Ultimate Security Guide Part 7/9: Add CAPTCHA

Welcome to our 9-part series of the Ultimate Guide to Protecting Your WordPress Website.

This is Part 7: Add CAPTCHA

You won’t have to be too technical to do these yourselves and I’ll be here showing you on the screen, step by step how to do it.

Here are a few things you’ll need to prepare before starting:

  • WordPress Administrative Area Login URL which is typically in most cases /wp-admin after your domain name
  • Your WordPress administrative username
  • Your Password

Today I’m going to show you how to secure your WordPress website by adding CAPTCHA to your login, registration, and lost password forms.

CAPTCHA is a simple test to determine if a user is a human or a computer. In brief the CAPTCHA protection displays a random image with letters or numbers. A visitor must type what he/she sees on it.

This simple solution is widely used on many websites to prevent spam abuse. Using CAPTCHA on your website, especially on the login, registration, comment or any other forms, will minimize spam and stop or make much harder for bots to gain access or use your website for malicious purposes.

As everything else, there are many plugins that will help you implement CAPTCHA, but here is a list of some of the most widely used, simple to implement and also completely FREE:

Setup & Configure CAPTCHA

Using CAPTCHA by BestWebSoft – one of the easiest, free and most elegant captcha plugins.

  1. Go to Plugins and click Add new
  2. Type “Captcha” in search box and install “CAPTCHA by BestWebSoft”
  3. Click Activate plugins
  4. Find BWS Plugins > CAPTCHA submenu and click on it to configure settings
  5. For best security, under “Enable CAPTCHA for…” leave all checked. If you have enabled two-factor authentication, you can uncheck the Login form CAPTCHA.
  6. Scroll down and configure some of the other settings based on preference. For example, if you want to make it slightly easier for your users and yourself, you can un-select Multiplication. You can also un-select images, under “Complexity” so that the CAPTCHA remains clean and simply with text only.
  7. There are some more settings to configure under the Advanced tab. This is where you can configure the message that appears with the match CAPTCHA.
  8. Under whitelist, you can add your IP address if you don’t want to see the CAPTCHA when logging in. You can also add other user’s IP if you want to allow them to login without the use of CAPTCHA.

If you want more advanced features to beef up that security, we would recommend subscribing to their PRO version.

Thanks for watching this video.

Bookmark this page, subscribe or save it somewhere so you can check back when we publish Part 8/9 next week!

Looking for previous episodes of the Ultimate Guide to Securing Your WordPress site?

If you got any questions or comments, please comment below.