What is CAPTCHA? How CAPTCHA works and the different types

At its core, CAPTCHA is a test designed to tell humans and computers apart. In WordPress, it assists website owners and administrators in tackling spam and certain types of automated attacks. Since its invention, CAPTCHA has evolved to include different types of tests.

In this article, we will be taking a closer look at CAPTCHA, how it works, and the different types of CAPTCHA you can implement on your WordPress website.

How CAPTCHA works

The word CAPTCHA is an acronym. It stands for: ‘Completely Automated Public Turing test to tell Computers and Humans Apart.’ CAPTCHAs are a type of Turing Test first developed in the late 1990s by Alan Turing to tackle the problem of its namesake. These tests are designed to determine whether the entity taking the test is human or not.

Solving CAPTCHAs is easy for humans but difficult for non-human entities such as automated bots. Although they come in different forms, such tests aim to achieve the same thing.

In WordPress implementations, CAPTCHAs still tell computers and humans apart. In all cases, human users are able to proceed with an action, such as submitting a form or logging in. However, if the test determines it’s a computer program, whether run by malicious bots or otherwise, it will not be let through.

Step-by-step CAPTCHA

CAPTCHA tests present the website visitor with a challenge. As previously discussed, all challenges are designed so that a human visitor can complete them with relative ease while a bot would struggle and fail.

The best way to add CAPTCHA to WordPress is through a plugin. The plugin loads CAPTCHA challenges from the CAPTCHA service provider. This means that the test is not stored on your website. There are many advantages to this approach, namely:

• Processing is done on an external server, saving you resources
• Expected test results are stored on an external server, away from the prying eyes of bots
• You get access to a large pool of tests
• Service improvements are deployed instantaneously

Once the user or visitor completes the CAPTCHA test, the plugin sends the answer to the service provider and waits for the result. If the result comes back negative, the action (such as form submission) is allowed to complete. If the result is positive, the visitor is either served another test or the action is declined.

CAPTCHAs rely on a connection from your WordPress to the service provider. This is why CAPTCHA 4WP offers access to different ReCAPTCHA domains in case one gets blocked.

Can spam bypass CAPTCHAs?

While CAPTCHAs are very good at what they do, they are not a fail-safe silver bullet. Advances in AI and Machine Learning mean computers are getting better at solving different types of CAPTCHAs, whether it’s a CAPTCHA image, audio CAPTCHAs, or other types of CAPTCHAs. This is why modern CAPTCHAs increasingly rely on user behavior instead of the more traditional CAPTCHAs.

Bad actors may also employ services such as those provided by Mechanical Turk to have actual humans solve CAPTCHAs for pennies.

What can CAPTCHAs protect?

CAPTCHAs can be used to protect different parts of your website from automated programs, brute-force attacks, and other kinds of unwanted visitors. Generally speaking, CAPTCHA tests can be implemented wherever an action takes place, such as the submission of a form. However, services such as Cloudflare Turnstile validate users across your website, effectively protecting your entire WordPress in one fell swoop.

More specifically, CAPTCHAs can protect:

• Web forms: This includes contact forms, comment forms, and other type of WordPress forms.
• Web pages: As mentioned earlier, CAPTCHAs can protect entire web pages and websites, validating visitors before they access a page.
• Online polls: Online polls can also be protected by CAPTCHAs to help ensure the integrity of the results.
• Logins: Logins are one of the most sensitive forms on WordPress, with CAPTCHAs able to protect WordPress login forms as well as those of third-party plugins such as WooCommerce
• Checkout: Checkout forms, most notably WooCommerce checkouts, can also be protected by CAPTCHA

The different types of CAPTCHAs

Here are some of the most common CAPTCHA types you can add to your websites. Some were used in early versions but have been reintroduced in later technologies. You can sometimes combine more than one of these methods for your WordPress websites in a single CAPTCHA version.

