Add Google reCAPTCHA To WordPress with iThemes Security Pro

We just added a new way to secure your WordPress sites with Google’s reCAPTCHA, now available in iThemes Security Pro v.1.13.3.

The New reCAPTCHA

The benefit of Google’s new “no CAPTCHA” reCAPTCHA is it’s even more intelligent than ever.  Users don’t have to waste time trying to guess unclear CAPTCHAs and bots can’t use algorithms to guess phrases that aren’t on the screen. It’s a win-win for everybody and we’ve added it in iThemes Security Pro so you can add an extra layer of protection to your most vulnerable pages:

• WP Login
• Comments
• User Registration

Adding reCAPTCHA in iThemes Security Pro

Adding the new reCAPTCHA is easy and gives you added protection against spam registration attempts and brute force login attempts. To start using reCAPTCHA, from your WordPress dashboard navigate to iThemes Security>Pro Tab and go to the reCAPTCHA section. After you enable the feature, you will need to get Site and Secret Keys from Google. From your iThemes Security dashboard you can click the blue Google reCAPTCHA link to obtain your keys.

Getting Google reCAPTCHA Keys

To get the keys needed to activate reCAPTCHA just go to google.com/recaptcha and log in with your Google credentials. Then you will register a new site: After you click the blue Register button, you will see the Site and Secret Key codes that you can copy/paste in the reCAPTCHA section of iThemes Security Pro. After you’ve pasted in your Keys, you can edit the rest of the reCAPTCHA settings like which pages you want reCAPTCHA to be enforced and how many failed attempts will trigger a lockout and how long iThemes Security needs to remember a failed attempt to count it towards a lockout. At a minimum, our recommendation is enabling reCAPTCHA on your login and registration pages. This will greatly reduce registration spam and brute force login attempts. Click “Save All Changes” and you’re set. The next time users log in they will see the new reCAPTCHA field. Or the next time users comment on your site, they will see this:

Grant Users Temporary Privilage Escalation, Scheduled Malware Scans, Enforce Strong Passwords & More with iThemes Security Pro

iThemes Security Pro has tons of great features and we’ve got more planned for 2015. Secure your WordPress sites with features like:

• Temporarily Give Users Admin or Editor Access – this feature is great for letting contracts, or users needing special temporary escalated privileges for a short period of time. You can give them Admin or Editor access for 24 hours.
• WordPress Core Online File Comparison – this feature allows iThemes Security to compare changes made to any WordPress core file on your site with the version on WordPress.org to intelligently determine if the change was malicious.
• Enforce Strong Passwords and Password Expiration – these features make it easy to enforce strong passwords on your WordPress sites. In iThemes Security Pro settings you can enable the WP strong password evaluator and choose to set a date for passwords to expire, forcing users to create a new password.

If you’re not using iThemes Security Pro, now is a great time to start.