CAPTCHA protection helps secure your Magento store by reducing spam and blocking automated bots. Both Magento 1.9 and Magento 2 support CAPTCHA for the administration login page, and Magento 2 also supports Google reCAPTCHA for customer‑facing forms.
Enabling Native CAPTCHA in Magento
Magento 2
-
Log in to Magento as the administrator.
-
Go to Stores → Configuration → Advanced → Admin → CAPTCHA.
-
Configure the following options:
-
Enable CAPTCHA → Yes
-
Font → Choose a font style for CAPTCHA text
-
Forms → Select where CAPTCHA should appear (Admin Login, Forgot Password, etc.)
-
Number of Symbols → Set length of CAPTCHA code
-
Timeout (minutes) → Define how long CAPTCHA remains valid
-
-
Save configuration.
Magento 1.9
-
Log in to Magento as the administrator.
-
Navigate to System → Configuration → Advanced → Admin → CAPTCHA.
-
Enable CAPTCHA and configure the same options as above.
-
Save configuration.
✅ CAPTCHA will now appear on the selected forms.
Adding Google reCAPTCHA (Magento 2)
For enhanced protection, Magento 2 supports Google reCAPTCHA v2 and v3:
-
Install the official Magento reCAPTCHA module (available in Magento Marketplace).
-
Go to Stores → Configuration → Security → Google reCAPTCHA.
-
Enter your Site Key and Secret Key from the Google reCAPTCHA Admin Console.
-
Select which forms to protect (Login, Registration, Contact, Checkout).
-
Save configuration.
Important Notes
-
CAPTCHA is disabled by default in Magento—you must enable it manually.
-
Google reCAPTCHA v3 is less intrusive (no user clicks) but requires careful tuning to avoid false positives.
-
Always test CAPTCHA on a staging site before enabling it on production.
-
If CAPTCHA fails to display, check theme compatibility or clear Magento cache.
