Google reCAPTCHA

Google reCAPTCHA ensures that a human being, rather than a computer, is interacting with the site. It provides enhanced security over Magento CAPTCHA, performs checks without potential user error when entering a series of letters and numbers, and encourages cart conversion without additional hurdles to complete a purchase.

Google reCAPTCHA - customer login Customer Login with reCAPTCHA v2

Google reCAPTCHA verifies users with increased security and reduced clicks for each of completion, which can be implemented in several ways:

  1. reCAPTCHA v2 verifies users and customers using an on-click feature and one of the following verification methods:

    • “I am not a robot” requires users and customers to click the “I’m not a robot” checkbox and possibly select specific images to complete a challenge.
    • Invisible reCAPTCHA badge (recommended) performs background verification without user interaction. Users and customers are automatically verified, but might be required to select specific images to complete a challenge.
  2. reCAPTCHA v3 Verify requests with a score based on a Google algorithm.

You can use Google reCAPTCHA on the Admin Sign In page, and on various customer pages in the storefront. The reCAPCTHA v2 type includes styling options for your choice of a light or dark theme, and either a compact or normal size.

If you have the standard Magento CAPTCHA enabled, reCAPTCHA will not override it. You can have both enabled on your Magento instance without issues.

Google reCAPTCHA - styles Google reCAPTCHA v2 Styles

Before Google reCAPTCHA can be configured, you must ensure that your PHP.ini file includes the following setting: allow_url_fopen = 1. This may require developer assistance. See Required PHP Settings.

Step 1: Generate Google reCAPTCHA keys

Google reCAPTCHA requires a pair of API keys to enable. You can get these keys free of charge through the reCAPTCHA site. Before generating the keys, consider the type of reCAPTCHA you want to use.

  1. Open the Google reCAPTCHA page and log in to your account.

  2. Create/Register a new site.

  3. Enter a Label for the keys.

    For example, enter Magento v2 Invisible. You only need one set of keys per each reCAPTCHA type for your entire Magento instance.

  4. Choose the type of Google reCAPTCHA that you want to use:

    • reCAPTCHA v3 — Verify requests with a score
    • reCAPTCHA v2 — Verifies with a button click or image selections

      • "I am not a robot" Checkbox Validate requests with the “I’m not a robot” checkbox
      • Invisible reCAPTCHA badge Validate requests in the background
  5. In the Domains text box, enter a list of domains without the HTTP or HTTPS prefix, one per line.

    Google verifies the addresses entered.

    • Add your Magento instance domain and any subdomains.
    • You can add localhost, other local VM domains, and staging domains as needed for testing.
  6. Select the checkbox to Accept the reCAPTCHA Terms of Service.

  7. (Optional) Select the Send alerts to owners checkbox to send notification if Google detects issues or suspicious traffic.

    Google reCAPTCHA - site registration Google reCAPTCHA Site Registration

  8. Click SUBMIT to complete registration and receive keys.

    Google reCAPTCHA - keys

Important! Not all keys are applicable for all types of reCAPTCHA, and misapplying them could lead to unexpected behavior. For example, Google reCAPTCHA keys generated for reCAPTCHA v2 “I’m not a robot” will not work with reCAPTCHA v2 Invisible and could block functionality where reCAPTCHA is enabled.

Step 2: Configure Google reCAPTCHA in Magento

For reCaptcha v2 types (“I’m not a robot” and Invisible)

  1. Sign in to the Admin of your Magento store.

  2. On the Admin sidebar, go to Stores > Settings > Configuration.

  3. In the upper-right corner, set Store View to Default Config.

  4. In the left panel, expand Security and choose Google reCaptcha.

  5. On the page, expand the General section and enter the following generated keys for the specific reCAPTCHA type to be enabled:

    • Google API website key
    • Google API secret key

    Google reCAPTCHA - keys configuration Google reCAPTCHA keys

  6. Select the reCaptcha v2 type based on the generated keys.

    Google reCAPTCHA v2 - type configuration

  7. Expand (Expansion selector) the Backend section and set the options

    If needed, clear the Use system value checkbox to change the setting.

    • Enable — Set to Yes.

    • Theme — Choose Light or Dark. Applicable only to reCaptcha v2(“I am not a robot”).

    • Size — Choose Normal or Compact. Applicable only to reCaptcha v2(“I am not a robot”).

    Google reCAPTCHA - backend configuration Google reCAPTCHA Backend

  8. Expand (Expansion selector) the Frontend section and add Google reCAPTCHA to customer accounts:

    Google reCAPTCHA - frontend configuration Google reCAPTCHA Frontend

    If needed, clear the Use system value checkbox to change the setting.

    • Enable — Set to Yes.

    • Invisible badge position — Choose Inline, Bottom Right, or Bottom Left. Applicable only to Invisible reCaptcha v2 and Invisible reCaptcha v3.

    • Theme — Choose Light or Dark. Applicable only to reCaptcha v2(“I am not a robot”).

    • Size — Choose Normal or Compact. Applicable only to reCaptcha v2(“I am not a robot”).

    • Select where the CAPTCHA is used.

      By default, reCAPTCHA is enabled for these pages.

      • Use in Login
      • Use in Forgot password
      • Use in Contact
      • Use in Create user
      • Use in Review
      • Use in PayPal PayflowPro payment form
      • Use invisible ReCaptcha in newsletter Requires an Invisible ReCaptcha v2 or v3 key. If enabled, a badge will be displayed in every page.
      • Use in Send To Friend
  9. When complete, click Save Config.

For reCaptcha v3

  1. Sign in to the Admin of your Magento store.

  2. On the Admin sidebar, go to Stores > Settings > Configuration.

  3. In the upper-right corner, set Store View to Default Config.

  4. In the left panel, expand Security and choose Google reCaptcha.

  5. On the page, expand the General section and enter the following generated keys for reCAPTCHA v3:

    • Google API website key
    • Google API secret key

    Google reCAPTCHA - keys configuration Google reCAPTCHA keys

  6. Select reCaptcha type as Invisible reCaptcha v3.

    Google reCAPTCHA v2 - type configuration

  7. Expand (Expansion selector) the Backend section and set the options.

    If needed, clear the Use system value checkbox to change the setting.

    • Enable — Set to Yes.

    • Minimum score — Input a value from 0.0 to 1.0, where 1.0 is very likely a good interaction, and 0.0 is very likely a bot. For more, details see the official product documentation Interpreting the score

    Google reCAPTCHA - backend configuration

  8. Expand (Expansion selector) the Frontend section and add Google reCAPTCHA to customer accounts:

    Google reCAPTCHA - frontend configuration Google reCAPTCHA Frontend

    If needed, clear the Use system value checkbox to change the setting.

    • Enable — Set to Yes.

    • Invisible badge position — Choose Inline, Bottom Right, or Bottom Left. Applicable only to Invisible reCaptcha v2 and Invisible reCaptcha v3.

    • Minimum score — Input a value from 0.0 to 1.0, where 1.0 is very likely a good interaction, and 0.0 is very likely a bot. For more details, see the official product documentation Interpreting the score

    • Select where the CAPTCHA is used.

      By default, reCAPTCHA is enabled for these pages.

      • Use in Login
      • Use in Forgot password
      • Use in Contact
      • Use in Create user
      • Use in Review
      • Use in PayPal PayflowPro payment form
      • Use invisible ReCaptcha in newsletter Requires an Invisible ReCaptcha v2 or v3 key. If enabled, a badge will be displayed in every page.
      • Use in Send To Friend
  9. When complete, click Save Config.