You can add Google's reCAPTCHA v2, reCAPTCHA v3 and Invisible reCAPTCHA to four of your most vulnerable areas.
- New User Registration
- Reset Password
Adding the new reCAPTCHA is easy and gives you added protection against spam registration attempts and brute-force login attempts.
To start using reCAPTCHA, from your WordPress Dashboard, navigate to Security -> Settings -> Features -> Firewall -> CAPTCHA.
After you enable the feature, you will need to get Site and Secret Keys from Google. From your Solid Security Pro dashboard, you can click the purple "generate new keys" link to obtain your keys.
Getting Google reCAPTCHA Keys
To get the keys needed to activate reCAPTCHA, just go to google.com/recaptcha and log in with your Google credentials. Then you will register a new site:
After you click the blue Submit button, you will see the Site and Secret Key codes that you can copy/paste into the reCAPTCHA section of Solid Security Pro.
After you’ve pasted in your Keys, you can edit the rest of the reCAPTCHA settings like which pages you want reCAPTCHA to be enforced, how many failed attempts will trigger a lockout, and how long Solid Security Pro needs to remember a failed attempt to count it towards a lockout.
When using reCAPTCHA v2 and Invisible, you can allow users to opt-in to the GDPR terms without having to reload the page. Similarly, you can allow the users to opt-in to reCAPTCHA without refreshing the page. This prevents them from possibly having to enter their credentials twice.
At a minimum, our recommendation is to enable reCAPTCHA on your login and registration pages. This will greatly reduce registration spam and brute-force login attempts.
Click “Save All Changes”, and you’re set.
The next time users log in, they will be forced to use the selected reCAPTCHA version.
Or the next time users comment on your site, they will see this: