// Module included in the following assemblies: // // server_admin/topics/users.adoc [id="proc-enabling-recaptcha-support_{context}"] = Enabling reCAPTCHA Support [role="_abstract"] To safeguard registration against bots, {project_name} has integration with Google reCAPTCHA. Once reCAPTCHA is enabled, you can edit `register.ftl` in your login theme to configure the placement and styling of the reCAPTCHA button on the registration page. .Procedure . Navigate to the link:https://developers.google.com/recaptcha/[Google Recaptcha website]. . Create an API key to get your reCAPTCHA site key and secret. Note the reCAPTCHA site key and secret for future use in this procedure. + NOTE: The localhost works by default. You do not have to specify a domain. + . Navigate to the {project_name} admin console. . Click *Authentication* in the left menu. . Click the *Flows* tab. . Select *Registration* from the drop down menu. . Set the *reCAPTCHA* requirement to *Required* by clicking the appropriate radio button. This enables reCAPTCHA. . Click *Actions* to the right of the reCAPTCHA flow entry. . Click the *Config* link to redirect to the config page. . Enter the reCAPTCHA site key generated from the Google reCAPTCHA website, on the config page. . Enter the secret generated from the Google reCAPTCHA website, on the config page. . Authorize Google to use the registration page as an iframe. + NOTE: {project_name} prevents websites from including a login page dialog in an iframe. This restriction is to prevent clickjacking attacks. You need to change the default HTTP response headers that is set in {project_name}. + .. Click *Realm Settings* in the left menu. .. Click the *Security Defenses* tab. .. Enter `https://www.google.com` in the field for the *X-Frame-Options* header. .. Enter `https://www.google.com` in the field for the *Content-Security-Policy* header. [role="_additional-resources"] .Additional resources * For more information on extending and creating themes, see the link:{developerguide_link}[{developerguide_name}].