Google reCAPTCHA

Google reCAPTCHA ensures that a human being, rather than a computer, is interacting with the site. It provides enhanced security over Magento CAPTCHA, performs checks without potential user error when entering a series of letters and numbers, and encourages cart conversion without additional hurdles to complete a purchase.

Google reCAPTCHA - customer login Customer Login with reCAPTCHA v2

Google reCAPTCHA verifies users with increased security and reduced clicks for each of completion, which can be implemented in two ways:

  • reCAPTCHA v2 verifies users and customers using an on-click feature proving I am not a robot.
  • Invisible reCAPTCHA (recommended) performs background verification without user interaction. Users and customers are automatically verified without clicking anything.

You can use Google reCAPTCHA on the Admin Sign In page, and on various customer pages in the storefront. The styling options include your choice of a light or dark theme, and either a compact or normal size.

If you have the standard Magento CAPTCHA enabled, reCAPTCHA will override it. You can have both enabled on your Magento instance without issues.

Google reCAPTCHA - styles Google reCAPTCHA Styles

Before Google reCAPTCHA can be configured, you must ensure that your PHP.ini file includes the following setting: allow_url_fopen = 1. This may require developer assistance. See Required PHP Settings.

Step 1: Generate Google reCAPTCHA keys

Google reCAPTCHA requires a pair of API keys to enable. You can get these keys free of charge through the reCAPTCHA site. Before generating the keys, consider the type of reCAPTCHA you want to use.

  1. Open the Google reCAPTCHA page and log in to your account.

  2. Enter a Label for the keys.

    For example, enter Magento. You only need one set of keys for your entire Magento instance.

  3. Choose the type of Google reCAPTCHA that you want to use:

    • reCAPTCHA V2 — Verifies with a button click.
    • Invisible reCaptcha — Verifies in the background without interaction.
  4. In the Domains text box, enter a list of domains without the HTTP or HTTPS prefix, one per line.

    Google verifies the addresses entered.

    • Add your Magento instance domain and any subdomains.
    • You can add localhost, other local VM domains, and staging domains as needed for testing.
  5. Select the checkbox to Accept the reCAPTCHA Terms of Service.

  6. (Optional) Select the Send alerts to owners checkbox to send notification if Google detects issues or suspicious traffic.

    Google reCAPTCHA - site registration Google reCAPTCHA Site Registration

  7. Click Register and do the following:

    • When the domain(s) you added appear at the top of the page, choose the Magento domain to get your keys.

    • Scroll down to the Adding reCAPTCHA to your site section and expand Keys. You will need these keys when enabling Google reCAPTCHA.

    Google reCAPTCHA - keys

Step 2: Configure Google reCAPTCHA in Magento

  1. Sign in to the Admin of your Magento store.

  2. On the Admin sidebar, go to Stores > Settings > Configuration.

  3. In the upper-right corner, set Store View to Default Config.

  4. In the left panel, expand Security and choose Google reCAPTCHA.

  5. On the page, expand the General section and enter the following generated keys:

    • Google API website key
    • Google API secret key

    Google reCAPTCHA - keys configuration Google reCAPTCHA keys

  6. Expand (Expansion selector) the Backend section and set the options

    If needed, clear the Use system value checkbox to change the setting.

    • Enable — Set to Yes.

    • Theme — Choose Light or Dark.

    • Size — Choose Normal or Compact.

    Google reCAPTCHA - backend configuration Google reCAPTCHA Backend

  7. Expand (Expansion selector) the Frontend section and add Google reCAPTCHA to customer accounts:

    Google reCAPTCHA - frontend configuration Google reCAPTCHA Frontend

    If needed, clear the Use system value checkbox to change the setting.

    • Enable — Set to Yes.

    • reCAPTCHA type — Choose the type you want used in Admin forms. You must have added the correct API keys for the type.

      • reCAPTCHA v2 validates with the “I’m not a robot” checkbox.
      • Invisible reCAPTCHA (recommended) validates in the background without requiring user interactions.
    • Theme — Choose Light or Dark.

    • Size — Choose Normal or Compact.

    • Select where the CAPTCHA is used.

      By default, reCAPTCHA is enabled for these pages.

      • Use in Login
      • Use in Forgot password
      • Use in Contact
      • Use in Create user
      • Use in PayPal PayflowPro payment form
  8. When complete, click Save Config.