Introduction
CAPTCHA prevents software that imitates human behavior (bots) to access and use services intended for genuine human users.
Automated and malicious bots are used to initiate DoS and DDoS attacks, spam, brute-force attacks, content scraping, click fraud, and inventory hoarding.
By adding CAPTCHA to the Magento contact form, you eliminate spam and block bots from overwhelming your eCommerce store or using contact forms as a gateway to compromise core services.
Learn how to add CAPTCHA to Contact Forms in Magento 2.4 and stop malicious activity on your website.
Add CAPTCHA to the Magento Contact Form
Contact forms help customers get in touch with your store if they have questions or need assistance. These forms typically receive lots of traffic, and adding the CAPTCHA is an efficient way to verify user activity.
There are two ways to add CAPTCHA verification in Magento without any additional coding:
- Enable built-in CAPTCHA verification in Magento.
- Integrate Google reCAPTCHA.
The examples in the article are presented using Magento 2.4.
Enable Default CAPTCHA in Magento
Use the built-in CAPTCHA feature in Magento to configure CAPTCHA for admin users and multiple storefront forms, including the Contact Us form.
To enable and set up CAPTCHA in Magento 2.4:
1. Access the Magento admin.
2. Expand the Stores menu.
3. Click Configuration in the Settings section.
4. Open the Customer Configuration menu in the Customers tab.
5. Uncheck the Use system value box next to the Forms field.
6. Press Ctrl and click the Contact Us option. Add CAPTCHA to other forms if necessary.
7. Optionally, change default system values such as the CAPTCHA character type and the number of symbols.
8. Click Save Config to apply the CAPTCHA settings.
To see the changes in the storefront, do not forget to flush the Magento cache. The CAPTCHA section is located at the bottom of the Contact Us form.
The look and location of the CAPTCHA varies based on theme and configuration.
Add Google reCAPTCHA to Magento
The additional step customers take to pass a CAPTCHA challenge might negatively impact their experience. Google reCAPTCHA uses machine learning to track customer behavior and identify suspicious activity without direct customer input.
Magento is compatible with Google reCAPTCHA.
Google offers several reCAPTCHA types:
- reCAPTCHA v3. An algorithm calculates a score based on user behavior and determines if a user is human. The entire background process is invisible to the customer.
- reCAPTCHA v2. Introduces a challenge to verify users, such as the “I’m not a robot” checkbox or identifying specific images.
To set up reCAPTCHA on Magento, register your website and retrieve the Google reCAPTCHA API keys.
Retrieve Google reCAPTCHA API Keys
Before proceeding, decide which type of reCAPTCHA you want to implement. Keep in mind that API keys are type specific. This guide explains how to implement Google reCAPTCHA v3 to track user behavior and automatically determine risk levels without customer interaction.
To create and retrieve the Google reCAPTCHA API keys:
1. Visit the official Google reCAPTCHA page and access the Admin Console.
2. Click the + sign to register your website.
2. An internal Label helps you identify the API key pair, for example, Magento Test reCAPTCHA v3.
3. Select the reCAPTCHA type.
4. Type the domain of the storefront in the Domain field. Enter additional domains and subdomains on a separate line.
5. Enter a contact email or emails in the Owners field.
6. Accept the reCAPTCHA Terms of Service by checking the box.
7. Select the Send alerts to owners checkbox to send an email notification if the system identifies suspicious traffic.
8. Click Submit to complete the registration.
Once the registration process is complete, the system generates a unique Site Key and a Secret Key.
To integrate Google reCAPTCHA, it is necessary to copy and paste the API keys in the Magento admin.
Configure Google reCAPTCHA in Magento
To add the Google reCAPTCHA API keys in Magento:
1. Access the Magento dashboard and click the Stores tab.
2. Select Configuration in the Settings submenu.
3. Access the Security tab and select the Google reCaptcha option.
4. Expand the General section and paste the Google API website key and the Google API secret key in their respective fields.
5. Uncheck the Use system value box and ensure the correct reCaptcha type is selected.
6. Expand the Frontend section and Enable reCAPTCHA.
7. Clear the Use system value checkbox and enable the Use in Contact option.
8. Click Save Config.
9. Flush Magento cache to apply the configuration.
Log in to the Google reCAPTCHA Admin Console to monitor statistics and user verification scores.
Note: The security of your Magento store is paramount for you and your customers. Having an SSL on your Magento store is a crucial security implementation. Read our tutorial How to Install an SSL Certificate in Magento 2. Also, consider changing your Magento admin URL.
Conclusion
You have successfully added and configured CAPTCHA verification in Magento. The risk of spam and other malicious bot activity in your store is reduced significantly.
Using advanced systems like Google reCAPTCHA can enhance security and improve customer experience.
Explore other advanced authentication methods and find out how to secure online payments on your website.