Text-based CAPTCHAs: Text CAPTCHAs require website visitors to type out text that appears in an image. These traditional CAPTCHAs include heavily distorted text or scanned from old texts. Originally, the distorted text used in early CAPTCHA images came from scanned texts that had failed OCR.

Image-based CAPTCHAs: CAPTCHA images ask your website visitors to identify similar images or parts within a single image displayed in a grid. Also known as image recognition CAPTCHAs, they often rely on pattern recognition, which is something humans are very good at.

Sound-based CAPTCHAs: An audio CAPTCHA is often used to replace other types of CAPTCHAs for visually impaired users. They use an audio recording that the user must type in.

Logic, math, or verbal questions: These CAPTCHA challenges present simple logical or mathematical problems, such as word puzzles, order arrangement, or arithmetic challenges. They are designed so that a seven-year-old child can solve them, though a bot will have a hard time doing so.

User interaction tests: These CAPTCHA tests require users to perform simple tasks that are difficult for computers to pass. One common example of this is the Slider CAPTCHA puzzle, which requires a user to drag a slider across the screen to align puzzle pieces.

Behavior analysis: Such a CAPTCHA looks at user’s behavior to determine how likely it is they are human or not. CAPTCHA ReCAPTCHA V3, in particular, returns a score

Social Media Sign In: Strictly speaking, this is an alternative to CAPTCHA, although with the same goal. This method is used when signing up for a website. Instead of setting up an account with the normal username and password details, you can use your existing Google or Facebook credentials.

Revenue-generating CAPTCHAs: Some CAPTCHA types allow website owners to earn additional revenue by connecting them with advertising.

Implementing CAPTCHA on WordPress websites

Some WordPress themes and plugins have a reCAPTCHA feature included. However, the best way to implement CAPTCHAs on WordPress websites is through a dedicated plugin. The biggest advantage of dedicated plugins is that they offer a centralized location from which you can manage all CAPTCHA tests on your website. This allows you to set up CAPTCHA once and use it across all your WordPress and different forms, including those created by third-party plugins.

Dedicated CAPTCHA plugins also tend to offer more options and customizations. Such features make your experience and that of your website visitors much more efficient and pleasant.

What to look for in a WordPress CAPTCHA plugin

Before you select a plugin, here are some general guidelines to serve as a checklist:

• Make sure the plugin protects your website from all types of spam, fake accounts, and automated bot attacks. Take time to read its reviews and feature lists to ensure it covers each point.
• Verify the plugin’s inclusion of user privacy considerations. For example, does it incorporate measures to answer one of the most demanding user security regulations in the world, the EU’s GDPR? Read the plugin’s documentation on this before you proceed.
• Determine whether the plugin should have the ability to add CAPTCHA to several places on your site in addition to the login page. For example, you might want to add CAPTCHA to your comment form, registration forms, and checkout pages. You may even want to add multiple CAPTCHAs to the same page.
• Check that the plugin integrates with the other tools you use, like the blog comments section, contact form, or commercial plugins. Spam comments are just as big a problem as emails.
• It’s important that your plugin is easy to install and use, with multiple configuration options so that it suits all your technical and commercial requirements.
• Use a plugin that is self-contained for ease of configuration and maintenance.

Some CAPTCHAs may use some of your website visitors’ data for reasons other than security. For a CAPTCHA to comply with regulations such as GDPR, it must allow your users to opt-out where relevant.

Why you should install CAPTCHA 4WP

We developed CAPTCHA 4WP with security and usability in mind. Here are some of the advantages and benefits of the CAPTCHA 4WP plugin.

