Magento 2: Protect Your Site From Spam Bots - Stop Spam Registrations

If you have any web forms in your Magento 2 store to collect information from the customers you are probably very aware of the spam. Spammers use web forms to try and promote their own businesses and sites and they use them for more malicious purposes as well.

In order to protect your Magento 2 web forms, you need to make it difficult or impossible for an automated tool to fill in or submit the form while keeping it as easy as possible for your customers to fill out the form. The most effective way to protect your web forms is to use a CAPTCHA, Google reCAPTCHA (Checkbox and Invisible), Honeypot, or blocking spammers emails

If you're looking for great alternatives to CAPTCHA, Google reCAPTCHA (Checkbox and Invisible), you can try this Magento 2 Spam Bot Blocker Extension or this Magento 2 Honeypot - Stop Spam Extension to protect your forms from spammers using honeypot solution and by blocking spammers emails via wildcard technique and more. Stop fake accounts registrations, fake forms submission, fake entries, spambots, and more on your Magento 2 site.

What is CAPTCHA?

A CAPTCHA, which stands for "Completely Automated Public Turing test to tell Computers and Humans Apart", is a type of challenge-response test used in computing to determine whether or not the user is human.

There are three different types of CAPTCHA: Regular CAPTCHA, Simple math CAPTCHA, and No CAPTCHA reCAPTCHA

  • Regular CAPTCHA - the user has to type a few letters that are displayed on the screen to complete the form submission
  • Simple math CAPTCHA - a very easy arithmetic test e.g. "what is 2 + 7?"
  • No CAPTCHA reCAPTCHA - an improved form of CAPTCHA developed by Google that simply requires your user to click on a check box which means it is extremely user-friendly. reCAPTCHA provides advanced security, low friction, effortless interaction for users.

Magento 2 CAPTCHA

CAPTCHA can be used in Magento 2 admin (sign in and forgot password page) and storefront (customer account login, register, forget password, checkout, and contact us page).

Magento 2 CAPTCHA In Backend

For an extra level of security, you can add a CAPTCHA to the admin sign-in and forgot password page to protect the back office password of your store where orders, catalog, content, and configurations are managed.

To configure an Admin CAPTCHA:

  • On the Admin panel, click Stores. In the Settings section, select Configuration.
  • Select Admin under Advanced in the panel on the left
  • Open the CAPTCHA section, and continue with the following:

Magento 2 admin captcha configuration

  • In the Enable CAPTCHA in Admin field, select “Yes” to enable CAPTCHA in Admin
  • In the Font field, select the name of the Font to be used for the CAPTCHA symbols. The default is LinLibertine.

  • In the Forms field, select one of the following forms where CAPTCHA is to be used

    • Admin Login
    • Admin Forgot Password

  • In the Displaying Mode, choose one of the following

    • Always
    • After a number of attempts to log in

  • In the Number of Unsuccessful Attempts to Login field, enter the number of unsuccessful attempts to login before captcha appears. If you enter Zero, the Captcha will be always available

  • In the CAPTCHA Timeout (minutes) field, enter the number of minutes before the CAPTCHA expires. When the CAPTCHA expires, the user must reload the page to generate a new CAPTCHA.

  • In the Number of Symbols field, enter the range number of symbols that CAPTCHA will be changed in, for example, 3-7. The maximum number of symbols is eight.

  • In the Symbols Used in CAPTCHA field, specify the symbols that can be used in the CAPTCHA. Set only letters (a-z and A-Z), or numbers (0-9) to enter into the box. No spaces or other characters are allowed and similar symbols are not used in the default.

  • In the Case Sensitive field, select Yes if you require that the user enter the upper-and lowercase characters exactly as shown

  • When complete, click Save Config

By default, if you enable Admin Login CAPTCHA and don’t change its settings, it will appear after 3 unsuccessful attempts to log in.

Magento 2 admin Captcha


Magento 2 CAPTCHA In Storefront

Customers can be required to enter a CAPTCHA each time they log in to their accounts, or after several unsuccessful attempts to log in.

To configure a Storefront CAPTCHA:

  • On the Admin panel, click Stores. In the Settings section, select Configuration.
  • Select Customer Configuration under Customers in the panel on the left
  • Open the CAPTCHA section, and continue with the following:

Configure storefront CAPTCHA in Magento 2

  • In the Enable CAPTCHA on Frontend field, select “Yes” to enable CAPTCHA on Frontend
  • In the Font field, select the name of the Font to be used for the CAPTCHA symbols. The default is LinLibertine.

  • In the Forms field, select the forms where CAPTCHA is to be used

    • Create User
    • Login
    • Forgot Password
    • Checkout as Guest
    • Register during Checkout
    • Contact Us
    • Change password

  • In the Displaying Mode, choose one of the following

    • Always
    • After a number of attempts to log in

  • In the Number of Unsuccessful Attempts to Login field, enter the number of unsuccessful attempts to login before captcha appears. If you enter Zero, the Captcha will be always available

  • In the CAPTCHA Timeout (minutes) field, enter the number of minutes before the CAPTCHA expires. When the CAPTCHA expires, the user must reload the page to generate a new CAPTCHA.

  • In the Number of Symbols field, enter the range number of symbols that CAPTCHA will be changed in, for example, 3-7. The maximum number of symbols is eight.

  • In the Symbols Used in CAPTCHA field, specify the symbols that can be used in the CAPTCHA. Set only letters (a-z and A-Z), or numbers (0-9) to enter into the box. No spaces or other characters are allowed and similar symbols are not used in the default.

  • In the Case Sensitive field, select Yes if you require that the user enter the upper-and lowercase characters exactly as shown

  • When complete, click Save Config

You can reload the CAPTCHA as many times as is necessary. The CAPTCHA is fully configurable and can be set to appear every time, or only after a number of failed login attempts.

Storefront CAPTCHA in Magento 2

Magento 2 reCAPTCHA extension

The default Magento 2 CAPTCHA is not really user-friendly. Therefore the Magento 2 reCAPTCHA and Invisible reCAPTCHA extension were developed by us to help a significant number of users attest they are human without having to solve a CAPTCHA. Instead with just a single click, they’ll confirm they are not a robot

The extension currently supports reCAPTCHA and Invisible reCAPTCHA on Contact page form, Product Review form, Customer Registration Form, Product Send to friend form, Login Form, Forgot Password Form, Newsletter Subscription Form.

Feel free to read through the Magento 2 reCAPTCHA and Invisible reCAPTCHA extension pages for more details.

Magento 2 reCAPTCHA Alternatives

While Magento 2 reCAPTCHA and Invisible reCAPTCHA extension can stop many spammers at your site, spammers may still try to bypass Recaptcha, fill out your forms, and submit. If you're facing such issues, you try this Magento 2 Spam Bot Blocker Extension or this Magento 2 Honeypot - Stop Spam Extension which are great alternatives to Google Recaptcha and will protect your forms from spammers.

Tags: spam secure protect magento2.1 magento2