Tired of uncontrollable spam on your WordPress login page?
We all are!
Bots accounted for over 47.4% of all internet traffic in 2022. No wonder we get so much spam on our websites. But don’t worry! You have landed on the right page. We will show you how you can eliminate bot traffic on your WordPress login page using Google reCAPTCHA.
In this article, you will learn how to add CAPTCHA to WordPress login. Moreover, you will understand its types, benefits, and how and why it was created.
What is CAPTCHA?
CAPTCHA is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart” was developed in 2000 by 22-year-old Luis von Ahn. His professor, Manuel Blum, also assisted him in the development. The computer system was created to distinguish between human and bot traffic.
If you have been on the internet before 2007, you must remember CAPTCHAs used to look like this.
This was killing user experience, and scammers started paying low-wage workers worldwide to solve CAPTCHAs for them.
To overcome this problem, Von Ahn devised a better alternative to CAPTCHA in 2007 called reCAPTCHA.
2 Types of reCAPTCHA
Google acquired reCAPTCHA in 2009. Now, you can choose from multiple types of reCAPTCHAs. Let’s examine each one and what makes them different.
1. reCAPTCHA v2
The famous “I’m not a robot” checkbox that we all have checked for uncountable times is the most common reCAPTCHA type. You might be thinking, why can’t bots do that?
Well…the test is not the checkbox but how your cursor reaches it. Usually, a human’s cursor moves in an inconsistent line before checking the box, while a bot’s line moves completely straight.
If the system is unsure about your identity, it might command you to pass another test, such as choosing fire hydrants or traffic lights, before validating your request.
1.1. reCAPTCHA v2 — Invisible reCAPTCHA
In 2017, Google introduced no CAPTCHA reCAPTCHAs. These CAPTCHAS can distinguish between a bot and a human without interaction, like clicking a box or performing a certain activity.
These CAPTCHAs are invoked as soon as the user lands on the website. Similar to the “I’m not a robot” CAPTCHA, this one also checks how you interact with the website. Moreover, it checks your browser history to confirm that you are actually a human.
2. reCAPTCHA v3
The latest version of CAPTCHA works similarly to the previous one. However, it only returns a value from 0 to 1. 0.0 is definitively a bot, and 1 is definitively a human. It’s up to you what you want to do with that value.
For instance, you can restrict those with scores under 0.5 or make them pass another human verification test, such as an image-based or audio-based test.
05 Benefits of Adding CAPTCHA to WordPress
Adding CAPTCHA to WordPress login can be super beneficial for your website’s security. Here how:
01. Controls Bot Traffic
As we discussed, it was designed to tell computers and humans apart. Therefore, the biggest reason to add CAPTCHA to WordPress login is to eliminate spam and abuse. It can be used on your WordPress login, comments, forms, and basically every place that requires user input.
02. Improves Security
By blocking bot traffic, it reduces the risk of data breaches and enhances the overall security of the website. It traps bots by checking the user’s browser history to ensure whether the user is a human or a robot. This advanced technology makes it impossible for bots to overcome the newer versions of reCAPTCHA.
03. Doesn’t Interrupt User’s Experience
One of the reasons for switching from CAPTCHA to reCAPTCHA was user experience (UX.) It was annoying for users to solve math problems or rotate a picture to match the other one while browsing the internet.
Thus, newer models replaced the traditional CAPTCHA, which runs in the background without the user’s intervention.
04. Affordable Prices
reCAPTCHA is completely free for under 10,000 assessments monthly. It is an ample amount for even moderate-level blogs and websites.
Afterward, you will be charged $8 for an additional 100,000 assessments and then $1 for every 1000 assessments, making it an affordable spam protection solution.
05. Compliance With Law
Although no law clearly states the reCAPTCHA usage, it can indirectly help comply with security laws and prevent you from financial fines.
GDPR (General Data Protection Rights) and CCPA (California Consumer Privacy Act) require businesses to take adequate safety measures to protect customer data and protect users’ sensitive information while handling payments. reCAPTCHA can prevent bot attacks and help ease payment handling by eliminating spam.
03 Step Guide to Add reCAPTCHA to WordPress Login Page
Now that you know the types, let us show you how to add reCAPTCHA to WordPress login using AIO Login—a complete login security plugin.
Step #1: Install and Activate AIO Login Plugin
Navigate to your WordPress dashboard and select plugins.
Click Add New Plugin.
Search for AIO Login using the search bar.
Install the plugin using the Install Now button. Once installed, you will see an Activate button. Press the button to activate the plugin.
Step #2: Get Your SiteKey From reCAPTCHA
You would require reCAPTCHA APIs called unique site key and reCAPTCHA key to add reCAPTCHA to WordPress login.
To get your keys, go to the reCAPTCHA website.
Select v3 Admin Console.
And you will land on a screen like this.
Label your reCAPTCHA with the website name using the Label input box.
Scroll down and select reCAPTCHA type and enter your domain without https://www.
Afterward, review the platform’s Terms of Service and check the box.
You will get your keys right after pressing Next.
Copy these keys in your clipboard. We will need them in the next step.
Step #3: Configure AIO Login
Go back to your WordPress dashboard and select AIO Login.
