## WEB Course

Go back

The most-well know solution is ReCaptcha (v2 / v3), proposed by Google. In v3, you won't have to process a captcha, but Google will watch what you are doing (mouse, ...), and may request you to submit a captcha if your (human) score is too low. Check their tutorial here.

You may consider hcaptcha as an alternative to ReCaptcha. But it had quite a lot of criticism for being hard to solve (or maybe they were Google employees 🤣). From my point of view, it is indeed sometimes hard to solve, and even TryHackMe, the ones that made me discover hcaptcha, moved to ReCaptcha (v2), but I don't know if this is related.

Adding a captcha should not be an easy choice. It may not be a good idea.

• You can start first by limiting the number of requests per IP and hour/...

What you need to remember is that, if almost every person filling your captcha are human, then you should really consider an alternative, to improve their user experience (UX). On top of that, bots can also bypass a captcha (at least it seems so, but I didn't try).

## For ReCaptchaV2, my notes ¶

• (v2) put an HTML tag looking like that <div class="g-recaptcha" data-sitekey=""></div>
\$post_data = array('secret' => 'your-secret-key', 'response' => 'data-site-key');