How to Add CAPTCHA on WordPress Login Form

You may be surprised to know that your WordPress login page is getting unwanted visitors from automated bots attempting to break into your site 24/7 but adding CAPTCHA will effectively block those malicious login attempts. WordPress is one of the most popular platforms for web publishing and is estimated to by used on 43% of all sites online. This popularity also makes it an easy target for unwanted activity. Depending on the type of WordPress site you’re operating there should only be a few users ever logging such as authors or administrators however adding an extra layer of security is a always a good idea.


What is CAPTCHA?

CAPTCHA was created in 1997 is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”. It is a type of challenge-response test used in computing to ensure that the user is human and not a computer.  A CAPTCHA test usually consists of a distorted image of letters and/or numbers that the user has to type in order to proceed. The idea behind it is that only a human can correctly identify the letters and numbers in the image, while a computer will be unable to do so.  It evolved in sophistication over the years and then in 2009 Google acquired a popular variant called reCAPTCHA which requires users to click on pictures instead of entering text. ReCAPTCHA v3 performs silent verification and does not interrupt user flow but still blocks abusive behavior.


Setting up Google reCAPTCHA

Prior to setting up reCAPTCHA on your WordPress login form, you must first create a free Google reCAPTCHA account. After logging go to the Admin console and then click the plus sign to Register a new site. Fill in the form by entering the domain name where the reCAPTCHA will be used and click the checkbox to accept the Terms of Service. Selecting reCAPTCHA v2 will display pictures to users for validation whereas reCAPTCHA v3 performs silent verification.



After registering your domain name in the Google reCAPTCHA dashboard you need to copy the reCAPTCHA keys.  Open Notepad and copy the site key and secret key. The two keys will be required for the next step so keep them ready.



Installing WordPress CAPTCHA Plugin

The easiest way to install CAPTCHA on your WordPress site’s login form is by using a plugin. There are a variety of WordPress security plugins but one of the best is All In One WP Security & Firewall. What I like the most about this particular plugin is that it is free and all the features are unlocked without having to pay for an upgrade.

All In One WP Security & Firewall is a powerful WordPress security plugin that includes a firewall, intrusion detection, and prevention features. It helps to secure your website against hacking attempts and block malicious traffic. To install it just search for it by name from the WordPress dashboard Plugins page and click Install Now.



After installing the plugin click Activate and then open the settings from the WordPress admin dashboard. Within plugin settings click on the Brute Force section and then Login Captcha.



Enter the reCAPTCHA Site Key and Secret Key that were created earlier and then click the Enable Captcha on Login Page check box and save the form and click the Save Settings button. Now any visitor to your site’s login form will have to complete the CAPTCHA step before the form can be submitted thus ensuring automated login attempts are thwarted. And it goes without saying this is just one security enhancement you can enable with the All In One WP Security & Firewall plugin.

reCAPTCHA v2 login

In Summary

CAPTCHA is an effective way to block malicious login requests ensuring only humans are attempting to login to your site. If you’re looking for a comprehensive security solution for your WordPress site, look no further than the All In One WP Security & Firewall plugin. This powerful plugin provides everything you need to secure your site, from user account management to firewall rules and malware scanning. It’s easy to use and configure but best of all it’s free so there’s no reason not to increase your WordPress site’s security. Thanks for reading!

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website