• Speed and simplicity: You do not require coding skills to install CAPTCHA 4WP. All you have to do is enter the CAPTCHA keys and select which forms should embed CAPTCHA tests.
• Multiple CAPTCHA providers: CAPTCHA 4WP offers multiple service providers to choose from to suit individual needs
• Ease of use: CAPTCHA 4WP balances security with a straightforward UI with configurable options. For example, it allows you to request CAPTCHA on failed logins only.
• Universal compatibility: CAPTCHA 4WP is fully compatible with all WordPress forms and login pages, as well as popular third-party plugins such as WooCommerce and Contact Form 7. The Premium feature also provides out-of-the-box support for third-party plugins and integration with other common plugins such as BuddyPress, Gravity Forms, WPForms, and Mailchimp.
• First-class support: Whichever version of CAPTCHA 4WP you use, you will receive one-to-one email support and help forum access. This includes a new dedicated page for help and support with downloadable information for easier troubleshooting.
• International applicability: You can use the CAPTCHA 4WP plugin in any country.

The different types of CAPTCHAs offered by CAPTCHA 4WP

Get support for multiple types of CAPTCHA service providers when choosing CAPTCHA 4WP. Available options include:

• Google reCAPTCHA (all versions)
• hCaptcha
• Cloudflare Turnstile

CAPTCHA 4WP configuration options

CAPTCHA 4WP also offers many helpful configuration options, including:

• Languages – You can choose from multiple CAPTCHA text languages or configure the plugin to automatically change the CAPTCHA text language to match that of the website visitor
• Design – You can change the size and UX of the CAPTCHA to bring it in line with your design requirements
• Score – You can configure the reCAPTCHA V3 test passmark score – the level of risk the user interaction poses in real-time – and set failover actions to ensure no real users fall through the cracks
• Failover action – Configure reCAPTCHA V3 failover to avoid false positives falling through the cracks
• Personalization – If you run a WooCommerce store on your WordPress website, you can ensure smoother eCommerce processes without impacting WordPress security. CAPTCHA 4WP allows you to limit the CAPTCHA to the login page and omit it from the checkout form.
  You can also specify the display location of the CAPTCHA on the WooCommerce login or checkout pages and customize error messages.
• Whitelists – CAPTCHA 4WP gives you the ability to whitelist trusted logged-in users, user roles, specific IP addresses, or specific URLs. If you configure CAPTCHA to run invisibly on all pages, you can also use these plugin settings to exclude it from specific URLs.

Is CAPTCHA worth implementing on your website?

Solving CAPTCHAs is always going to be a difficult task for bots. While bots are improving, so are CAPTCHA and reCAPTCHA tests, ensuring WordPress administrators and website owners can stay one step ahead of bad actors.

Different CAPTCHAs also address concerns such as those raised by GDPR and the challenges visually impaired people used to encounter when trying to solve these tests. While advances in Artificial Intelligence do pose some threats, computers are still not capable of defeating the latest CAPTCHAs successfully.

Solving CAPTCHA tests remains difficult for bots, which makes CAPTCHA well worth implementing on your website. This is especially true when using CAPTCHA 4WP, which offers a plethora of options to help you make sure your WordPress remains safe, secure, and spam-free.

Frequently Asked Questions

What does CAPTCHA mean?

The term CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. You can use it on your websites to block visitors who are not human. This includes bots and other types of automated scripts and software. It does this through tests that are easy for humans to pass but very difficult for bots.

What is CAPTCHA and types?

CAPTCHA is a test that tells humans and computers apart. Its main purpose is to keep spam out, thus functioning as an anti-spam solution. There are many different types of CAPTCHA, such as text-based CAPTCHA, image-based CAPTCHA, and even noCAPTCHA CAPTCHA. We cover all the different types of CAPTCHAs in our article above.

How accurate is CAPTCHA?

CAPTCHA’s Turing test assesses the likelihood of whether a visitor is human or not. While accuracy has improved over time, it is still not at 100%. This is why CAPTCHA 4WP includes a failover action feature to ensure that no human visitors fall through the cracks.

Get started with CAPTCHA 4WP today

Say no to spam and get CAPTCHA 4WP today. With plenty of options and free email support available with all plans, you can rest easy knowing Melapress has your back.