It would be justly to assert that the login page and user registration page become the victims of hackers’ attacks more often than any other pages. The internet villains try to get unauthorized access to the admin dashboard with a further possibility to insert malware, which could send emails to the users of your site, advertising the sites of their own or in some cases even make a total breach, by placing any infections into the WordPress core folder.
In case such interference does not concern the core files, the problem can be solved rather quickly, in other cases, when the core files are infected, it will take you a good time to make a profound cleaning and launch the site anew. This problem has been bothering the developers since the very appearance of the world web and the first precedents of hack. Previously the hackers worked with each site individually but in course of time, they have succeeded in the elaboration of automatic mechanisms, able to attack thousands of sites simultaneously. Quite often they can be attacked by the programs of usernames and passwords generation.
Just when the first cases of such programs’ activity were fixed, the necessity of any means creation, able to block them, increased substantially. The invention of Captcha became a preventive vaccine against the possible diseases, able to get inside the vital organs of your site.
We would like to explain to you how the Captcha works and give a couple of tips on how to add this service in WordPress login and registration form.
How does Captcha function?
The word Captcha by itself is an acronym, which can be interpreted as Completely Automated Public Turing test to tell Computers and Humans Apart.
All up-to-date hacker-programs of username and password guessing work on the principle of iterative multiple attempts to enter casual symbols into username and password fields, making combinations self-contained. If the login page does not have any limitations in the number of such attempts, it is possible for a hacker-program to hang on the iteration of casual combinations entering eternally, i.e. up to the moment of a successful variation finding. By the way, some of such programs are able to make about 1 000 000 such attempts per second. Not bad, isn’t it?
That’s why, most of the platforms, including WordPress, have a restriction in the number of unsuccessful username and password entrance. As a rule 5 failed attempts to enter correct username and password add the IP address of your PC into the blacklist, stored in WordPress folders on hosting server. Nevertheless, even 5 attempts make rather a high probability of a successful combination finding by a hacking bot or by a real human user. For this reason, the usage of Captcha became a solution to the problem.
The sense of this technology lies in blocking the next attempt to enter another combination of symbols after the denial of the first one. The stage of Captcha entering enables any internet unit (like your PC or the PC of a hacker) to send the typed combination of username and password symbols to the hosting server only in case the entrance of Captcha is identified as correct one. If the Captcha is entered incorrectly, the symbols in username and password fields can not be forwarded to the hosting server. Considering that no hacker-program can neither analyze the numbers, written in different styles, nor choose the right pictures among the proposed ones, the attempt to send the combination of symbols to the server fails.
As a rule, all the possible Captchas can be added on this or that page of a WordPress site by means of a plugin. In most cases, it makes sense to add this feature to the login and registration pages, cause normally breaking these two pages enables the user to make any significant changes on the site.
The whole procedure of Captcha adding starts with the installation and activation of the plugin. We recommend you to install a plugin of our development, which is quite simple, but safe enough for the blocking of bots: Captcha-plugin by BestWebSoft.
So, how to add Captcha on default or custom WordPress login and registration forms?
1. Install the plugin.
You can do this by going to the dashboard of your site and choosing the “Plugins” section. Type “Captcha plugins” in the search slot and choose Captcha by BestWebSoft, click the “Install Now” button in order to place it on your dashboard.
As soon as the installation is completed, you’ll see the “Activate” button, which you need to click further. If the activation of the plugin was successful, you’ll see its title with the logo as the last but one item of the dashboard.
3. Make the necessary settings.
Choose the installed plugin by a mouse click and then settings.
4. Choose the forms.
Choose the forms which you want to upgrade with the Captcha feature by setting a check sign into the box next to your choice. For example, if you need to add it only on the login form, enable the “Login form” checkbox option.
5. Choose the Captcha type.
You can choose the type of Captcha and all the necessary features for it. For example, we enable the “Optical Character Recognition” if you want the users to recognize the generated characters.
6. Type the explanation.
In order to simplify the understanding of what to do, we recommend you to write a clear explanation of the task for the user in the “Captcha title” input field – for example: “Recognize the numbers”. We also recommend you to enable the “Reload Button” option for Captcha.
7. Save the changes.
After you’ve chosen all the necessary settings don’t forget to save the changes by clicking the “Save Changes” button. As a result of all the adjustments, your login page will add the Captcha feature under the username and password fields.
8. Install a Professional version by necessity.
You have noticed the sections which are highlighted with beige color for sure. The features, hidden in these sections can offer you significantly more options, what in turn can let you make more preferable adjustments on the site. In order to activate these features you need to upgrade the plugin by choosing the Pro version of it, what becomes possible by a click of the “Upgrade to Pro” button.
The up-to-date internet world provides an unlimited choice of services and enlarges the possibilities of any business considerably. But under no circumstances, we can let us forget that along with all the possibilities the world web contains millions of threats, able to bring enough unwanted problems or even financial losses to the site’s owner. If your website is equipped with plugins of security already, it won’t go amiss, if you set the Captcha feature on your login and registration pages. Remember: “It’s better to be safe than sorry”!