Adding captcha requirement to the Admin login Forgot password page helps increase your store security to the next level. The captcha number will be able to reload unlimitedly when users click on the Reload icon.

In the previous topic, we introduced how to enable customer login or register Captcha in Magento 2. Now we will continue to show you how to enable admin login Captcha in Magento 2.

Steps to Enable an Admin CAPTCHA in Magento 2

  • On the Admin panel, click Stores. In the Settings section, select Configuration.
  • Select Admin under Advanced in the panel on the left
  • Open the CAPTCHA section, and continue with following:
Admin captcha
  • In the Enable CAPTCHA on Frontend field, select “Yes” to enable CAPTCHA on Frontend
  • In the Font field, select the name of the Font to be used for the CAPTCHA symbols. The default is LinLibertine.
  • In the Forms field, select one of the following forms where CAPTCHA is to be used
    • Admin Login
    • Admin Forgot Password
  • In the Displaying Mode, choose one of the following
    • Always
    • After number of attempts to login
  • In the Number of Unsuccessful Attempts to Login field, enter the number of unsuccessful attempts to login before captcha appears. If you enter Zero, the Captcha will be always available
  • In the CAPTCHA Timeout (minutes) field, enter the number of minutes before the CAPTCHA expires. When the CAPTCHA expires, the user must reload the page to generate a new CAPTCHA.
  • In the Number of Symbols field, enter the range number of symbols that CAPTCHA will be changed in, for example: 3-7. The maximum number of symbols is eight.
  • In the Symbols Used in CAPTCHA field, specify the symbols that can be used in the CAPTCHA. Set only letters (a-z and A-Z), or number (0-9) to enter into the box. No spaces or other characters are allowed and the similar symbors is not used in the default.
  • In the Case Sensitive field, select Yes if you require that the user enters the uppercase and lowercase characters exactly as shown
    • When complete, click Save Config

You can take a look at how Google reCAPTCHA works on actual stores here.

The bottom line

You can either enable the Admin Login CAPTCHA in Magento 2 thanks to the default Magento 2. Protecting your site from automatic bots and online fraud is essential to create a safe environment and improve users’ experience. Other related posts can be found below, and if you still have questions about security issues, feel free to mention them with us.