diff --git a/.env b/.env
index e957e555..7a911e88 100755
--- a/.env
+++ b/.env
@@ -23,3 +23,6 @@ SMTP_PORT=587
 SMTP_USER=thetiptopgr3@gmail.com
 SMTP_PASS=xydqvyrxcwwsiups
 EMAIL_FROM=thetiptopgr3@gmail.com
+
+# reCAPTCHA v2 (obtenir les clés sur https://www.google.com/recaptcha/admin)
+RECAPTCHA_SECRET_KEY=YOUR_RECAPTCHA_SECRET_KEY
diff --git a/.env.dev b/.env.dev
index d2f324cd..36c9b8e7 100644
--- a/.env.dev
+++ b/.env.dev
@@ -27,3 +27,6 @@ SMTP_PORT=587
 SMTP_USER=thetiptopgr3@gmail.com
 SMTP_PASS=xydqvyrxcwwsiups
 EMAIL_FROM=thetiptopgr3@gmail.com
+
+# reCAPTCHA v2
+RECAPTCHA_SECRET_KEY=YOUR_RECAPTCHA_SECRET_KEY
diff --git a/.env.preprod b/.env.preprod
index 8962b6f5..f50bf839 100644
--- a/.env.preprod
+++ b/.env.preprod
@@ -27,3 +27,6 @@ SMTP_PORT=587
 SMTP_USER=thetiptopgr3@gmail.com
 SMTP_PASS=xydqvyrxcwwsiups
 EMAIL_FROM=thetiptopgr3@gmail.com
+
+# reCAPTCHA v2
+RECAPTCHA_SECRET_KEY=YOUR_RECAPTCHA_SECRET_KEY
diff --git a/.env.production b/.env.production
index 00c381b2..bb942521 100644
--- a/.env.production
+++ b/.env.production
@@ -27,3 +27,6 @@ SMTP_PORT=587
 SMTP_USER=thetiptopgr3@gmail.com
 SMTP_PASS=xydqvyrxcwwsiups
 EMAIL_FROM=thetiptopgr3@gmail.com
+
+# reCAPTCHA v2
+RECAPTCHA_SECRET_KEY=YOUR_RECAPTCHA_SECRET_KEY
diff --git a/src/controllers/auth.controller.js b/src/controllers/auth.controller.js
index bcf87ae9..5ccad508 100644
--- a/src/controllers/auth.controller.js
+++ b/src/controllers/auth.controller.js
@@ -11,12 +11,45 @@ import { promisify } from 'util';
 
 const resolveMx = promisify(dns.resolveMx);
 
+/**
+ * Vérifier le token reCAPTCHA
+ */
+const verifyCaptcha = async (token) => {
+  if (!token) return false;
+
+  const secretKey = process.env.RECAPTCHA_SECRET_KEY;
+  if (!secretKey) {
+    console.warn('⚠️ RECAPTCHA_SECRET_KEY non configuré - captcha désactivé');
+    return true; // Désactiver la vérification si pas de clé
+  }
+
+  try {
+    const response = await fetch('https://www.google.com/recaptcha/api/siteverify', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+      body: `secret=${secretKey}&response=${token}`
+    });
+    const data = await response.json();
+    console.log('📋 reCAPTCHA verification:', data.success ? '✅ OK' : '❌ Failed');
+    return data.success;
+  } catch (error) {
+    console.error('❌ Erreur vérification reCAPTCHA:', error);
+    return false;
+  }
+};
+
 /**
  * Inscription d'un nouvel utilisateur
  * POST /api/auth/register
  */
 export const register = asyncHandler(async (req, res, next) => {
-  const { email, password, firstName, lastName, phone, address, city, postalCode } = req.body;
+  const { email, password, firstName, lastName, phone, address, city, postalCode, captchaToken } = req.body;
+
+  // Vérifier le captcha
+  const captchaValid = await verifyCaptcha(captchaToken);
+  if (!captchaValid) {
+    return next(new AppError('Vérification captcha échouée. Veuillez réessayer.', 400));
+  }
 
   // Vérifier si l'utilisateur existe déjà
   const existingUser = await pool.query('SELECT id FROM users WHERE email = $1', [email]);