Hackernoon logoWordpress Security Tutorial: How to Defend Against Bots With reCAPTCHA by@adamkoy

Wordpress Security Tutorial: How to Defend Against Bots With reCAPTCHA

Author profile picture

@adamkoyAdam Koy

Passionate with all things DevSecOps and all things techie exploring Wordpress security.

How to increase our WordPress security and stop a million bots from scraping your information, emails or hacking into your account?

Today we will dive into CAPTCHA and ReCAPTHCAs.

What does CAPTCHA mean?

CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart“. Thats pretty long acronym. In human words, CAPTCHA can be broken down to whether the user is a spam bot or a real person. The amazing thing about CAPTCHAs is that they can stretch or manipulate letters, numbers and rely on the human mind to solve the puzzle which symbols are in.

The reason I love them is because they can be incorporated into a variety of applications and plugins to keep websites and users secure like:

- Protecting website registrations -Protect email addresses from scammers - Protect online polling -Protecting against email worms/junk mail - Prevent dictionary attacks -Prevent comment spamming on blogs

How Does a CAPTCHA Work?

The main reason they were created was to block spammy software from posting unwanted comments on pages or purchasing excess items all at once. The most common form of CAPTCHA that you can see is an image with several distorted letters. It is also popular to choose from a variety of images where they have a common theme.

A normal bot will only be able to do is input some random letters, making it statistically unlikely that they will pass the test. Thus, the bot will fail the test and be blocked from interacting with the website or application, while the human can carry on using it as normal.

However, more sophisticated advanced bots are able to use machine learning to identify these distorted letters. This is bad for the common CAPTCHA. This is why old or outdated CAPTCHA tests are being replaced with more complex ones. Google has redeveloped CAPTCHAs into a reCAPTCHA which has developed a number of other tests to help separate human users from bots.

What is reCAPTCHA?

reCAPTCHA is more advanced set compared to a typical CAPTCHA test. It can be integrated easily into WordPress security. Like CAPTCHA, some reCAPTCHAs require users to select or enter images of texts that computers may have trouble decoding. Moreover, reCAPTCHA sources texts from real-world images: pictures of house/street addresses, texts from magazines and books, text from old newspapers etc.

Do you have to pay for reCAPTCHAs to increase your WordPress Security ?

reCAPTCHA is mainly a free service from Google that helps to protect your websites from spam and abuse. By adding a reCAPTCHA, you can block automated software while allowing your users to enter with ease.

If you would like to see a quick demo, the click on the reCapture Demo link below:


Setup reCAPTCHA For Increased WordPress Security

1. Go to https://www.google.com/recaptcha

2. Click on Admin Console and click on + to register a reCAPTCHA

3. Enter your domain and select V2 or V3 depending on the what version your application is using

4. Click on Submit

5. Copy your SITE KEY and SECRET KEY

6 . Install your security plugin Wordfence

7. Go to Login Security>Settings

8. Enter in your SITE KEY and SECRET KEY

9. Log out and success you should see the reCAPTCHA logo!

And Success your WordPress security has been increased two fold by having your login page is protected by 2MFA and reCAPTCHA V3.

This ensures us that no bot can connect to our login screen unless they’re using a browser in which they dont do.

Final Thoughts

As you can see that without CAPTCHAS and reCAPTCHAs a lot of websites would be aggressively abused by hackers and automated robots. As AI developed, CAPTCHAs became less reliant as programs grew smarter in figuring out the pattern.

Thankfully, Google has been developing new ways to keep us and them safer by developing reCAPTHCAs. Luckily we can use WordPress plugins like Wordfence to enable reCAPTCHAs to stop programs and hackers connecting to our website.

If you follow the above tutorial and use reCAPTHA V3, then no application should be able to connect a million times into your website.

If you liked, this then dont forget to checkout my Protect WordPress : Defend Against Hackers Full Guide

Or if you would like to visit my blog, its here.


Join Hacker Noon

Create your free account to unlock your custom reading experience.