Captcha ¶

A captcha is used in forms to prevent attacks such as brute forcing a login form or a reset password form. It is used to try to determine or ensure the requester is human "I'm not a robot" 🤖.

The most used solution is reCAPTCHA by Google. The most known version is the one prompting us to solve a challenge (v2) while there is a version in which the captcha is silently analyzing the user behavior and may prompt them to do a captcha (v3).

The most well-known alternative is hcaptcha. It can be significantly harder to solve than reCAPTCHA.

⚠️ Before implementing a captcha, you should consider the best way to add it to avoid tiring users, and question if it's required.

✅ For instance, you can only add a captcha after 1-2 failed tries.

First, you need to create a site key and allow your website domain. Then, add a reCAPTCHA div where you want to see the captcha.

...
<div class="g-recaptcha" data-sitekey=""></div>
...

Once the form is submitted, you will get some reCAPTCHA data. You'll have to query Google API with the data for verification. They will reply back with the result of the test.