CAPTCHA

A CAPTCHA is a visual device that ensures that a human being, rather than a computer, is interacting with the site. CAPTCHA is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart. It can be used for both Admin and customer account logins.

You can reload the CAPTCHA as many times as is necessary by clicking the Reload icon in the upper-right corner of the image. The CAPTCHA is fully configurable and can be set appear every time, or only after a number of failed login attempts.

Login with CAPTCHA Customer Login with CAPTCHA

Admin CAPTCHA

For an extra level of security, you can add a CAPTCHA to the Admin Sign In and Forgot Password page. Magento Admin users can reload the displayed CAPTCHA by clicking the Reload icon in the upper-right corner of the image. The number of reloads is unlimited.

Magento Admin - Sign in with CAPTCHA Admin Sign In with CAPTCHA

To configure an Admin CAPTCHA:

  1. On the Admin sidebar, go to Stores > Settings > Configuration.

  2. In the left panel, expand Advanced and choose Admin.

  3. In the upper-right corner, set Store View to Default.

  4. Expand Expansion selector the CAPTCHA section.

  5. Set each of the configuration options:

    Magento Admin - CAPTCHA configuration Admin CAPTCHA Configuration

    • Enable CAPTCHA in Admin — Set to Yes.

    • Font — Enter the name of the font to be used for the CAPTCHA symbols (default: LinLibertine).

      To add your own font, the font file must reside in the same directory as your Magento instance, and be declared in the config.xml file of the Captcha module at: app/code/Magento/Captcha/etc

    • Forms — Select where the CAPTCHA is used:

      • Admin Login
      • Admin Forgot Password
    • Displaying Mode — Set to one of the following:

      • Always — CAPTCHA is always required to log in the Admin.
      • After number of attempts to login — When selected, displays the Number of Unsuccessful Attempts to Login field. Enter the number of login attempts allowed. A value of 0 (zero) is similar to setting Displaying Mode to Always. This option does not cover the Forgot Password form. If CAPTCHA is enabled and set to be appear on this form, then it is always included on the form.
    • Number of Unsuccessful Attempts to Login — Enter the number of times the user can make an unsuccessful login attempt before the CAPTCHA appears. If set to zero (0), CAPTCHA is always used.

    • CAPTCHA Timeout (minutes) — Enter the number of minutes before the CAPTCHA expires. When the CAPTCHA expires, the user must reload the page.

    • Number of Symbols — Enter the number of symbols used in the CAPTCHA, up to eight. For a variable number of symbols that changes with each CAPTCHA, enter a range (such as 5-8).

    • Symbols Used in CAPTCHA — Specify the symbols that can be used in the CAPTCHA. Only letters (a-z and A-Z) and numbers (0-9) are allowed. The default set of characters does not include similar symbols such as I or 1. For best results, use symbols that users can readily identify.

    • Case Sensitive — Set to Yes to require that users enter the characters exactly as shown in the CAPTCHA.

  6. When complete, click Save Config.

Customer CAPTCHA

Customers can be required to enter a CAPTCHA each time they log in to their accounts, or after several unsuccessful attempts to log in. CAPTCHA can be used for the following forms in the storefront:

Storefront - CAPTCHA configuration Customer CAPTCHA Configuration

To configure a Storefront CAPTCHA:

  1. On the Admin sidebar, go to Stores > Settings > Configuration.

  2. In the left panel, expand Customers and choose Customer Configuration.

  3. Expand Expansion selector the CAPTCHA section.

  4. Set each of the configuration options:

    • Enable CAPTCHA on Frontend — Set to Yes.

    • Font — Enter the name of the font to be used for the CAPTCHA symbols (default: LinLibertine).

      To add your own font, the font file must reside in the same directory as your Magento instance and be declared in the config.xml file of the CAPTCHA module.

    • Forms — Select where the CAPTCHA is used:

    • Displaying Mode — Set to one of the following:

      • Always — CAPTCHA is always required to access the selected form(s).
      • After number of attempts to login — Enter the number of login attempts before the CAPTCHA appears. A value of 0 (zero) is similar to “Always.” When selected, the number of unsuccessful login attempts appears. This option does not apply to the Forgot Password form, which always display the CAPTCHA, if enabled,
    • Number of Unsuccessful Attempts to Login — Enter the number of times the user can make an unsuccessful login attempt before the CAPTCHA appears. If set to zero (0), CAPTCHA is always used.

    • CAPTCHA Timeout (minutes) — Enter the number of minutes before the CAPTCHA expires. When the CAPTCHA expires, the user must reload the page to generate a new CAPTCHA.

    • Number of Symbols — Enter the number of symbols used in the CAPTCHA, up to eight. For a variable number of symbols that changes with each CAPTCHA, enter a range (such as 5-8).

    • Symbols Used in CAPTCHA — Specify the symbols that can be used in the CAPTCHA. Only letters (a-z and A-Z) and numbers (0-9) are allowed. The default set of characters does not include similar symbols such as I or 1. For best results, use symbols that users can readily identify.

    • Case Sensitive — Set to Yes to require that users enter the characters exactly as shown in the CAPTCHA.

  5. When complete, click Save Config.