diff --git a/public/include/pages/login.inc.php b/public/include/pages/login.inc.php
index 5c26848d..8f35d724 100644
--- a/public/include/pages/login.inc.php
+++ b/public/include/pages/login.inc.php
@@ -3,9 +3,28 @@
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 
+
+// ReCaptcha handling if enabled
+if ($setting->getValue('recaptcha_enabled')) {
+  require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
+  if (!empty($_POST['username']) && !empty($_POST['password'])) {
+    // Load re-captcha specific data
+    $rsp = recaptcha_check_answer (
+      $setting->getValue('recaptcha_private_key'),
+      $_SERVER["REMOTE_ADDR"],
+      ( (isset($_POST["recaptcha_challenge_field"])) ? $_POST["recaptcha_challenge_field"] : null ),
+      ( (isset($_POST["recaptcha_response_field"])) ? $_POST["recaptcha_response_field"] : null )
+    );
+    $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), $rsp->error, true));
+    if (!$rsp->is_valid) $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid Captcha, please try again.', 'TYPE' => 'errormsg');
+  } else {
+    $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true));
+  }
+}
+
 if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST['username']))) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'You are not allowed to login during maintenace.', 'TYPE' => 'info');
-} else if (isset($_POST['username']) && isset($_POST['password'])) {
+} else if (!empty($_POST['username']) && !empty($_POST['password'])) {
   $nocsrf = 1;
   if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
     if ((isset($_POST['ctoken']) && $_POST['ctoken'] !== $user->getCSRFToken($_SERVER['REMOTE_ADDR'], 'login')) || (!isset($_POST['ctoken']))) {
@@ -13,9 +32,9 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST
       $nocsrf = 0;
     }
   }
-  if ($nocsrf == 1 || (!$config['csrf']['enabled'] || !$config['csrf']['forms']['login'])) {
-    $checklogin = $user->checkLogin($_POST['username'], $_POST['password']);
-    if ($checklogin) {
+  // Check if recaptcha is enabled, process form data if valid
+  if (($setting->getValue('recaptcha_enabled') != 1 || $rsp->is_valid) && ($nocsrf == 1 || (!$config['csrf']['enabled'] || !$config['csrf']['forms']['login']))) {
+    if ($user->checkLogin(@$_POST['username'], @$_POST['password']) ) {
       empty($_POST['to']) ? $to = $_SERVER['SCRIPT_NAME'] : $to = $_POST['to'];
       $port = ($_SERVER["SERVER_PORT"] == "80" or $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
       $location = @$_SERVER['HTTPS'] === true ? 'https://' . $_SERVER['SERVER_NAME'] . $port . $to : 'http://' . $_SERVER['SERVER_NAME'] . $port . $to;
@@ -24,18 +43,17 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST
     } else {
       $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to login: '. $user->getError(), 'TYPE' => 'errormsg');
     }
-  } else {
+  } else if ($nocsrf == 0) {
     $img = "<img src='site_assets/mpos/images/questionmark.png' title='Tokens are used to help us mitigate attacks; Simply login again to continue' width='20px' height='20px'>";
     $_SESSION['POPUP'][] = array('CONTENT' => "Login token expired, please try again $img", 'TYPE' => 'info');
   }
-} else if (@$_POST['username'] && @$_POST['password']) {
-  $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to login: '. $user->getError(), 'TYPE' => 'errormsg');
 }
 // csrf token - update if it's enabled
 $token = '';
 if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
   $token = $user->getCSRFToken($_SERVER['REMOTE_ADDR'], 'login');
 }
+
 // Load login template
 $smarty->assign('CONTENT', 'default.tpl');
 $smarty->assign('CTOKEN', $token);
diff --git a/public/include/smarty_globals.inc.php b/public/include/smarty_globals.inc.php
index f059d477..98f23a2c 100644
--- a/public/include/smarty_globals.inc.php
+++ b/public/include/smarty_globals.inc.php
@@ -67,6 +67,7 @@ $aGlobal = array(
   'twofactor' => $config['twofactor'],
   'csrf' => $config['csrf'],
   'config' => array(
+    'recaptcha_enabled' => $setting->getValue('recaptcha_enabled'),
     'disable_navbar' => $setting->getValue('disable_navbar'),
     'disable_navbar_api' => $setting->getValue('disable_navbar_api'),
     'disable_payouts' => $setting->getValue('disable_payouts'),
diff --git a/public/templates/mpos/global/header.tpl b/public/templates/mpos/global/header.tpl
index a41835a9..7362439c 100644
--- a/public/templates/mpos/global/header.tpl
+++ b/public/templates/mpos/global/header.tpl
@@ -2,4 +2,4 @@
       <h1 class="site_title">{$GLOBAL.website.name|default:"Unknown Pool"}</h1>
       <h2 class="section_title">{if $smarty.request.action|escape|default:""}{$smarty.request.action|escape|capitalize}{else}{$smarty.request.page|escape|default:"home"|capitalize}{/if}</h2>
     </hgroup>
-    {include file="login/small.tpl"}
+    {if $GLOBAL.config.recaptcha_enabled|default:"0" != 1}{nocache}{include file="login/small.tpl"}{/nocache}{/if}
diff --git a/public/templates/mpos/login/default.tpl b/public/templates/mpos/login/default.tpl
index 9b8eefec..c10467a4 100644
--- a/public/templates/mpos/login/default.tpl
+++ b/public/templates/mpos/login/default.tpl
@@ -14,6 +14,7 @@
         </fieldset>
       <div class="clear"></div>
     </div>
+    <center>{nocache}{$RECAPTCHA|default:"" nofilter}{/nocache}</center>
     <footer>
       <div class="submit_link">
         <a href="{$smarty.server.SCRIPT_NAME}?page=password"><font size="1">Forgot your password?</font></a>