Are you looking to enable admin login captcha in Magento 2?
Enabling login captcha strengthens the Magento security. It prevents the login through brute force attack. Last time, we learned to enable captcha for customers. Lets see how to enable login captcha for admins.
What is Admin Login Captcha?
Admin login captcha is the captcha implemented on the Magento admin pages. So when the Magento owners open the login URL, they will find a captcha to solve besides the traditional username-password. Magento comes with the inbuilt admin login captcha which you can enable in a click.
Why Enable Admin Login Captcha?
Enabling admin login captcha is a security measure. We suggest you change your Magento login URL. If not, it would be yourstore.com/login. Like me, a hacker can also see your store URL.
The hackers can use this information to run a brute force attack. The brute force attack is the hacking attack where the hackers use a large number of username and password combinations to find the right one.
If you have not changed the Magento username, then the username would be the default one – which is admin. You can see, one can try a different password combination with the username admin to find the correct credentials and take over the store.
Adding the login captcha stops this automatic process, as the hackers have to solve the captcha to proceed. It takes time so the hackers ignore your store and move to the next one – an easier one.
How to Enable Admin Login Captcha?
Follow the steps to enable admin login captcha:
- Login to the Magento store
- Click ‘Stores’ on the Admin Panel.
- Select Configuration under the Settings section
- Under Customers, click on Customer Configuration
- Open the Captcha section and enable it
Enable CAPTCHA on Frontend: Select Yes from the Dropdown Menu.
Font: The font used in the CAPTCHA.
Forms: Select the forms you want the Captcha on.
Displaying Mode: Whether to display the captcha all the time. Or to make it visible once the person gets a certain number of incorrect login attempts.
Number of Unsuccessful Attempts to Login: If you choose to make the captcha visible after X number of incorrect login attempts, specify the number of unsuccessful attempts.
CAPTCHA Timeout (minutes): Number of minutes the captcha expires.
Number of Symbols: Enter the range number of symbols that CAPTCHA will be changed in, for example: 3-7. The maximum number of symbols is eight.
Symbols Used in CAPTCHA: Symbols that should build the Captcha. You can only set letters (a-z and A-Z), or number (0-9) to enter into the box.
Case Sensitive: Whether the captcha should be uppercase and lowercase sensitive or not.
More Magento Tutorials:
- How to Unlock Magento 2 Admin User Account?
- How To Set Minimum Order Amount In Magento 2
- How to Change Welcome Message in Magento 2?
Thanks to Magento, you do not have to install the Magento extensions to add the captcha to your store. You can protect the store from bots, brute force attacks and fraudulent logins.
I hope this quick tutorial helped you in enabling the admin login captcha in Magento 2. If you encounter any issue, please feel free to leave it in the comment box.