With the iThemes Security Pro plugin, you can add WordPress reCAPTCHA protection to your most vulnerable login pages, including:
- WP Login
- User Registration
Adding a reCAPTCHA to WordPress with iThemes Security Pro is easy and gives you added protection against spam registration attempts and brute force login attempts.
Adding reCAPTCHA to WordPress with iThemes Security Pro
iThemes Security Pro integrates with Google’s intelligent “no CAPTCHA” reCAPTCHA so you can add a reCAPTCHA to your WordPress site. With this reCAPTCHA, users don’t have to waste time trying to guess unclear CAPTCHAs and bots can’t use algorithms to guess phrases that aren’t on the screen.
To start using reCAPTCHA with iThemes Security Pro, from your WordPress dashboard, navigate to iThemes Security>Pro Tab and go to the reCAPTCHA section.
After you enable the feature, you will need to get Site and Secret Keys from Google. From your iThemes Security dashboard you can click the blue Google reCAPTCHA link to obtain your keys.
Getting Your Google reCAPTCHA Keys
To get the keys needed to activate reCAPTCHA just go to google.com/recaptcha and log in with your Google credentials. Then you will register a new site:
After you click the blue Register button, you will see the Site and Secret Key codes that you can copy/paste in the reCAPTCHA section of iThemes Security Pro.
After you’ve pasted in your Keys, you can edit the rest of the reCAPTCHA settings like which pages you want reCAPTCHA to be enforced and how many failed attempts will trigger a lockout and how long iThemes Security needs to remember a failed attempt to count it towards a lockout.
At a minimum, our recommendation is enabling reCAPTCHA on your login and registration pages. This will greatly reduce registration spam and brute force login attempts.
Click “Save All Changes” and you’re set. The next time users log in they will see the new reCAPTCHA field.
Or the next time users comment on your site, they will see this:
Grant Users Temporary Privilege Escalation, Scheduled Malware Scans, Enforce Strong Passwords & More with iThemes Security Pro
iThemes Security Pro has tons of great features designed to add an extra layer of protection to your WordPress site:
- Two-factor Authentication – Once activated, users are required to enter both a password AND a time-sensitive code sent to a secondary device to login to your WordPress site. Two-factor authentication is one of the best ways to lock down your WordPress site.
- Temporarily Give Users Admin or Editor Access – this feature is great for letting contracts, or users needing special temporary escalated privileges for a short period of time. You can give them Admin or Editor access for 24 hours.
- WordPress Core Online File Comparison – this feature allows iThemes Security to compare changes made to any WordPress core file on your site with the version on WordPress.org to intelligently determine if the change was malicious.
- Enforce Strong Passwords and Password Expiration – these features make it easy to enforce strong passwords on your WordPress sites. In iThemes Security Pro settings you can enable the WP strong password evaluator and choose to set a date for passwords to expire, forcing users to create a new password.
If you’re not using iThemes Security Pro, now is a great time to start.