# 3.1.1 Google Recaptcha Setup ### ๐Ÿ” Google reCAPTCHA Integration (ShieldsGuard) #### ๐Ÿ“– Overview ShieldsGuard supports Google reCAPTCHA integration to enhance **bot protection**, **DDoS challenge validation**, and **login security**. By adding your Google reCAPTCHA keys to the system, you ensure that automated access attempts are filtered with an additional verification layer before being allowed to interact with protected web resources. *** ### ๐Ÿงญ Step-by-Step Setup Guide #### 1๏ธโƒฃ Register Your Site at Google reCAPTCHA 1. Visit:
1. Log in with your Google account 2. Fill in the form: * **Label**: Example: `ShieldsGuard Protection` * **Choose Type**: * โœ… **reCAPTCHA v2** โ€“ "Iโ€™m not a robot" (recommended) * Or **v3** if desired * **Domains**: Enter your domain (e.g., `example.com`) * Accept the Terms of Service 3. Click **Submit**
You will receive two keys: * ๐Ÿ” **Secret Key** * ๐ŸŒ **Site Key** *** #### 2๏ธโƒฃ Enter Keys into ShieldsGuard Once youโ€™ve obtained your keys: 1. Log in to your **ShieldsGuard Panel** 2. Navigate to:\ **Protection > DDoS Protection > Google Recaptcha Section** 3. Click the ๐Ÿ”ด **Set Key** button\ \&#xNAN;*(Youโ€™ll see this as a red action button prompting configuration)*
1. In the popup titled **Edit Google Captcha Key**, enter: * **Secret Key** (first field) * **Site Key** (second field)
1. Click the ๐Ÿ”’ **Save** button You will receive confirmation that the keys are stored and ready for use. *** #### 3๏ธโƒฃ Activate Google reCAPTCHA in DDoS Protection > Adding the keys alone is not enough. You must activate Google reCAPTCHA in your protection mode. 1. Go to: **Protection > DDoS Protection** 2. In the **DDoS Protection Settings**, set: * **Protection Mode** โ†’ `Automatic or Google Captcha` * **Automatic Protection Type** โ†’ `Google Captcha` 3. Save the configuration Now, when a threshold is triggered, ShieldsGuard will serve Google reCAPTCHA challenges to the client. *** ### ๐Ÿงช Test It To verify that Google reCAPTCHA is active: * Simulate a DDoS request (e.g., rapid refresh or tool-based probe) * Access a protected endpoint with the configured domain * reCAPTCHA challenge should appear in the browser *** ### ๐Ÿ’ก Best Practices | Tip | Recommendation | | --------------------------- | -------------------------------------------- | | โœ… Use reCAPTCHA v2 | More reliable for user interaction | | ๐Ÿ” Rotate keys periodically | For improved security | | ๐Ÿงช Test CAPTCHA in dev mode | Ensure visual rendering and key match | | ๐Ÿ” Keep secret key private | Never expose this value to frontend or users | *** > ๐ŸŽฏ By integrating Google reCAPTCHA with ShieldsGuard, you're creating a highly effective layer of friction for automated threats, while preserving user experience for legitimate visitors.