Recaptcha Joomla plugin on login form

Need help with the Administration of your Joomla! 3.x site? This is the spot for you.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Locked
gjledger_2k
Joomla! Apprentice
Joomla! Apprentice
Posts: 27
Joined: Wed Feb 08, 2012 9:24 pm

Recaptcha Joomla plugin on login form

Post by gjledger_2k » Thu Dec 15, 2016 4:51 pm

I've just suffered a brute force attack on one of my sites, so now I want to lock down the login forms of all sites. I was able to add nocaptcha recaptcha on my Wordpress sites, but the plugin that comes packaged with Joomla 3 doesn't show up on the login page.

Is there a way to get the built in Joomla plugin to work on forms and the login page?

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2414
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Recaptcha Joomla plugin on login form

Post by JAVesey » Thu Dec 15, 2016 6:01 pm

gjledger_2k wrote:Is there a way to get the built in Joomla plugin to work on forms and the login page?
Yes, of course there is :)

1. Global Configuration, Site tab, select Captcha-ReCaptcha as the default captcha. Make sure that it's published and enabled.
2. Extensions, plugins, select the captcha-ReCaptcha plugin. Select 2.0 as the version and enter your site and secret keys which you have generated care of Mr Google's services.

That should be it.

All the above assumes that you are using a template which allows the Recaptcha to show. If you're not and you're not sure whether your template does display the Recaptcha, temporarily switch to the standard Protostar template to see if the Recaptcha shows.
John V
Cardiff, Wales, UK
Joomla 3.10.10 "live" and local (testing and backup) sites
Joomla 4.1.5 local site (testing!)
All on PHP8.0.20

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 28953
Joined: Mon Oct 27, 2008 9:27 pm
Location: Romerike, Norway

Re: Recaptcha Joomla plugin on login form

Post by Per Yngve Berg » Thu Dec 15, 2016 10:25 pm

Use two factor authentication on users that have admin permissions.

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2414
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Recaptcha Joomla plugin on login form

Post by JAVesey » Fri Dec 16, 2016 9:03 am

Use AdminExile plugin to hide your /administrator URL and provide front-end and back-end "brute force protection" :-)
John V
Cardiff, Wales, UK
Joomla 3.10.10 "live" and local (testing and backup) sites
Joomla 4.1.5 local site (testing!)
All on PHP8.0.20

websroger
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 148
Joined: Tue Jan 04, 2011 4:23 pm
Location: Fort Collins, CO, USA
Contact:

Re: Recaptcha Joomla plugin on login form

Post by websroger » Wed Mar 08, 2017 3:47 pm

I went to the recaptcha site and got the key and secret, entered them in the places on the config. page, and I et an error on the registration page:
ERROR for site owner:
Invalid domain for site key

what have I to do? The captcha setup page has lines that should be in the template html file, which I cannot find.

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Recaptcha Joomla plugin on login form

Post by fcoulter » Wed Mar 08, 2017 9:05 pm

I suggest that you try JAVesey's suggestion to try with the protostar template. If you still get this result then it is not a template issue. In that case you made a mistake with the keys.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

websroger
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 148
Joined: Tue Jan 04, 2011 4:23 pm
Location: Fort Collins, CO, USA
Contact:

Re: Recaptcha Joomla plugin on login form

Post by websroger » Wed Mar 08, 2017 9:15 pm

I am already using the Protostar template. So where is the mistake? Is Joomla supplying the wrong domain name to reCaptcha?

User avatar
sozzled
Joomla! Master
Joomla! Master
Posts: 12009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Recaptcha Joomla plugin on login form

Post by sozzled » Wed Mar 08, 2017 9:34 pm

websroger wrote:I am already using the Protostar template. So where is the mistake? Is Joomla supplying the wrong domain name to reCaptcha?
I don't think it's fair to categorise "Joomla" as "supplying the wrong domain name to reCaptcha".

As far as this particular topic is concerned, I don't—I never have and I never will—use reCaptcha as part of the login process.

I've used Joomla with CAPTCHA—in various ways—as part of account registration on dozens of websites over the years. CAPTCHA is moderately successful in deterring would-be fake registrations (especially from automated account registration 'bots/scripts) but, once the account is registered then the ability to login should be enabled pretty much automatically.

In several sites that I've managed—and I manage quite a few websites—I put people through a few checks before their accounts are created. Although it doesn't take very long to create an account at a Joomla website—typically less than 5 minutes—I don't see any added benefit in making people go through additional checks (additional to entering a username/password on the login form, that is) every time they want to interact with my websites.

Other people are entitled (as they wish) to make people overcome additional hurdles every time they login. That's their choice; it's not my "preferred" way of interacting with the many websites that I use on a daily basis. For example, when I want to conduct online banking, ask a question of my ISP, my telephone provider, a government service, purchasing a book online, etc., I don't want to have to face a CAPTCHA challenge when I login to use those services in addition to entering the username/password that I would normally expect to use.

But, if you want to add a CAPTCHA to the login form, go ahead. If the Joomla login form allows you to do that, that's "good", too (I suppose). But, to suggest that "Joomla" is "supplying the wrong domain name to reCaptcha" when you use the form, I think that claim has never been proven, it's never been made by anyone else according to my research and to suggest this might be the cause is mischievous.

