How to Add CAPTCHA to Magento Contact Forms

February 3, 2021


CAPTCHA prevents software that imitates human behavior (bots) to access and use services intended for genuine human users.

Automated and malicious bots are used to initiate DoS and DDoS attacks, spam, brute-force attacks, content scraping, click fraud, and inventory hoarding.

By adding CAPTCHA to the Magento contact form, you eliminate spam and block bots from overwhelming your eCommerce store or using contact forms as a gateway to compromise core services.

Learn how to add CAPTCHA to Contact Forms in Magento 2.4 and stop malicious activity on your website.

Customer completeing CAPTCHA challenge in Magento store.

Add CAPTCHA to the Magento Contact Form

Contact forms help customers get in touch with your store if they have questions or need assistance. These forms typically receive lots of traffic, and adding the CAPTCHA is an efficient way to verify user activity.

There are two ways to add CAPTCHA verification in Magento without any additional coding:

  1. Enable built-in CAPTCHA verification in Magento.
  2. Integrate Google reCAPTCHA.

The examples in the article are presented using Magento 2.4.

Enable Default CAPTCHA in Magento

Use the built-in CAPTCHA feature in Magento to configure CAPTCHA for admin users and multiple storefront forms, including the Contact Us form.

To enable and set up CAPTCHA in Magento 2.4:

1. Access the Magento admin.

2. Expand the Stores menu.

3. Click Configuration in the Settings section.

Access Configuration menu in Magento.

4. Open the Customer Configuration menu in the Customers tab.

Customer Configuration section in Magento needed to enable CAPTCHA.

5. Uncheck the Use system value box next to the Forms field.

6. Press Ctrl and click the Contact Us option. Add CAPTCHA to other forms if necessary.

Add CAPTCHA to Contact Us form in Magento.

7. Optionally, change default system values such as the CAPTCHA character type and the number of symbols.

8. Click Save Config to apply the CAPTCHA settings.

Edit CAPTCHA settings in Magento.

To see the changes in the storefront, do not forget to flush the Magento cache. The CAPTCHA section is located at the bottom of the Contact Us form.

CAPTCHA section on Magento website.

The look and location of the CAPTCHA varies based on theme and configuration.

Add Google reCAPTCHA to Magento

The additional step customers take to pass a CAPTCHA challenge might negatively impact their experience. Google reCAPTCHA uses machine learning to track customer behavior and identify suspicious activity without direct customer input.

Magento is compatible with Google reCAPTCHA.

Google offers several reCAPTCHA types:

  • reCAPTCHA v3. An algorithm calculates a score based on user behavior and determines if a user is human. The entire background process is invisible to the customer.
  • reCAPTCHA v2. Introduces a challenge to verify users, such as the “I’m not a robot” checkbox or identifying specific images.

To set up reCAPTCHA on Magento, register your website and retrieve the Google reCAPTCHA API keys.

Retrieve Google reCAPTCHA API Keys

Before proceeding, decide which type of reCAPTCHA you want to implement. Keep in mind that API keys are type specific. This guide explains how to implement Google reCAPTCHA v3 to track user behavior and automatically determine risk levels without customer interaction.

To create and retrieve the Google reCAPTCHA API keys:

1. Visit the official Google reCAPTCHA page and access the Admin Console.

Google reCAPTCHA Admin Console.

2.  Click the + sign to register your website.

Create new reCAPTCHA registration.

2. An internal Label helps you identify the API key pair, for example, Magento Test reCAPTCHA v3.

3. Select the reCAPTCHA type.

4. Type the domain of the storefront in the Domain field. Enter additional domains and subdomains on a separate line.

Select Google reCAPTCHA type.

5. Enter a contact email or emails in the Owners field.

6. Accept the reCAPTCHA Terms of Service by checking the box.

Accept reCAPTCHA terms and services.

7. Select the Send alerts to owners checkbox to send an email notification if the system identifies suspicious traffic.

8. Click Submit to complete the registration.

Submit reCAPTCHA registration request.

Once the registration process is complete, the system generates a unique Site Key and a Secret Key.

Copy reCAPTCHA API keys.

To integrate Google reCAPTCHA, it is necessary to copy and paste the API keys in the Magento admin.

Configure Google reCAPTCHA in Magento

To add the Google reCAPTCHA API keys in Magento:

1. Access the Magento dashboard and click the Stores tab.

2. Select Configuration in the Settings submenu.

Configure Magento for Google reCAPTCHA.

3. Access the Security tab and select the Google reCaptcha option.

4. Expand the General section and paste the Google API website key and the Google API secret key in their respective fields.

5. Uncheck the Use system value box and ensure the correct reCaptcha type is selected.

Paste reCAPTCHA API keys in Magento admin.

6. Expand the Frontend section and Enable reCAPTCHA.

7.  Clear the Use system value checkbox and enable the Use in Contact option.

8. Click Save Config.

Save CAPTCHA configuration in Magento.

9. Flush Magento cache to apply the configuration.

Log in to the Google reCAPTCHA Admin Console to monitor statistics and user verification scores.

Note: Having an SSL on your Magento store is a crucial security implementation. Read our tutorial How to Install an SSL Certificate in Magento 2.


You have successfully added and configured CAPTCHA verification in Magento. The risk of spam and other malicious bot activity in your store is reduced significantly.

Using advanced systems like Google reCAPTCHA can enhance security and improve customer experience.

Explore other advanced authentication methods and find out how to secure online payments on your website.

About the author
Vladimir Kaplarevic
Vladimir is a resident Tech Writer at CCBill. He has more than 8 years of experience in implementing e-commerce and online payment solutions with various global IT services providers. His engaging writing style provides practical advice and aims to spark curiosity for innovative technologies.
Talk to a Merchant Support Specialist