Custom WordPress themes and plugins

2BC Form Security Documentation

Welcome to the 2BC Form Security documentation page. 2BC Form Security is a WordPress plugin. Any options found on the 2BC Form Security options page will be explained here, as well as how to run the plugin in various configurations.

Overview

How To Install

Automatic

  1. Log in to the WordPress administration panel with an administrator account
  2. Click Plugins > Add New
  3. Search for 2BC Form Security
  4. Find the plugin in the list of results and click the Install Now button
  5. Click OK to confirm the plugin installation. If there are any file permission issues, WordPress may ask for a valid FTP account to continue. Either enter the FTP credentials, or proceed to the Manual installation instructions.
  6. Click the Activate Plugin link after the installation is complete

Manual

  1. Download a copy of the plugin and save it to the local computer. Make sure that the folder has been unzipped.
  2. Using an FTP program, connect to the server that is hosting the website
  3. Find the root folder for the site and browse to the following directories: wp-content > plugins
  4. Upload the un-compressed2BC Form Security plugin folder in to the plugins folder on the server
  5. Log in to the WordPress administrator panel and click Plugins > Installed Plugins
  6. Find the 2BC Form Security plugin in the list and click the Activate link

Back to top

Settings Screen

Once the installation is complete, visit the Settings Screen to activate the security features of the plugin. The Settings Screen can be accessed by clicking Settings > 2BC Form Security.

Where To Display

2BC Form Security documentation - Where To Display
Click any of the boxes to enable the security checks for that form. This will automatically add the honeypot field. If a set of Google reCAPTCHA API keys have been entered and verified, the reCAPTCHA widget will also appear on the checked forms.

Google reCAPTCHA Options

2BC Form Security documentation - Google reCAPTCHA Options
Enter the Google reCAPTCHA V2 API keys for this domain in the Site Key and Secret Key fields. Once the keys have been entered, click Enable reCAPTCHA to verify the keys and activate the reCAPTCHA widget. Click Change API Keys to unlock the fields and enter a new set of API keys.

If you do not have a set of API keys, you can see our post here on How To Get Google reCAPTCHA V2 API keys. It’s free and easy to complete!

Click Record Users IP to attempt to capture the visitors IP address and send this to Google for extra security validation. If reporting is enabled, this will also display the IP address in the Reports tab.

Select the reCAPTCHA Theme to display the widget in. Fun fact – the reCAPTCHA widget displayed in the admin screen will use the theme set here, in case you want a preview of how the widget will look.

Error Handling

2BC Form Security - Error Handling
Select how Login Errors will be handled:

  • 2BC Form Security Error – Leave the log in errors alone, and simply add a new type of error when the security fields are not completed correctly
  • Generic Errors – Return a generic log in error so that hackers cannot find valid user names

If a comment did not pass the security checks, select which Comment Status should be applied. The options are to mark the comment as Spam (default), or to place the comment into the Moderation Queue.

Reports

2BC Form Security documentation - Reports
Enable Reporting to see a summary of how the security fields are being used on the site in the Reports Tab. If Record Users IP is checked above, the IP Address of the user will also be recorded along with failed attempts for that IP address. The intent it to allow for a quick report and potentially ban the worst offenders from using the site.
Back to top

Setup Guide

The security tools built in to 2BC Form Security can be run separately. Although running with Google reCAPTCHA is recommended, API keys are not required in order to enjoy some of the security benefits.

Easy Install – Honeypot Only

After installing the plugin and activating, visit the options screen by clicking Settings > 2BC Form Security. Click to check any of the 3 available forms to protect: Registration Form, Log In Form, or the Comment Form. Once the options are set, click Save all settings.

Complete Install – Honeypot and Google reCAPTCHA

After completing the easy installation instructions, there are a few additional steps to take in order to get the Google reCAPTCHA tool working. To complete this section you will need a working set of Google reCAPTCHA V2 API keys. As noted above, these keys are free and easy to get.

Paste the API keys into the appropriate fields in the Google reCAPTCHA Options. Once the fields are filled, the Enable reCAPTCHA checkbox will activate, click this to continue.

2BC Form Security documentation - Google reCAPTCHA WidgetThe plugin will activate the reCAPTCHA widget in order to confirm the site key. Complete the reCAPTCHA challenge in order to confirm the secret key is valid as well. Once the challenge has been completed, the fields will be locked. Make sure to click Save all options to save the new API keys, and activate the reCAPTCHA widget for the checked forms.

If you need to change the API keys for any reason, click the Change API Keys button. This will unlock and clear the API fields to allow for a new set of keys to be entered. Note that the reCAPTCHA widget must be completed again to verify the new keys. Any set of keys need to be verified once, so the reCAPTCHA option can be enabled and disabled without having to verify the widget multiple times.
Back to top