
- Checkout as Guest
- Register during Checkout
- Contact Us
- Change password
-
In the
Displaying Mode
, choose one of the following- Always
- After a number of attempts to log in
-
In the
Number of Unsuccessful Attempts to Login
field, enter the number of unsuccessful attempts to login before captcha appears. If you enter Zero, the Captcha will be always available -
In the
CAPTCHA Timeout (minutes)
field, enter the number of minutes before the CAPTCHA expires. When the CAPTCHA expires, the user must reload the page to generate a new CAPTCHA. -
In the
Number of Symbols
field, enter the range number of symbols that CAPTCHA will be changed in, for example, 3-7. The maximum number of symbols is eight. -
In the
Symbols Used in CAPTCHA
field, specify the symbols that can be used in the CAPTCHA. Set only letters (a-z and A-Z), or numbers (0-9) to enter into the box. No spaces or other characters are allowed and similar symbols are not used in the default. -
In the
Case Sensitive
field, selectYes
if you require that the user enter the upper-and lowercase characters exactly as shown - When complete, click
Save Config
You can reload the CAPTCHA as many times as is necessary. The CAPTCHA is fully configurable and can be set to appear every time, or only after a number of failed login attempts.
Magento 2 reCAPTCHA extension
The default Magento 2 CAPTCHA is not really user-friendly. Therefore the Magento 2 reCAPTCHA and Invisible reCAPTCHA extension were developed by us to help a significant number of users attest they are human without having to solve a CAPTCHA. Instead with just a single click, they’ll confirm they are not a robot
The extension currently supports reCAPTCHA and Invisible reCAPTCHA on Contact page form, Product Review form, Customer Registration Form, Product Send to friend form, Login Form, Forgot Password Form, Newsletter Subscription Form.
Feel free to read through the Magento 2 reCAPTCHA and Invisible reCAPTCHA extension pages for more details.
Magento 2 reCAPTCHA Alternatives
While Magento 2 reCAPTCHA and Invisible reCAPTCHA extension can stop many spammers at your site, spammers may still try to bypass Recaptcha, fill out your forms, and submit. If you're facing such issues, you try this Magento 2 Spam Bot Blocker Extension or this Magento 2 Honeypot - Stop Spam Extension which are great alternatives to Google Recaptcha and will protect your forms from spammers.
Comment(s)