How to enable CAPTCHA for the admin panel in Magento
By default, when you and other users with access to the backend of your Magento want to log in to the admin panel only the name and password have to be typed. If you want to, you can enable CAPTCHA so that in addition to the login credentials a visual task has to be solved before the admin panel can be accessed. This visual task is a random combination of letters and numbers that has to be typed in the provided field.
To enable admin panel CAPTCHA, log in to the admin panel and go to System menu>Configuration>Admin button in the Advanced section on the left>CAPTCHA panel on the right. In the CAPTCHA panel there's a drop-down menu Enable CAPTCHA in Admin which is set to No by default. Set it to Yes and some more options will appear under it. These options are:
- Font â€“ this option is for the font used to display the CAPTCHA task. By default, Magento comes prepackaged only with one font.
- Forms â€“ this option is a list with two forms: Admin Login and Admin Forgot Password. Only the Admin Forgot Password form is selected by default. This means that CAPTCHA will appear only when a user requests a password reset. To display CAPTCHA on the login page select the Admin Login form. To select both forms, press and hold the Ctrl button on your keyboard and mark the forms by clicking on their names with the left mouse button.
- Displaying Mode â€“ by default this is set to After number of attempts to login which means that CAPTCHA is displayed only after a specific number of unsuccessful login attempts (the number is specified in the setting Number of Unsuccessful Attempts to Login). You can also set this option to Always if you want the CAPTCHA task to be shown every time.
- Number of Unsuccessful Attempts to Login â€“ this option can be configured only if you have set the Displaying Mode drop-down menu to After number of attempts to login. You can use this setting to specify the number of failed login attempts required in order for CAPTCHA to be displayed. By default, it's set to 3.
- CAPTCHA Timeout (minutes) â€“ this option determines the time in which a particular CAPTCHA task has to be solved. It's set to 7 by default. This means that if you open the admin login page and you don't type the CAPTCHA in 7 minutes, you have to refresh the page/CAPTCHA before you can login.
- Number of Symbols â€“ you can use this setting to specify the number of symbols displayed in the CAPTCHA task. By default, it's set to 4-5 which means that it will consist of four or five letters and numbers. You can type a single number, or you can type a range (e.g. 5-8).
- Symbols Used in CAPTCHA â€“ in this field you can type the letters and numbers that are allowed to be displayed in CAPTCHA. You can use numbers and upper and lower case letters.
- Case Sensitive â€“ by default, CAPTCHA is not case sensitive. This means that even if the CAPTCHA task contains upper and lower case letters, the user can type only lower case or only upper case letters. If you want CAPTCHA tasks to be case sensitive just set this option to Yes.
After you configure the options don't forge to click on the Save Config button in the upper right corner.