CAPTCHAs and Craft CMS

After facing an onslaught of user registration spam, Ryan looked to a modern CAPTCHA that balanced protection against bots with maintaining a good user experience.

Craft 5

Forms

Recent­ly, CraftQuest expe­ri­enced a high vol­ume of of spam sign-ups for user accounts. I want­ed to pre­vent bots from cre­at­ing these accounts and cre­at­ing a mess, so I decid­ed to add a CAPTCHA to the reg­is­tra­tion form for CraftQuest. 

How­ev­er, I am very care­ful about the sign-up expe­ri­ence for CraftQuest, in order to make sure it is as sim­ple as pos­si­ble. For exam­ple, I don’t do email ver­i­fi­ca­tion because it adds to much fric­tion to the process to get some­one on a video and learning.

But I also don’t want there to be a flood of reg­is­tra­tion spam. So, I need­ed a way to thread the nee­dle of this goal with­out harm­ing the user expe­ri­ence and ease of sign-up for my train­ing customers.

The CAPTCHA solu­tion I chose was the least dis­rup­tive as pos­si­ble. But before we get into that, let’s look at a very briefly his­to­ry of CAPTCHAs and what the options are.

We will explore the dif­fer­ent types of CAPTCHAs over the years, as well as how to imple­ment the Cloud­flare Turn­stile CAPTCHA on a Craft CMS project user registration.