WordPress is the most commonly used content management system in the world. It powers about 74.6 million websites. Being so popular it is also a common target for hackers. The most common hacking attempt against WordPress is the brute force attack. This is basically a method where the attacker tries multiple combinations of usernames and passwords until the right combination is obtained. Automated programs known as bots carry out these attacks. These bots also fill in different forms in our website with junk data and submit it. Such requests from the bots may overload our servers. This may slow down or even crash our website.
One of the easiest ways to prevent such attack on our website is to improve WordPress security with Google reCaptcha. In order to provide additional security, we may also consider adding Google Authenticator to our login screen. In this blog, I will explain the step by step process to enable reCaptcha and to add it to the different forms on our website.
Step1: Install the reCAPTCHA plugin by BestWebSoft.
Step2: Before using this plugin we have to first generate reCaptcha keys from Google. These keys are a set of two unique values provided by Google, which is used to identify our website. For obtaining these values got to Google reCaptcha website and sign in using our Gmail credentials.
Step3: Here we have to register our website. The registration form is as shown below.
We have to provide a label name which is just for identifying our reCaptcha. Then we have to choose reCAPTCHA v2 option from the type of reCaptcha. We have to also add our website address to the domains section. After this, we have to accept the terms and conditions option and click the register button.
Step4: Once the registration is complete we will get two unique values Site Key and Secret Key as shown below. Copy these values to a notepad.
Step5: Now we have to go to the settings option of reCaptcha plugin in our admin dashboard.
Step6: Here we have to enter the two values that we have noted before.
Step7: A test reCaptcha button will appear as shown below.
Once we click this button a reCaptcha appears.
We have to select the correct images and click verify. Then we have to click test verification button.
After the verification, a success message appears as shown below.
Step8: Now we can choose from the forms listed under general settings to enable reCaptcha. Then we have to save the changes by clicking the save changes button.
That is all we have to do to enable reCaptcha. Now let us check the different forms that we have selected before.
Step9: First let us see the comments form in our blog.
As we can see Google reCaptcha option is now available for this form. Now let us submit this form by filling in all the other required fields but without validating the captcha. An error message screen will appear as shown below.
The same reCaptcha option is now available to login, password reset and registration forms as shown below.
Thus by using the Google reCaptcha plugin, we easily have added an additional layer of security to our blog.
Note: Although the use of this plugin protects our site against spam form submission and comments there are several security threats out there that are not covered. So if we are very serious about our blog’s security then it is better to use a plugin like Sucuri to protect our site from such advanced attacks.