Adding reCAPTCHA

Prevent brute force attackers from busting through your authentication defenses by incorporating reCAPTCHA into your login process using reCAPTCHA v3 integration.

reCAPTCHA prevents hackers from using automated processes to log in to someone's account without permission. The reCAPTCHA interface is free and easy to use, and it knows how to distinguish between humans and bots.

Just enable it and enter your reCAPTHCA keys. Then you should see reCAPTCHA in your login box!

Enable reCAPTCHA

Go to Home and click on the Login Box builder.

Click on the Security tab.

In the left panel, toggle the switch to on for reCAPTCHA.



When making changes to the settings in the builder, be sure to commit your changes and then publish for them to take effect and to configure them in your environments.

In your Frontegg Portal, go to Environments ➜ [NAME OF ENVIRONMENT] ➜ Authentication ➜ reCAPTCHA.


For instance, go to the development environment at Environments ➜ Development ➜ Authentication ➜ reCAPTCHA.

This is where you configure the reCAPTCHA credentials. You should see inputs for Site Key and Secret in addition to controls for score-based validation.



Moving Environments

When moving a project from one environment to another, Frontegg moves the reCAPTCHS configurations for you. For instance, if moving from development to production, Frontegg moves the development reCAPTCHA configuration to production.

Read below to learn where to get the information to input into this form.

Get reCAPTCHA Keys

Obtain your Site Key and Secret Key from Google reCAPTCHA v3.


As displayed in the image above, here is what you do:

  • Fill in the label.
  • Select reCaptcha v3.
  • Add your domain.
  • Select Accept the reCAPTCHA Terms of Service.
  • Submit.

Google then should present you with your keys.

Copy the Site and Secret keys from Google.

Paste them into your Frontegg Portal.

Here you also can set the minimum passing score required to accept reCAPTCHA validation. To use this feature, toggle the switch to on and set your score.


The score is the value at which the request is considered valid. A value of 1.0 is very likely a good interaction and a value of 0.0 is very likely a bot. The greater the score, the stricter your security.

Now reCAPTCHA is up and running in your login box!