Skip to Content

reCAPTCHA on login in Odoo

Make your odoo login more secure by adding Google reCAPTCHA
May 3, 2017 by
reCAPTCHA on login in Odoo
Turkesh Patel
| No comments yet

Login reCAPTCHA – Protect Your Odoo Login from Bots and Brute-Force Attacks

Your Odoo login page is a target for automated bots trying passwords around the clock. This module adds Google reCAPTCHA to that page, so every login attempt has to prove it’s a real person – ticking ‘I’m not a robot’ and, where needed, passing image verification. Automated attacks are stopped at the door, and your system stays protected with a setup that takes only your reCAPTCHA keys.


What is Login reCAPTCHA?

reCAPTCHA is Google’s widely used challenge that tells humans and automated scripts apart – the familiar ‘I’m not a robot’ checkbox, backed up by image-selection tests when a visit looks suspicious. This module brings that protection to your Odoo login page. Before anyone can sign in, they must pass the reCAPTCHA; if the box isn’t checked the login is rejected with an ‘invalid reCAPTCHA’ message, and image verification adds a further layer of assurance that the attempt is genuinely manual. In short, it puts a proven human-verification gate in front of your Odoo authentication.

Why Do You Need It?

An unprotected login page is an open invitation to automated attacks – bots that hammer it with thousands of username and password combinations trying to break in. These brute-force and credential-stuffing attempts not only threaten your data if they succeed, they also load your server and can lock out or disrupt legitimate users. reCAPTCHA is one of the simplest and most effective defences: because bots can’t reliably pass it, the automated traffic is blocked before it ever reaches your authentication, while real users get through with a single click. Adding it to your Odoo login hardens one of the most exposed parts of your system with minimal friction – a small step that meaningfully reduces your risk of unauthorised access.

When Should You Use This Module?

Any Odoo instance that’s reachable over the internet should consider this, but it’s especially important for public-facing deployments, systems holding sensitive business or customer data, and any site that has seen suspicious login activity or automated traffic. If your Odoo login is currently protected by nothing more than a username and password, this module adds a crucial extra barrier against bots. It builds on the Odoo Website framework, so it fits into standard setups, and configuration is limited to entering your reCAPTCHA keys – making it a quick security win for administrators.

How This Module Works in Practice

Setup requires no technical knowledge – the only step is to enter your reCAPTCHA keys in the module’s settings, and it’s ready. Once configured, the reCAPTCHA widget appears on your Odoo login page. A user checks ‘I’m not a robot’ and, when reCAPTCHA deems it necessary, completes an image verification challenge; a valid response lets them proceed to log in. If someone (or something) tries to submit the login without passing the challenge, the module returns an ‘invalid reCAPTCHA’ message and blocks the attempt. The result is a login page that quietly turns away automated bots while letting genuine users sign in as easily as before.

Product Screenshots

reCAPTCHA settings where you enter your keys

Settings – simply enter your reCAPTCHA keys to activate the protection

reCAPTCHA shown on the Odoo login page

On the Login Page – the reCAPTCHA challenge appears before sign-in

Valid reCAPTCHA allowing login

Valid reCAPTCHA – a verified human is allowed to proceed and log in

Invalid reCAPTCHA message blocking login

Invalid reCAPTCHA – unverified attempts are rejected with a clear message

reCAPTCHA image verification challenge

Image Verification – an extra challenge confirms the login is genuinely manual

Key Benefits at a Glance

Stops bots at the door: reCAPTCHA blocks automated brute-force and credential-stuffing attempts on your login.

Human verification: the ‘I’m not a robot’ check, plus image challenges, confirm each login is manual.

Clear rejection: attempts that don’t pass get an ‘invalid reCAPTCHA’ message and are blocked.

Low friction for real users: genuine users sign in with a single click, security stays invisible.

Fast to enable: no technical knowledge needed – just enter your reCAPTCHA keys and it’s live.

Ready to get started?

Install the module and go live in minutes — or reach out and we’ll tailor it to your exact workflow.

Have a question or need help? Write to us at [email protected]

Sign in to leave a comment