Welcome to the 2BC Form Security documentation page. 2BC Form Security is a WordPress plugin. Any options found on the 2BC Form Security options page will be explained here, as well as how to run the plugin in various configurations.
Once the installation is complete, visit the Settings Screen to activate the security features of the plugin. The Settings Screen can be accessed by clicking Settings > 2BC Form Security.
Click any of the boxes to enable the security checks for that form. This will automatically add the honeypot field. If a set of Google reCAPTCHA API keys have been entered and verified, the reCAPTCHA widget will also appear on the checked forms.
Enter the Google reCAPTCHA V2 API keys for this domain in the Site Key and Secret Key fields. Once the keys have been entered, click Enable reCAPTCHA to verify the keys and activate the reCAPTCHA widget. Click Change API Keys to unlock the fields and enter a new set of API keys.
If you do not have a set of API keys, you can see our post here on How To Get Google reCAPTCHA V2 API keys. It’s free and easy to complete!
Click Record Users IP to attempt to capture the visitors IP address and send this to Google for extra security validation. If reporting is enabled, this will also display the IP address in the Reports tab.
Select the reCAPTCHA Theme to display the widget in. Fun fact – the reCAPTCHA widget displayed in the admin screen will use the theme set here, in case you want a preview of how the widget will look.
Select how Login Errors will be handled:
If a comment did not pass the security checks, select which Comment Status should be applied. The options are to mark the comment as Spam (default), or to place the comment into the Moderation Queue.
Enable Reporting to see a summary of how the security fields are being used on the site in the Reports Tab. If Record Users IP is checked above, the IP Address of the user will also be recorded along with failed attempts for that IP address. The intent it to allow for a quick report and potentially ban the worst offenders from using the site.
Back to top
The security tools built in to 2BC Form Security can be run separately. Although running with Google reCAPTCHA is recommended, API keys are not required in order to enjoy some of the security benefits.
After installing the plugin and activating, visit the options screen by clicking Settings > 2BC Form Security. Click to check any of the 3 available forms to protect: Registration Form, Log In Form, or the Comment Form. Once the options are set, click Save all settings.
After completing the easy installation instructions, there are a few additional steps to take in order to get the Google reCAPTCHA tool working. To complete this section you will need a working set of Google reCAPTCHA V2 API keys. As noted above, these keys are free and easy to get.
Paste the API keys into the appropriate fields in the Google reCAPTCHA Options. Once the fields are filled, the Enable reCAPTCHA checkbox will activate, click this to continue.
The plugin will activate the reCAPTCHA widget in order to confirm the site key. Complete the reCAPTCHA challenge in order to confirm the secret key is valid as well. Once the challenge has been completed, the fields will be locked. Make sure to click Save all options to save the new API keys, and activate the reCAPTCHA widget for the checked forms.
If you need to change the API keys for any reason, click the Change API Keys button. This will unlock and clear the API fields to allow for a new set of keys to be entered. Note that the reCAPTCHA widget must be completed again to verify the new keys. Any set of keys need to be verified once, so the reCAPTCHA option can be enabled and disabled without having to verify the widget multiple times.
Back to top