Login page is one of the vulnerable pages on a WordPress site. Unless you rename it, anyone can easily access the login page by typing “yourdomain.com/wp-login.php” on the web browser. They can then make login attempts to get into your WordPress dashboard. Adding reCAPTCHA is one of the ways to secure the login page on your WordPress site. This step can reduce the chance of being a brute-force victim as those who are trying to log in need to confirm that they are a real human instead of a bot.
Some security plugins come with a reCAPTCHA integration to allow you to stop spam comments and protect forms, including the login form on the login page. In this article, we will show you how to add reCAPTCHA on the WordPress login page using the reCaptcha by BestWebSoft plugin. The plugin can be used for free.
How to add reCAPTCHA to the WordPress login page using reCaptcha by BestWebSoft
reCAPTCHA itself is a spam protection system owned by Google. It is available in two versions: reCAPTCHA v2 and reCAPTCHA v3. The main difference between the two is that reCAPTCHA v2 requires user interaction (checking a checkbox) while reCAPTCHA v3 doesn’t. The reCaptcha by BestWebSoft plugin supports both versions. To add reCAPTCHA to your WordPress site, you need both the site key and secret key.
Getting the reCAPTCHA site key and secret key
To get a reCAPTCHA site and secret key, first, visit the reCAPTCHA website. Click the Admin Console menu and login with your Google account.
Once logged in, click the plus icon on the upper-right side to register a new site.
Add the label on the Label section and select the reCAPTCHA version you want to use on the reCAPTCHA type section. On the Domains section, add your site domain (type your domain without “www” or “http://” and hit enter). Accept the ToS and click the SUBMIT button.
Copy the generated site key and secret key.
Adding reCAPTCHA to your WordPress site
Since we want to use the reCaptcha by BestWebSoft plugin to add reCAPTCHA, make sure to install and activate it on your WordPress site. New to WordPress? You can read our previous article to learn how to install a WordPress plugin. Once the plugin is installed and activated, go to reCaptcha -> Settings. On the Settings tab, paste the site key as well as the secret key you have just copied above to the respective fields.
Select the reCAPTCHA version and set where you want to enable it. Since you want to add reCAPTCHA on the login page, make sure to tick the Login form option. Click the Save Changes button to apply the changes.
That’s it. Your WordPress login page is now reCAPTCHA-protected.