Adding CAPTCHA protection to a Magento site

CAPTCHA protection helps secure your Magento store by reducing spam and blocking automated bots. Both Magento 1.9 and Magento 2 support CAPTCHA for the administration login page, and Magento 2 also supports Google reCAPTCHA for customer‑facing forms.

Enabling Native CAPTCHA in Magento

Magento 2

1. Log in to Magento as the administrator.

2. Go to Stores → Configuration → Advanced → Admin → CAPTCHA.

3. Configure the following options:

   • Enable CAPTCHA → Yes

   • Font → Choose a font style for CAPTCHA text

   • Forms → Select where CAPTCHA should appear (Admin Login, Forgot Password, etc.)

   • Number of Symbols → Set length of CAPTCHA code

   • Timeout (minutes) → Define how long CAPTCHA remains valid

4. Save configuration.

Magento 1.9

1. Log in to Magento as the administrator.

2. Navigate to System → Configuration → Advanced → Admin → CAPTCHA.

3. Enable CAPTCHA and configure the same options as above.

4. Save configuration.

✅ CAPTCHA will now appear on the selected forms.

Adding Google reCAPTCHA (Magento 2)

For enhanced protection, Magento 2 supports Google reCAPTCHA v2 and v3:

1. Install the official Magento reCAPTCHA module (available in Magento Marketplace).

2. Go to Stores → Configuration → Security → Google reCAPTCHA.

3. Enter your Site Key and Secret Key from the Google reCAPTCHA Admin Console.

4. Select which forms to protect (Login, Registration, Contact, Checkout).

5. Save configuration.

Important Notes

• CAPTCHA is disabled by default in Magento—you must enable it manually.

• Google reCAPTCHA v3 is less intrusive (no user clicks) but requires careful tuning to avoid false positives.

• Always test CAPTCHA on a staging site before enabling it on production.

• If CAPTCHA fails to display, check theme compatibility or clear Magento cache.