According to Wikipedia, “reCAPTCHA is a CAPTCHA (Completely Automated Public Turning test to tell Computers and Humans Apart) system, which is a system that allows web hosts to distinguish between human and automated access to websites.”
Google reCAPTCHA provides a shield to protect websites from fraud and abuse by using an advanced risk analysis engine and adaptive challenges to make sure malicious software stays away from your website.
Magento uses Google reCAPTCHA for both storefront and admin, which supports 3 methods of reCAPTCHA: reCAPTCHA v2 (“I'm not a robot”), reCAPTCHA v2 invisible and reCAPTCHA v3 invisible.
Set up Google reCAPTCHA to get key
Step 1: Go to google reCAPTCHA create page (if the language is not English, you can open this link with an incognito browser)
Step 2: Fill the information. At this step, we will demonstrate for reCAPTCHA v2 “I'm not a robot” first.
- reCAPTCHA type: Magento 2 uses 3 types of reCAPTCHA, so you need to set up 3 times to get 3 different keys: reCAPTCHA v3, reCAPTCHA v2 “I'm not a robot”, reCAPTCHA v2 invisible reCAPTCHA badge. We will create reCAPTCHA “I'm not a robot” first, so just click on “I'm not a robot” Checkbox.
- Accept the reCAPTCHA Terms of Service: click to accept Google conditions.
Step 3: Click on Submit button
Step 4: Copy the key and paste on Magento configure
Set up reCAPTCHA Configuration
This will demonstrate for configuration of the admin page. For the storefront, you can do the same thing.
Step 1: On the Admin Nav bar, go to Store > Configuration > Security > Google reCAPTCHA Admin Panel.
Step 2: Expand reCAPTCHA v2 (“I am not a robot”)
Step 3: Paste site key and secret key setup in google reCAPTCHA page to Google API Website Key and Google API Secret Key
Step 4: Scroll down to Admin Panel tab
This will config which type of reCAPTCHA appears and when it will be applied, login to admin page or forgot password.
Step 5: Save Config and Flush cache
Here is the result:
Admin login
Customer login