Go to the Security tab, and you will land on Google reCAPTCHA subtab.
Enable the feature using the toggle button and choose your preferred reCAPTCHA version (v2 or v3) from the drop-down menu.
Paste the keys in their respective input boxes and choose a theme for your reCAPTCHA from light or dark.
At the end, Save Changes.
Make sure to test it after implementation. Sometimes, reCAPTCHAs may not work for some reason, such as an incorrect site or secret key. Therefore, you must ensure that the reCAPTCHA is working properly.
02 Additional Ways to Enhance Login Security with AIO Login
With cybercrimes escalating rapidly, you should not be complacent about your WordPress security after you add CAPTCHA to your WordPress login. Here are two more features to enhance your login security using AIO Login.
Perpetrators can perform brute-force attacks on your login page. It is a wicked practice that uses trial and error to crack your login credentials.
01. Implement Multi-factor Authentication
Two-factor authentication, or 2FA, requires the user to prove their authentication using another authentication factor after a successful password, usually through one’s mobile.
This step can protect your website, even if your password is leaked or compromised.
To enable, navigate to the Security tab and 2FA subtab.
Open the toggle button.
A QR code will pop up.
Scan it with any TOTP app.
⚠️ Do not forget to copy the string below the QR code to recover OTP in case you lost your phone.
That would trigger a pop-up like this. Enter the OTP in the input box and use Verify OTP to verify.
02. Limit Login Attempts
As we discussed earlier, brute-force attacks use trial and error to crack your login credentials. This practice requires hackers to use thousands of combinations to find the correct password.
Therefore, limiting password attempts can stop hackers from performing brute-force attacks.
To enable the feature, navigate to the Login Protection tab and Limit Login Attempts subtab.
Enable the feature using the toggle button.
The following three input boxes are:
- Maximum Attempts: This is the amount of attempts a user can make before temporarily being locked out.
- Timeout: This is the time in minutes the user will be blocked out after the set of incorrect attempts. For example, 60 will lock a user out for an hour.
- Lockout: It is simply the message that will be shown to the blocked users.
Save changes, and your login page is secured from common brute-force attacks.
Troubleshooting Common reCAPTCHA Problems
You just add CAPTCHA to WordPress login, but it is not working as it should. In this section, we will help you troubleshoot common reCAPTCHA issues.
reCAPTCHA Not Appearing on WordPress Login
There can be multiple reasons why this might happen. There could be a problem with your site and secret key, or you might have installed the code in the wrong place or file. Double-check your code placement and make sure your secret keys are correct.
Also, make sure to check for extra spaces or redundant elements in your code if you are integrating without AIO Login. Characters like dots, commas, and spaces can be challenging to spot in a code and can cause malfunctions.
reCAPTCHA Compatibility Issue
Sometimes, the culprit is not the reCAPTCHA but another plugin or theme. Some plugins may conflict with reCAPTCHA or AIO Login, which may cause the mysterious disappearance of the reCAPTCHA.
In such a case, the plugin will prompt you on your WordPress dashboard if it has an issue with any of your plugins. Disable the plugin, and that should solve your problem.
reCAPTCHA Fails to Validate
Weak network connection or interference from a VPN (Virtual Private Network) may cause reCAPTCHA to work improperly or prevent it from working at all.
Make sure your internet connection is stable and disable VPN temporarily, and try again. This time, your reCAPTCHA should work seamlessly.
Key Takeaways
Since WordPress is an open-source software, it is prone to vulnerabilities. Thus, you should make sure to take every safety precaution to protect your WordPress login.
Install AIO Login, Add CAPTCHA to WordPress login, limit login attempts, and closely monitor your activity log for suspicious activities. If you find one, promptly take action. Block or ban users who continuously make incorrect attempts.
Frequently Asked Questions
What does reCAPTCHA do?
reCAPTCHA protects a website from abuse and spam by analyzing the user’s interaction with the website. In case of uncertainty, reCAPTCHA will impose a test such as selecting images that contain fire hydrants or images with traffic lights. Bots can not bypass these tests; reCAPTCHA also analyzes a user’s browsing history to distinguish between a computer and a human.
How to add CAPTCHA to WordPress login?
You can easily add CAPTCHA to WordPress login using the AIO Login plugin. Navigate to Security >> Google reCAPTCHA >> Enable the feature and fill in the necessary requirements like site and secret keys before saving changes.
Why is CAPTCHA not showing up in WordPress?
There can be several reasons why reCAPTCHA might not be showing up on your WordPress. Common reasons include incompatibility with another plugin, incorrect site or secret key, and reCAPTCHA failing to validate users.
What is the difference between CAPTCHA and reCAPTCHA?
reCAPTCHA is the advanced version of CAPTCHA. It was developed in 2017 and Google acquired it in 2009. CAPTCHAs were text-based tests that only a human can pass or solve. reCAPTCHAs can tell a computer and a human apart by identifying the interaction with the website.
What are the differences between reCAPTCHA v2 and reCAPTCHA v3?
reCAPTCHA v2 is the simple I’m not a robot box. reCAPTCHA v3 is the advanced version that returns a value based on how likely the user is to be a bot, where ‘0.0’ is definitely a bot and ‘1’ is definitely a human.