WordPress is the most popular content management system in the world, which is great because it means it's regularly updated, has hundreds of thousands of plugin and theme possibilities to make your website do almost anything you could want it to, however, with it's good points come the bad.
Because of its popularity, it also means it's heavily on the radar of hackers and malicious users - the number one way malicious users gain access to a WordPress website is through a brute force type attack - there are several ways you can help stop this attack type, we recently spoke about moving your WordPress login URL and today, we're going to talk you through adding Google's ReCaptcha.
ReCAPTCHA is a modernised version of a CAPTCHA - you might not know what it's called when you see it, but you'll almost certainly have seen many, many captchas if you use the internet regularly.
Old style CAPTCHAS (and also some of the earlier ReCaptchas) were displayed as an image depicting some warped or distorted text, with an input box for you to enter the text to confirm you were a human and not a "bot".
CAPTCHA is an acronym of sorts, and stands for " Completely Automated Public Turing test to tell Computers and Humans Apart" with its primary aim being to challenge you to prove you are a human.
ReCaptcha has moved on from the old text style, which could be tricky even for the best readers, and now offers 2 different versions - one version I'm sure you'll have seen, and one version you'll likely have come across, but never actually seen!
ReCAPTCHA version 2 replaced the old text-based challenge with an image-based challenge, the format showed a selection of 9 image tiles, or a larger image split into multiple tiles with an instruction, for example "select all squares showing grass" or "select all images with street signs".
In order to pass this type of CAPTCHA you simply need to click or tap on the squares that match the instruction.
The newest version of ReCAPTCHA (at time of writing) is version 3, and this is the least intrusive version yet. For the most part, it won't bother you at all, as long as you don't seem like a bot, that is! You'll still know it's running by the small reCAPTCHA icon in the bottom right of the page, but unless you're exhibiting bot-like behaviour, it won't interrupt you at all and that's great from a user point of view.
Firstly, as always when adding a plugin, we need to go to Plugins->Add New
We'll be using the Advanced NoCAPTCHA & invisible captcha plugin so lets go ahead and search for it in the search box, then click on install, then activate.
Once installed, we need to navigate to Settings->Advanced noCaptcha & invisible captcha Settings where we'll see the main configuration page for the plugin.
We need to decide which reCaptcha version we wish to use - for the purposes of this guide, we're going to go with the newest version, v3 so we've changed the version dropdown to v3. You can also select where you want the captcha to be in force:
As you can see, we've selected the standard login, registration and password reset forms.
Now we need to go ahead and visit Google's ReCaptcha management page in order to generate our keys.
Once loaded, click the plus sign at the top right to add a new site and then fill out the form - ensure the reCAPTCHA type matches the type you are choosing in the plugin options.
Once done, click to accept the terms and then submit and you'll be presented with your new keys.
Copy them into your plugin configuration and then click on Save Changes
you should now have a reCaptcha symbol at the bottom right of your login and password reset forms - Congratulations, your website is now more secure!