We have already gone through a few ways of making your WordPress website more secure including how to change the default login url, but if you want to make your WordPress login even more secure, and specifically try and avoid bots from attempting to login to your site, then you can do this by adding a Google reCAPTCHA to your login page.
The Google reCAPTCHA is designed to stop bots from filling in forms. Having it on your contact form will help reduce the spam messages you receive, so if you are getting a lot of spam from your website contact form you may want to implement it there as well. Adding the Google reCAPTCHA to your WordPress login page should effectively stop the bots from attempting to login to your Website which they may be trying to do using a brute force attack by guessing your username and password.
How To Add Google reCAPTCHA To Your WordPress Login Page
In order to add the Google reCAPTCHA to your WordPress website you can follow a few steps which we have outlined below:
- Install Login No Captcha reCAPTCHA plugin and activate it.
- Click on the “Login NoCaptcha” option that will now appear under the Settings tab within your WordPress admin panel.
- You will arrive at a screen where it asks for your “Site Key” and your “Secret Key” which you will need a Google account to create.
- Click on the link to to create or view keys for Google NoCaptcha and you will be taken to the Google admin page for reCAPTCHA. Scroll down to create a new site and check “reCAPTCHA V2” and enter your domain name.
- Click on your newly created site, scroll down to where it says “Adding reCAPTCHA to your site” and click on the “keys” tab. This will display your site key and secret key. Copy and paste them into your “Login NoCaptcha” page in WordPress and save changes.
- If you don’t get an error message then the next step is to check it is working properly by opening a completely different browser than the one you are in and going to your login page. The reCAPTCHA should now display on your login page. Login to test that it all works. If you have any problems or errors go back to your original browser window and delete the keys and deactivate the plugin, otherwise sit back and enjoy the new found security layer to your WordPress login page.