Finally, if it's imperative that you need to protect your website assets with CAPTCHA at login time, and the feature is not working, I suggest you double-check, triple-check or even pay someone else to check that you've configured the CAPTCHA key pair and login form correctly.
Last edited by sozzled on Wed Mar 08, 2017 9:44 pm, edited 1 time in total.
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
AMurray
Joomla! Exemplar
Joomla! Exemplar
Posts: 7749
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Recaptcha Joomla plugin on login form

Post by AMurray » Wed Mar 08, 2017 9:42 pm

Already suggested by @Per Yngve Berg

The better solution for your login form is 2FA - Two-factor authentication - https://docs.joomla.org/J3.x:Two_Factor_Authentication.
Regards - A Murray

User avatar
sozzled
Joomla! Master
Joomla! Master
Posts: 12009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Recaptcha Joomla plugin on login form

Post by sozzled » Wed Mar 08, 2017 9:52 pm

@AMurray, while I agree with you and @Per that TFA is a better alternative to using CAPTCHA, it's off-topic as far as this issue is concerned. The topic relates specifically to problems that people have with using (or attempting to use) reCaptcha with the Joomla login form. Put another way, can people have confidence that the reCaptcha feature—as ineffective as it may be to guard against spurious or automated login attempts is concerned—actually works as it's supposed to?

Otherwise, like a lot of what I wrote about "why" anyone would want to make people jump through additional barriers merely for the purposes of logging in, discussion about TFA (as an alternative) is merely "informed commentary" but it's not particularly on-topic. 8)
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

websroger
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 148
Joined: Tue Jan 04, 2011 4:23 pm
Location: Fort Collins, CO, USA
Contact:

Re: Recaptcha Joomla plugin on login form

Post by websroger » Wed Mar 08, 2017 10:21 pm

Sorry, I now see I'm in the wrong thread, I'm trying to put reCaptcha on the registration page. I still want to find someone who can answer questions about reCaptcha

User avatar
sozzled
Joomla! Master
Joomla! Master
Posts: 12009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Recaptcha Joomla plugin on login form

Post by sozzled » Wed Mar 08, 2017 10:25 pm

websroger wrote:Sorry, I now see I'm in the wrong thread, I'm trying to put reCaptcha on the registration page. I still want to find someone who can answer questions about reCaptcha
Please start a new topic for your question(s). :)
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 28953
Joined: Mon Oct 27, 2008 9:27 pm
Location: Romerike, Norway

Re: Can't configure reCaptcha to work

Post by Per Yngve Berg » Wed Mar 08, 2017 10:52 pm

Did you enter the keys you got into the Plugin?

websroger
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 148
Joined: Tue Jan 04, 2011 4:23 pm
Location: Fort Collins, CO, USA
Contact:

Re: Can't configure reCaptcha to work

Post by websroger » Wed Mar 08, 2017 11:04 pm

of course.

mgordon
Joomla! Apprentice
Joomla! Apprentice
Posts: 42
Joined: Fri May 25, 2007 10:57 pm

Re: Recaptcha Joomla plugin on login form

Post by mgordon » Mon Apr 09, 2018 6:17 pm

sozzled wrote:
websroger wrote:I am already using the Protostar template. So where is the mistake? Is Joomla supplying the wrong domain name to reCaptcha?
I don't think it's fair to categorise "Joomla" as "supplying the wrong domain name to reCaptcha".

As far as this particular topic is concerned, I don't—I never have and I never will—use reCaptcha as part of the login process.

I've used Joomla with CAPTCHA—in various ways—as part of account registration on dozens of websites over the years. CAPTCHA is moderately successful in deterring would-be fake registrations (especially from automated account registration 'bots/scripts) but, once the account is registered then the ability to login should be enabled pretty much automatically.

In several sites that I've managed—and I manage quite a few websites—I put people through a few checks before their accounts are created. Although it doesn't take very long to create an account at a Joomla website—typically less than 5 minutes—I don't see any added benefit in making people go through additional checks (additional to entering a username/password on the login form, that is) every time they want to interact with my websites.

Other people are entitled (as they wish) to make people overcome additional hurdles every time they login. That's their choice; it's not my "preferred" way of interacting with the many websites that I use on a daily basis. For example, when I want to conduct online banking, ask a question of my ISP, my telephone provider, a government service, purchasing a book online, etc., I don't want to have to face a CAPTCHA challenge when I login to use those services in addition to entering the username/password that I would normally expect to use.

But, if you want to add a CAPTCHA to the login form, go ahead. If the Joomla login form allows you to do that, that's "good", too (I suppose). But, to suggest that "Joomla" is "supplying the wrong domain name to reCaptcha" when you use the form, I think that claim has never been proven, it's never been made by anyone else according to my research and to suggest this might be the cause is mischievous.

Finally, if it's imperative that you need to protect your website assets with CAPTCHA at login time, and the feature is not working, I suggest you double-check, triple-check or even pay someone else to check that you've configured the CAPTCHA key pair and login form correctly.
While I agree with your view on putting Recaptcha on the login form, some Service providers actually demand that you do have some sort of captcha on your login page. I run several websites, and had an attack on my one domain. They didn't get far, but picked up the mail address and managed to use it to send lots of spam through my site. I deleted lots of fake users from my site, installed captcha, but my service provider which had shut down mail from the site, refused to open up the mail services until I installed some sort of captcha even on the login page.
In other words, yes, it is a valid question to add Recaptcha to the login page. Joomla, naturally enough doesn't add the Recaptcha to the login page, so this has to be done using some alternative method.

Changing service provider isn't a simple solution. It requires either a lot of work, or money to pay someone to do it for you. Specially if you got a big site.


Locked

Return to “Administration Joomla! 3.x”