CAPTCHA is a pretty lengthy abbreviation, it’s almost a whole sentence: Completely Automated Public Turing Test To Tell Computers and Humans Apart. It’s popularly known as simply CAPTCHA. In simple terms, this is a test for telling robots from people.
There are a lot of CAPTCHA types: distorted text, mathematical operations, puzzles, questions, and etc. In most cases, those tests are not difficult for people, but for robots, until recently, they were almost insurmountable.
What’s the purpose of CAPTCHA?
To understand the purpose of CAPTCHA, you need to understand why some ill-intentioned robots visit sites. In fact, the goals of those who send them may be different:
DDoS attacks. An easy method to crash a site. To do this, a bunch of requests are sent from different sources, which the server is unable to process. As a result, the resource freezes and becomes inaccessible to users.
Brute-force attacks. This is an attempt to hack a site by guessing a username and password. Special programs can try different combinations indefinitely. Sites that are managed via an open source CMS like WordPress or Joomla! are especially often subject to such attacks: the address of the login page for the admin panel is standard by default, so it is well known to scammers.
Spam. After you launch a site, after a while, heaps of links from spammers appear in the comments. If you don’t control that, the site can turn into a link dump and be filtered out by search engines.
E-commerce fraud. Many online stores have promotions where you can buy some products for a limited time. It can be, for example, a limited collection or a novelty from a manufacturer of innovative technology at a reduced price. In such situations, bots capable of performing a lot of operations in a few seconds come into play, buying up the entire batch of goods and leaving others no chance.
Data theft. Collecting information from websites is called scraping. It’s mainly done by large online stores, aggregators, and SEO specialists who study the competitive environment or want to automatically fill the pages of promoted sites with other people’s content. Scraping usually doesn’t harm the resource, but it can overload the hosting account on which the site is located. It’s almost impossible to protect yourself from this, CAPTCHA cannot help. In practice, CAPTCHA usually helps only in the case of abuses and not smart ways to scrape websites.
Different types of CAPTCHA
CAPTCHA was invented 20 years ago and initially showed high efficiency in the fight against robots. However, with the development of artificial intelligence, the method became somewhat less effective. Currently, there are various technologies and browser extensions that allow you to bypass it. If the tasks are too difficult for the robot, they are entrusted to real people from specialized services. These days, if getting something done is super important, CAPTCHA is not an obstacle.
It is important to note though that CAPTCHA developers also improve their technology. Some companies create CAPTCHAs of their own but most use ready-made solutions. The most commonly used option is Google’s reCAPTCHA.
In 2014, the search engine released an improved version, reCAPTCHA v2. It is still actively used by site owners. If the user doesn’t arouse suspicion in the program, he or she only needs to check a box to confirm his or her humanity. Otherwise, a quest appears that can cause a lot of trouble for a real user if the program makes a mistake – and this happens often.
Since this version of CAPTCHA turned out to be not so user-friendly, the search engine offered an improved version, reCAPTCHA v3. It is invisible to users and doesn’t force them to solve puzzles. Instead, it constantly monitors the users’ actions, assesses them and then reaches a verdict if it’s a robot or a person.
Many sites still use CAPTCHA. Despite the fact that its effectiveness is not 100%, this method of combating fake traffic is simple and free. There are however two significant drawbacks:
- Inconvenient for users
CAPTCHA’s seemingly simple tasks cost people extra time and energy. A few years ago, a study confirmed the negative impact of CAPTCHA on conversions.
- Affects site performance
The use of third-party widgets (such as Google reCAPTCHA) leads to a decrease in site loading speed. The impact on speed may not be very critical, but it is extremely important to enable the widget only on those pages where it is really needed.
Hidden or invisible reCAPTCHA is a CAPTCHA that allows background validation of users’ actions on the site. Invisible reCAPTCHA allows users to perform any actions on the site immediately without entering CAPTCHA. Only the most suspicious actions of users will prevent them from passing further. If users actions are assessed to be suspicious, invisible reCAPTCHA will offer them to solve the CAPTCHA to determine whether this operation is actually performed by a person, not a robot.
Hidden reCAPTCHA has the benefit of not wasting users’ time or annoying them.
Using CAPTCHA with WordPress sites
There are many WordPress plugins with various CAPTCHA options, from simple mathematical actions to questions using logic. In most cases, it is best to choose the simplest and most effective option, namely the hidden CAPTCHA from Google. There are several plugins you can use to connect and configure it, the simplest and most versatile one is Invisible reCAPTCHA.
One of the most noteworthy features of Cloudflare is its protection against distributed denial of service (DDoS) robots. DDoS is a type of cyber attack that aims to disrupt the availability of a website by flooding the network with many different requests in a short period of time. These malicious requests spread across multiple locations and networks, making it difficult for a site administrator to block incoming traffic from a single source.
Cloudflare protects against DDoS attacks by automatically blocking suspicious traffic, especially traffic that may come from a non-human source. When Cloudflare sees an unfamiliar or strange new IP address making a request on a site, it flags it and prompts a CAPTCHA before allowing the request.