In my previous post, I integrated reCAPTCHA with my WordPress contact form to block comment spam. In this post, I’ll be enabling reCAPTCHA on my WordPress login page to improve my website’s security.

Integrating reCAPTCHA on a login form improves website security by blocking automated form fills that try to guess the password for site (and username too, if you’ve hidden it from enumeration.) The primary strategy of password guessing robots is to guess passwords as many times as possible until they get the right one. reCAPTCHA shuts down these brute force attacks by quickly identifying automated form entries and blocking them.

The steps to enable reCAPTCHA on WordPress Login Pages

  • First, you need a reCAPTCHA key. I showed how to get one in my previous post on how to block contact form spam.
  • Install and set up the WordFence security plugin.
  • From your WP dashboard, navigate to WordFence > Login security and switch to the « Settings » tab
  • On the settings tab, scroll down to « Enable reCAPTCHA on the login and user registration pages » and check the setting on.
  • Paste in your reCAPTCHA site key and secret key, then scroll back to the top and click « Save »

Your login forms are now secure. You can log out and try logging back in to view the reCAPTCHA icon fixed at the bottom right of the page.

Leave a comment

Votre adresse e-mail ne sera pas publiée.