reCAPTCHA V2 is a free service from Google that protects your website from spam and abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive challenges to keep automated software from engaging in abusive activities on your site. It does this while allowing your valid users to pass through with ease.
You must set up a reCAPTCHA V2 account with Google (https://www.google.com/recaptcha/admin) and register the domain(s) you intend to use with this Pressero account before enabling reCAPTCHA on your Pressero site(s). Obtain reCAPTCHA keys (Site Key and Secret Key) from Google and enter them as described below.
- Go to Preferences > General Settings > reCAPTCHA.
- Click the Enable reCAPTCHA Integration check box. The Site Key and Secret Key boxes appear.
- Enter the Site Key in the field provided.
- Enter the Secret Key in the field provided.
- Optional: click the "Test reCAPTCHA" button and the results of the test will display as shown in the screens below. A failed test will display an error message in a red box; a successful test will display "reCAPTCHA test successful!" in green text. If the test fails, recheck the accuracy of the two keys.
- Click “Save.”
The Login Security area in General Settings enables you to customize the login security features of your sites. When a user has a number of unsuccessful login attempts within a certain period of time, they are automatically locked out and unable to try again for a specific time. By default, users are locked out for 10 minutes after 10 failed attempts within a 10-minute window.
This feature cannot be disabled, but you can change the number of attempts allowed, the time frame in which those attempts can take place, and the time that a user is locked out after they reach the maximum login attempts.
Go to Preferences > General Settings > Login Security.
Master Password - This is the default password that will be used to log into the site with user impersonation. You can set a different master password for each site in Sites > [site name] > Settings > General tab in the "Site Basics" section. (This is moved from the General Settings section to the Login Security section on the wireframe.)
Maximum Login Attempts - This is the number of failed login attempts allowed within the retry period defined in Retry Time Limit (see below). By default, this is set to 10 attempts. The minimum number of attempts is 5, and the maximum is 20.
Retry Time Limit (minutes) - This is the length of time in minutes in which the number of failed login attempts defined in Maximum Login Attempts (see above) are allowed before a lockout occurs. By default, this is set to 10 minutes. The minimum number of minutes is 5, and the maximum is 20.
Lockout Time Period (minutes) - This is the number of minutes that a particular user's IP address is locked out once a lockout is triggered. By default, this is set to 10 minutes. The minimum number of minutes is 10, and the maximum is 60.
When a user has 2 attempts remaining, they will receive a message stating, "You have 2 remaining attempts before your account will be disabled. If you have forgotten your password, please select the reset password link below."
When a user has reached the maximum number of login attempts within the retry time limit, they will receive a message stating, "You've entered the wrong password too many times, therefore for security purposes, you have been locked out of this account for [lockout time period]. If you've forgotten your password you can request a new one by selecting the Reset Password link below."