Magento 2 Tutorials

Improve Magento 2 Security by Enabling Captcha & Changing Magento 2 Encryption Key

Captcha and Encryption Key are two ways by which you can easily improve the security of your Magento 2 store. Captcha is known as a visual security check which ensures that a human being is interacting with the website rather than a computer bot. It has some code that a user has to enter whenever it is required.

The Magento 2 Encryption key is used to protect passwords and other valuable data. During the Magento 2 installation process, Magento 2 generates a random encryption key. In this blog post, we will discuss how to enable Captcha and change the Encryption Key in Magento 2.

Magento 2 Captcha

In Magento 2, you can add the Captcha to the sign in and forget password page for both admin and customer account. To enable Magento 2 Captcha, follow the steps below:

Enable Admin Captcha

Step 1: Login to your Magento 2 Admin Panel.

Magento 2 Admin Login

Step 2: Tap STORES from left sidebar.

Magento 2 Stores

Step 3: Click Configuration under the Settings menu.

Magento 2 Configuration

Step 4: From the left panel, expand ADVANCED and click Admin.

Magento 2 Advanced Configuration

Step 5: Click CAPTCHA in the right panel and expand it.

Captcha

Step 6: Set Enable CAPTCHA in Admin to Yes. You will see some more options to configure:

Enable Captcha

  • Font: The default font for Magento 2 Captcha is LinLibertine.

Default Font

  • Forms: Select the pages that will use Captcha. Press CTRL key to select multiple options.

Select multiple option

  • Displaying Mode: Choose one of the following options:
    • Always: Always require to enter the Captcha.

Displaying Mode

    • After number of attempts to login: Show Captcha after a certain number of failed login attempts.

Number of Unsuccessful Attempts to Login

  • CAPTCHA Timeout (minutes): Captcha expiration period.

Captcha Timeout

  • Number of Symbols: A variable number of symbols that changes with each CAPTCHA.

Number of Symbols

  • Symbols Used in CAPTCHA: Determine the symbols that can be used in the Captcha. You can select from A to Z for letter and from 0 to 9 for the number.

Symbols Used in CAPTCHA

  • Case Sensitive: If you want to require Admins to enter the characters exactly as shown, set it to Yes.

case sensitive

Step 7: Tap Save Config when you are finished.

Configuration of Captcha

Enable Customer Captcha

Step 1: Go to Configuration page.

Configuration

Step 2: From the left panel, expand CUSTOMERS and click Customer Configuration.

Customer Configuration

Step 3: Click CAPTCHA in the right panel and expand it.

CAPTCHA

Step 4: Set Enable CAPTCHA on Storefront to Yes. You will see some more options to configure:

Enable CAPTCHA on Storefront

  • Font: The default font for Magento 2 Captcha is LinLibertine.

Magento 2 Default font

  • Forms: Select the pages that will use Captcha. Press CTRL key to select multiple options.

Select Multiple Option

  • Displaying Mode: Choose one of the following options:
    • Always: Always require to enter the Captcha.

Displaying Mode

    • After number of attempts to login: Show Captcha after the certain number of failed login attempts.

Number of Unsuccessful Attempts to Login

  • CAPTCHA Timeout (minutes): Captcha expiration period.

Captcha timeout

  • Number of Symbols: A variable number of symbols that changes with each CAPTCHA.

Number of symbols

  • Symbols Used in CAPTCHA: Determine the symbols that can be used in the Captcha. You can select from A to Z for letter and from 0 to 9 for the number.

symbols used in captcha

  • Case Sensitive: If you want to require Admins to enter the characters exactly as shown, set it to Yes.

case sensitive

Step 5: Tap Save Config when you are finished.

save configuration

Magento 2 Encryption Key

Follow the steps below to change Magento 2 Encryption key:

Step 1: From the Magento 2 Admin left sidebar, tap SYSTEM.

Magento 2 Encryption Key

Step 2: Click Manage Encryption Key under the Other Settings menu.

Manage encryption key

Step 3: To change the Encryption Key, do one of the following:

change encryption key

  • Auto-generate a Key: Set Yes if you want Magento 2 to handle this for you.

auto generate key

  • New Key: Enter the new key of your choice

new key

Step 4: Tap Change Encryption Key once you are done.

This article was all about enabling Captcha and changing Magento 2 Encryption Key for enhancing security in Magento 2. Master them to save your Magento 2 store from attacks while improving your store security. If you have anything to ask or add to this topic, feel free to comment below.

About Fayyaz Khattak

Fayyaz is a Magento Community Manager at Cloudways - A Managed Magento Hosting Platform. He writes about Magento Tutorials at Magenticians as well as share his knowledge with the Magento Community. Fayyaz is a food lover and enjoys driving. You can email him at m.fayyaz@cloudways.com

  • Stay Connected: