Login with ReCaptcha
Moderators: pe7er, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
-
- Joomla! Intern
- Posts: 77
- Joined: Thu Mar 22, 2018 4:08 pm
Login with ReCaptcha
I am looking for a free extension with a module for login that can handle reCaptcha in the login process and not only into register process.
I am also using K2.
Thanks in advance.
I am also using K2.
Thanks in advance.
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Login with ReCaptcha
This question has been asked and answered before: please see
as examples. There are many more examples.
-
- Joomla! Intern
- Posts: 77
- Joined: Thu Mar 22, 2018 4:08 pm
Re: Login with ReCaptcha
In the first thread we talk about whether it makes sense to put the reCaptcha in the login form; in the second we recommend using TFA.sozzled wrote:This question has been asked and answered before: please see
I asked another thing: is there an extension to insert reCaptcha in the login form?
- starazure
- Joomla! Enthusiast
- Posts: 142
- Joined: Mon Sep 11, 2017 5:18 pm
- Location: OH, United States
- Contact:
Re: Login with ReCaptcha
If you don't find any such extensions let me know. That might be a product I can create and I promise it will be a free download.
Free fastest Joomla themes - https://starazure.com/joomla-templates
Free useful Joomla extensions - https://starazure.com/extensions
Free useful Joomla extensions - https://starazure.com/extensions
-
- Joomla! Intern
- Posts: 77
- Joined: Thu Mar 22, 2018 4:08 pm
Re: Login with ReCaptcha
In JED I found only 2 "free" modules, but without reCaptcha in Login.tijjk wrote:If you don't find any such extensions let me know. That might be a product I can create and I promise it will be a free download.
If you are able, develop your own extension and enter it in JED.
Thank you very much.
- JAVesey
- Joomla! Hero
- Posts: 2635
- Joined: Tue May 14, 2013 1:21 pm
- Location: Cardiff, Wales, UK
- Contact:
Re: Login with ReCaptcha
I am curious as to why you think you need it? It makes logging in more tedious for your site's users and is therefore a disincentive to use your site.
If you have a Captcha on your Registration Form, and account verification at the point of registration, then you can have some confidence that the user-account is bona-fide. Adding a subsequent Captcha doesn't achieve anything worthwhile in my view.
Not saying that you don't need/want it, just curious as to why? I'm happy to be educated
If you have a Captcha on your Registration Form, and account verification at the point of registration, then you can have some confidence that the user-account is bona-fide. Adding a subsequent Captcha doesn't achieve anything worthwhile in my view.
Not saying that you don't need/want it, just curious as to why? I'm happy to be educated
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
- starazure
- Joomla! Enthusiast
- Posts: 142
- Joined: Mon Sep 11, 2017 5:18 pm
- Location: OH, United States
- Contact:
Re: Login with ReCaptcha
I agree with John for the first 5 login attempts but after that, it could be a hacker. I have seen that with my gmail account - A few consecutive login attempt failures starts showing captcha.JAVesey wrote:I am curious as to why you think you need it? It makes logging in more tedious for your site's users and is therefore a disincentive to use your site.
If you have a Captcha on your Registration Form, and account verification at the point of registration, then you can have some confidence that the user-account is bona-fide. Adding a subsequent Captcha doesn't achieve anything worthwhile in my view.
Not saying that you don't need/want it, just curious as to why? I'm happy to be educated
John made a very good point though. I understand the use could be to prevent hacking but from a product development perspective, now I am not sure if I will get enough downloads after putting in all the time to develop it.
Thanks
Free fastest Joomla themes - https://starazure.com/joomla-templates
Free useful Joomla extensions - https://starazure.com/extensions
Free useful Joomla extensions - https://starazure.com/extensions
- JAVesey
- Joomla! Hero
- Posts: 2635
- Joined: Tue May 14, 2013 1:21 pm
- Location: Cardiff, Wales, UK
- Contact:
Re: Login with ReCaptcha
But if they haven't got in after 5 attempts then they probably won't. You need "brute force" protection to protect your login from automated scripts, possibly with a redirect and automated i.p. ban rather than a Captcha.tijjk wrote:I agree with John for the first 5 login attempts but after that, it could be a hacker.
Look at the "Brute Force Stop" extension, or use AdminExile to mask your Admin URL?
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
-
- Joomla! Intern
- Posts: 77
- Joined: Thu Mar 22, 2018 4:08 pm
Re: Login with ReCaptcha
I could be wrong, but I do not think there is a way to make TFA mandatory for users.
So a new user could register, but then not use the TFA.
On my portals, who has the rights of Administrator and Super User are obliged to use the TFA.
Said this, every website has different needs from the others, we can not and should not generalize.
Most websites do not need users to log in.
For users who need to login, I agree with you that the best solution is TFA, but not being sure that the user activates it, then personally I prefer to activate the reCaptcha as the first level of security.
Obviously I'm talking about my websites and my users.
Finally, I remind you that there are different ways to connect and that a password can be cracked.
If the intruder is a person, when he has username and password, then reCaptcha will not be a problem for him.
Instead, if the intrusion is managed by an automatic system, the reCaptcha can serve as a first protection.
So a new user could register, but then not use the TFA.
On my portals, who has the rights of Administrator and Super User are obliged to use the TFA.
Said this, every website has different needs from the others, we can not and should not generalize.
Most websites do not need users to log in.
For users who need to login, I agree with you that the best solution is TFA, but not being sure that the user activates it, then personally I prefer to activate the reCaptcha as the first level of security.
Obviously I'm talking about my websites and my users.
Finally, I remind you that there are different ways to connect and that a password can be cracked.
If the intruder is a person, when he has username and password, then reCaptcha will not be a problem for him.
Instead, if the intrusion is managed by an automatic system, the reCaptcha can serve as a first protection.
- JAVesey
- Joomla! Hero
- Posts: 2635
- Joined: Tue May 14, 2013 1:21 pm
- Location: Cardiff, Wales, UK
- Contact:
Re: Login with ReCaptcha
Yes there is, but I cannot think of a better way discouraging users from logging in to the front end. Not only give them an extra hoop to jump through but also make them have to use a specific way of generating the TFA code (smartphone app, browser extension) as well. My own site would have no users if I required TFA on the front-end.cobra-arbok wrote:I could be wrong, but I do not think there is a way to make TFA mandatory for users.
However, happy to accept that it's up to the the individual site.
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
-
- Joomla! Intern
- Posts: 77
- Joined: Thu Mar 22, 2018 4:08 pm
Re: Login with ReCaptcha
OK, I agree with you.JAVesey wrote:Yes there is, but I cannot think of a better way discouraging users from logging in to the front end. Not only give them an extra hoop to jump through but also make them have to use a specific way of generating the TFA code (smartphone app, browser extension) as well. My own site would have no users if I required TFA on the front-end.cobra-arbok wrote:I could be wrong, but I do not think there is a way to make TFA mandatory for users.
However, happy to accept that it's up to the the individual site.
I have previously written that TFA is the right solution for the administrative backend and where we need to protect pricacy, data or money.
Said this, where can I force a user to activate the TFA? I do not see any options.
Returning to my initial question, the answer is "there is no extension, developed by Joomla or others, that allows you to log in with the reCaptcha".
In Wordpress there are dozens of them, in Joomla none. OK.
- Kubik-Rubik
- Joomla! Explorer
- Posts: 269
- Joined: Wed Aug 25, 2010 1:59 pm
- Location: Karlsruhe - Germany
- Contact:
Re: Login with ReCaptcha
My plugin EasyCalcCheck Plus does protect the login form of the core users component: https://extensions.joomla.org/extension ... heck-plus/cobra-arbok wrote:Returning to my initial question, the answer is "there is no extension, developed by Joomla or others, that allows you to log in with the reCaptcha".
In Wordpress there are dozens of them, in Joomla none. OK.
You can define how many failed login attempts are allowed (e.g. over the login module), if the limit is reached, then the user will be redirected to the form of the component and has to solve the reCaptcha (or other anti spam measures) there before he can sign in. So, you are not forcing normal users to solve a captcha just for the login!
Have success!
Cheers
Cheers
Viktor
Kubik-Rubik Joomla! Extensions https://kubik-rubik.de
Former member of Joomla! Production Leadership Team, Security Strike Team and Bug Squash Team
Viktor
Kubik-Rubik Joomla! Extensions https://kubik-rubik.de
Former member of Joomla! Production Leadership Team, Security Strike Team and Bug Squash Team