1.) SECURITY SECTION.
Login to backend > configuration > settings > general settings > security.
You can see Admin are IP allowed, enter the IP address which you won’t allow access Admin side to configure the site, if you leave this empty it means anyone can access Nop-commerce backend. KLCWEB recommended that add single or two IP access to the backend.
Do not forgot to change Encryption private key, if you make any changes from admin side change Encryption private key.
CAPTCHA is a program that can tell whether it is a human or a computer is trying to access your website. Nop-commerce uses Recaptcha by GOOGLE to secure your site against script attacks. Learn about recaptchaV2 and recaptchV3.
RecaptchaV3 covers whole site where Recaptcha covers only single page so always way RecaptchaV3, if you are using RecaptchV2 configure it on login page, sing up page, payment page, contact page.