You can add reCAPTCHA v2, reCAPTCHA v3 and Invisible reCAPTCHA to four of your most vulnerable areas.
- New User Registration
- Reset Password
Adding the new reCAPTCHA is easy and gives you added protection against spam registration attempts and brute force login attempts.
To start using reCAPTCHA, from your WordPress Dashboard navigate to Security > Settings > Features > Lockouts.
After you enable the feature, you will need to get Site and Secret Keys from Google. From your iThemes Security dashboard, you can click the blue Google reCAPTCHA link to obtain your keys.
To get the keys needed to activate reCAPTCHA just go to google.com/recaptcha and log in with your Google credentials. Then you will register a new site.
Getting Google reCAPTCHA Keys
To get the keys needed to activate reCAPTCHA just go to google.com/recaptcha and log in with your Google credentials. Then you will register a new site:
After you click the blue Submit button, you will see the Site and Secret Key codes that you can copy/paste in the reCAPTCHA section of iThemes Security Pro.
After you’ve pasted in your Keys, you can edit the rest of the reCAPTCHA settings like which pages you want reCAPTCHA to be enforced and how many failed attempts will trigger a lockout and how long iThemes Security needs to remember a failed attempt to count it towards a lockout. When using reCAPTCHA v2 and Invisible you can allow users to opt-in to the GDPR terms without having to reload the page. Similarly, you can allow the users to opt-in to reCAPTCHA without refreshing the page. This prevents them from possibly having to enter their credentials twice.
At a minimum, our recommendation is enabling reCAPTCHA on your login and registration pages. This will greatly reduce registration spam and brute force login attempts.
Click “Save All Changes” and you’re set. The next time users log in they will be forced to use the selected reCAPTCHA version.
Or the next time users comment on your site, they will see this: