The Web is made up of billions of websites. And in the eyes of spammers, a website is seen as an opportunity. In most cases, an opportunity in regards to free product promotion. But there are cases where spammers are using their spam software to trying and game search engines and the like.
For the most part, spam will affect websites that haven’t been properly secured beforehand. And, as it happens, there are a lot of such websites. Bots are able to find vulnerable websites by using website crawling tools, and if your website has even the most basic of submission forms, the bots will generally begin spamming your site immediately.
What is a CAPTCHA?
CAPTCHA’s are like security locks for a lot of your content. In order for someone to get in (e.g. submit a comment), they must first verify that they are indeed human.
This verification is generally done through some form of a text and letter combination, but in recent years it’s reCAPTCHA that has taken the world by a storm. You’ll all have seen this widget on a website before.
This is an advanced CAPTCHA system created by Google. Now, it’s definitely robust and prevents 99% of all spam, but whether it’s the most user-friendly is an argument to be had. For this specific system, the problem is that you sometimes have to spend up to 20 seconds to solve one single CAPTCHA.
The other commonly known type is a word-based solution.
Here is an example:
Something like this is pretty straightforward. It’s only a single word and doesn’t require sitting through a repetitive verification process.
Does your site need a CAPTCHA?
This is a good question. In which cases does your website actually needs a CAPTCHA and can it have a negative impact on the user experience? For starters, you have to look at how busy your site is on a day to day basis.
Are you getting a lot of spam requests? Do you even allow form submissions on your site? Does your site process things like user comments or even a full-blown forum? Lastly, are you processing payments on your site?
If the answer is yes to any of these, then you most likely are going to need to implement some kind of a spam protection (CAPTCHA) system. But, if all you’re doing is hosting some static content with no real dynamic influence. Well, in this case, it’s unlikely your site needs any protection from spammers.
Needless to say, tools for implementing simpler CAPTCHA systems are sparse and require a little bit of research to find.
Luckily for you, we have put together the absolute best CAPTCHA systems in one place. In many ways, these are an alternative to one another. On top of that, we are also including some that are built specifically for WordPress.
Ready to get rolling? Let’s get to it.
reCAPTCHA
It’s hard to look past Google’s achievements in the CAPTCHA department. Their incredibly well-rounded system for spam protection is world-class. reCAPTCHA uses things like Artificial Intelligence, Machine Learning, and in some cases even your Google history, to detect whether you’re a robot or a human. This does come with some drawbacks, namely:
- It can sometimes take 4-5 attempts to solve a captcha.
- Might hinder the user experience if not properly aligned with your overall design.
But other than that, reCAPTCHA is an absolute leader in the field.
reCAPTCHA is a free service that protects your website from spam and abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive challenges to keep automated software from engaging in abusive activities on your site. It does this while letting your valid users pass through with ease.
Worth noting that there is an alternative module called “Invisible reCAPTCHA“. Essentially, this module still provides spam protection but does not require all users to verify that they’re not robots.
Rather, Google’s algorithm will decide by itself whether a user needs to be checked or not. This can for sure alleviate some of the user experience complexities associated with this system.
If your site runs on WordPress, then you can grab this plugin by BestWebSoft to automatically add this CAPTCHA solution to your site.
For custom sites, you’ll need to jump through a few hoops and loops, but nothing overly difficult.
Akismet
Akismet was launched two years after WordPress, and has ever since continued to evolve as the leading spam protection plugin for WordPress bloggers. In fact, it’s the default spam protection plugin that comes with all WordPress installations.
Now, by itself, Akismet is not an actual captcha solution per se. It works more on the behind the scenes aspect of spam prevention. Nevertheless, the value you get from adding this to your blog is immense.
Keep in mind that in recent years, Akismet has shifted towards a premium-tier model, but you can still get your hands on a free version for personal sites. It’s not entirely clear why Automattic decided to do this, but getting an API key is still relatively easy. And free.
visualCaptcha
visualCaptcha is a visually-oriented captcha system which focuses around simple design and accessible user experience. In addition, one of the core values is security and ensuring your content stays spam free. Best of all, this is an open-source project. So you can edit, modify, and do everything else without needing a commercial license.
It’s worth noting that visualCaptcha itself has been discontinued from development. However, the captcha system itself is still fully functional.
The existing features support mobile devices, retina-ready screens, and is extremely accessible. As for adding this to your project, visualCaptcha is built to provide support for the most popular languages, including popular frameworks and libraries.
There are also a ton of community-driven forks for this system. For example, if you’re primarily a Laravel developer, there’s a package to add visualCaptcha to your project. Likewise, the same goes for jQuery, Angular and other popular libraries.
CleanTalk
Let’s take a dig at a few WordPress-specific solutions. And to start it off we have spam protection from CleanTalk. With 80,000 active users, it’s definitely one of the more sought after plugins.
CleanTalk prides itself on being a universal solution to stopping spam. Rather than making you mess with individual settings, the plugin automatically provides spam protection for your most popular forms.
E.g. Registration, Login, Comments, Contact, eCommerce forms, and numerous forms of specific plugins. One plugin can help you integrate spam protection for more than 50+ different plugins.
The upside here is that CleanTalk won’t enforce any kind of extra tasks from the user. Rather, it works intuitively in the background by using a time-tested algorithm. You’ll be able to look over all login and form submission attempts.
Here are the top features we liked:
- Near-perfect protection with 99.9% spam prevention accuracy.
- Fully compatible with the best WordPress caching plugins.
- Broad protection for popular contact form solutions.
- Native spam protection for WordPress, JetPack comments and any other comment plugins.
- Helps you avoid Google penalties by preserving a pristine SEO structure that doesn’t involve spam.
I recommending digging inside the CleanTalk documentation for this plugin. It’s extremely extensive and talks more about the possibilities for keeping spam out of your blog or website.
Captcha Bank
If you’re seriously considering to protect your WordPress site from spammers, then Captcha Bank is the plugin to look into. While it is divided into Premium and Standard editions, the free version is more than enough to keep spammers at bay. For the Standard version, you get access to text-based captchas, logical ones, and even things like throttled login attempts.
A lot of modern attacks these days originate specifically from brute-forcing. Bruteforce is when someone attempts to break your login page by constantly trying to guess a user’s password. Captcha Bank will prevent this by limiting the number of attempts a single user can use to login.
Most importantly, this plugin will keep logs of any suspicious activity on your site. So, if you encounter a problem at some point, you can check logs and validate whether the user is being malicious or not. It is possible to blocks IP addresses one by one.
If you go for the premium version, there are a few extra features you’ll get. Namely, filters for users who need to solve a captcha and those who don’t. Also, you’ll get support for popular plugins like BuddyPress and WooCommerce. Technically, you can still implement these without paying, but if you wish to strengthen your security, then the premium version is a must.
Antispam Bee
There are more than 400,000 bloggers using Antispam Bee on their WordPress site. That should speak volumes about the potency of this anti-spam plugin. And I think the main reason why people love this plugin so much is its flexible settings panel. Once you activate the plugin, you can simple check or uncheck different boxes to implement security features in your site.
Here are some of those checklists:
- Monitor and save commenters with a trusted background.
- Automatically approve commenters who have a Gravatar profile.
- Take into the consideration the time of the comment. If looks good, approve automatically.
- Disable comments based on a language. Great for localized or bilingual sites.
- Either block or approve comments from specific countries.
- If someone submits a comment using BBCode, automatically flag it as spam.
- Check and verify the individual IP address for commenters.
- Cultivate a database of known spammers and check that against each new comment made.
- Send custom notifications to site administrator whenever spam is on the rise.
- Add filters for well-known spam and delete those comments automatically.
- Examine analytics from spam prevented and recognize any patterns.
As you can tell, this is a lot of protection for such a small plugin. But, it’s all free to use forever. So, it’s really hard to see the reason as to why you couldn’t use this plugin in your blog. Sure, it might only provide protection for comments, but comments are generally the one area that spammers are bombarding the most.
Really Simple CAPTCHA
Really Simple CAPTCHA is even more popular than the previous plugin, coming in at solid 900,000 active users. While this was first created as a plugin to help improve contact form security, it has since grown to include more protection. Also, as the name implies, this is a relatively simplified protection solution. If you need something more robust, look into other alternatives we’ve discussed so far.
Rather than storing user sessions, RS CAPTCHA will create interim files that it will use as a form of verification. The files are randomly generated. For verification, the plugin will check the submission of the CAPTCHA against the Hash code generated by the file. If there’s a definite match, then the plugin will let the comment or form submission pass through.
It might sound technical, but as a user, there’s nothing you really need to concern yourself with. All the spam prevention works in the background, and you simply need to specify where you want the captcha forms to appear.
Lastly, I’d recommend reading up on the official documentation for this plugin to get a better jist of what it does and what it does not do.
The Honeypot Technique
This technique will try to trick spammers by using custom CSS and JavaScript browser-based techniques. Whenever a user lands on your site, the method will autofill form data and see if the spammer submits the form or not. Because if its a real user, they will generally fill out the form with their own data.
So, in a sense, it’s a way to see if bots automatically push the submit button or not. This is definitely a method for the more experienced bunch. Is relatively low-cost, and might prove to be inefficient in some scenarios.
Nevertheless, because we’re looking at CAPTCHA alternatives, this was worthy of inclusion for this roundup.
Securimage
This is one of the oldest systems for CAPTCHA, and decades later is still going strong. The premise for Securimage is that it focuses on generating difficult to solve codes in the form of an image.
You’re quite easily able to add this solution to your existing forms, either manually or by using external plugins. The only real limitation is that Securimage works only within PHP environments. Great for WordPress bloggers, that’s for sure.
Here are the best features:
- Display CAPTCHA images within 3 lines of code.
- Validate people’s entries in less than 6 lines of code.
- Customize the entry length, add custom characters, or implement Unicode.
- Support for custom fonts using TTF.
- Customize the background image appearance for your CAPTCHA forms.
- Enhance the robustness of your codes by adding distortion, noise, or other random elements.
- Implement Audio option so that users can listen to the CAPTCHA code.
- Display passable words from a predetermined dictionary provided by you.
- You can even display numbers or use math equations.
If you wish to learn more, you can explore the Securimage website which includes a documentation and other help files.
Pennyauth
This might not be the most user-friendly solution. But it’s certainly creative and something different from your typical captcha systems. Pennyauth aims to verify your users by asking them to pay $0.01 per login. Payments are processed using QUID — and users can submit payment in as little time as it takes for them to grab their credit card.
Pennyauth uses QUID to process micropayments. When a captcha is required, the browser makes a QUID payment request and validates the receipt on the Pennyauth server. After validation, it creates a unique signed login token that can be verified by your application.
Now, if you were to actually use Pennyauth for your project. You are going to have to use the open-source GitHub library because otherwise, all your money is going to go to the creator of Pennyauth. By hosting the platform yourself, you also get to keep all the profits.
The nice thing is that users only have to make a payment once. The platform will remember your details forever. And yes, this is a pretty ridiculous project if you look at it that way. But you never work, it might just work for whatever you are working on!
Conclusion
So, even though we said that the options for CAPTCHA systems are limited, there’s certainly enough diversity here. Most people have grown accustomed to using reCAPTCHA, but if you work on a custom project — perhaps some of the more unique choices in this list will be more up your alley.
It goes without saying that everyone should take their site security seriously. A CAPTCHA will prevent spammers and block other forms of attackers. But, if you wish to truly improve the security of your WordPress website or otherwise, I’d recommend looking into other alternatives as well.
Let us know if we missed any CAPTCHA tools in this post. If we did, you’re welcome to submit them through the comment section below. And if we like what we see, we’ll make sure to update and include your suggestion in this post.