How to add CAPTCHA protection to your web site

This article describes what CAPTCHA protection is when you might use it, and some implementations for various programming languages that you can add to your own website.

What is a CAPTCHA?

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a test that tries to determine if a user is a human or a computer. The most common type of CAPTCHA is an image of hidden letters or numbers displayed in a frame. Before accessing website content or submitting data the user must correctly enter a sequence of letters or numbers. Since automated bots usually cannot read these images, they cannot be misusing the resources of the website.

When to use CAPTCHA protection

Add CAPTCHA protection if your website has any of the following:

• Forms that process user-submitted data, including e-mail forms, comment forms, and registration forms.
• Surveys or polls.
• Pages that accept file uploads or downloads by users.
• Any other pages that accept user-submitted data.

CAPTCHA implementations

There are several free and open-source CAPTCHA implementations available, depending on the programming language that your website uses.

PHP

These are some of the numerous CAPTCHA implementations available for PHP:

• The Securimage script enables you to easily add PHP-based CAPTCHAs to a website. If you need more information, please visit http://www.phpcaptcha.org.
• The captchas.net service provides CAPTCHA implementations for several languages, including PHP. If you need more information, please visit http://captchas.net/sample/php.
• Google provides the reCAPTCHA service. If you need information about reCAPTCHA, please visit http://www.google.com/recaptcha. For specific information about implementing reCAPTCHA with PHP, please visit https://developers.google.com/recaptcha/intro.
• If you are a programmer and would like to write your own CAPTCHA implementation, you can use the Text_CAPTCHA PEAR package in PHP.