Skip to content

reCAPTCHA – what is it? How it works?

Most well-optimized websites provide contact forms or have fields for entering comments. They allow the exchange of information and interaction with people who visit the site. At the same time, website owners need to know that such solutions are fuel for spam. However, there are safeguards to protect your domain from unwanted content. One of them is reCAPTCHA.

How spam works

Bill Gates at the 2004 World Economic Forum in Davos surprised the public with his prophecy that “spam will be a thing of the past in two years’ time.” But he had no idea that unwanted content would plague the Internet like this. In fact, bots (spam bots) are getting smarter. Computer programs that run largely autonomously search the Internet for form fields and other interactive website elements to place their developers’ advertising messages. This way, they spread unwanted content on the page in no time.

What is CAPTCHA?

The CAPTCHA (abbreviation for Completely Automated Public Turing test to tell Computers and Humans Apart) is a fully automatic spam protection procedure. This is an online verification method that allows you to distinguish computers from people. In this way, it is determined whether a human or a machine (bot) is active on the website and checks who makes entries in the web forms. The verification is mainly performed on the basis of solutions to mini-puzzles in the form of reading a letter or digital code from the displayed photo.

>> Website security – how to take care of it? <<

Captcha verification – what is its purpose?

CAPTCHA is most commonly used when web applications allow user interactions. Imagine you are running an online store and giving your customers the ability to write product reviews using the comment function. In this case, you want to make sure that the entries actually come from your customers or at least from people visiting your site. Instead, you can often find lots of auto-generated spam posts. Some of them may contain, for example, links to a competitor’s store.

Robots are usually used for such activities, so the purpose of CAPTCHA is additional verification. It allows you to distinguish users from bots and prevent the spread of harmful content on the site. After successfully solving CAPTCHA, the user can verify himself as a human and then submit the entered data.

What does CAPTCHA verification look like?

There are many different methods that can be used to verify a user with CAPTCHA. The oldest form is the text option. Known words or random combinations of letters and numbers are distorted, combined, rotated or combined with additional graphics such as colors, lines, dots, pattern on the background. In order to pass the test, the user has to decrypt the content of the solution shown in the CAPTCHA field and enter it using the keyboard in the dedicated text field. This form of protection provides reliable protection against spam only when the displayed solution is an insurmountable obstacle for programs with automatic text recognition.

Over time, numerous alternatives to CAPTCHA text technology have emerged. Image-centered checks are currently the most popular. Instead of the alienated word, the user is shown a picture with the appropriate solution instructions. As a rule, these are photos taken from Google Maps, which serve as graphic material for determining the elements indicated for recognition. For example, from among the displayed images, the user is to select those with a fire hydrant or a passenger car.

Other ways to verify CAPTCHA are:
– sound recognition – a particularly good solution for deaf people,
– short and easy math problems (e.g. 5 + 5 =?),
– simple and fun mini-games (e.g. rebuses, associations).

However, it should be noted that none of the early methods provided complete protection against spam. In addition, increasingly complex CAPTCHA verifications degrade the user-friendliness of the website. Many people get frustrated when they cannot proceed with placing an order because they have to look for details in the displayed image. Therefore, reCAPTCHA is a new solution.

I’m not a robot! So what is reCAPTCHA?

An alternative to traditional CAPTCHA verification is a solution that works easier for users. It’s about reCAPTCHA, a service that was originally developed at Carnegie Mellon University in Pittsburgh and later acquired by Google. It is able to detect strange user behavior on the website and analyze normal traffic. Most often, to confirm “being a human” you only need to select the “I’m not a robot” option.

The more difficult reCAPTCHA code is displayed only when the visitor cannot be identified with sufficient certainty as a human being. But it’s still easier to solve than conventional CAPTCHAs. They are often picture puzzles in which you have to choose all the pictures that show something specific. The creators of reCAPTCHA claim that the reliability of this system deserves a lot of attention. The service works in the background, and Google can collect data from anyone who clicks a field confirming their humanity (time, location). Combined with all the other data Google has about each user, this creates a very accurate picture of the user. Anyone trying to avoid this kind of profiling often faces some very difficult picture puzzles.

Is it worth using the reCAPTCHA robot?

By using reCAPTCHA you increase the security of your contact forms. You also protect your website content from spam in the form of suspicious links or unwelcome comments. In addition, when using opinion polls, you can be sure that you will receive responses from real, natural persons, and not from robots. The same principle applies to subscribing to the newsletter: only real and active e-mail addresses will be entered into the database. Without reCAPTCH, it is difficult to imagine the activity of online stores. The use of anti-spam verification at the stage of placing an order or user registration increases the security of purchases and transactions on the Internet.

At the same time, it should be noted that solving reCAPTCHA may burden the servers. Therefore, it is always necessary to compare the technical and usability area of the site with the direct use of reCAPTCHA as a spam filter. Need to check if the page continues to load quickly? If not, think about the changes. And it’s worth it, because the website is well protected against spam and is more user-friendly. It also allows you to better monitor what is happening there and take advantage of obtaining the necessary data.

Good to know… However, remember about people with disabilities if you want to use the reCaptcha technology as an anti-spam protection. It should be designed in such a way that alternative solutions are available to take into account different forms of disability (e.g. blind people).

>> Traffic bot – the source of spam in Analytics <<

How to enable reCAPTCHA?

Before you activate anti-spam protection on your website, you need to generate reCAPTCHA public and private keys. Please follow the steps below:
– Login or create a Google account.
– Go to and click “+” for “add site”.
– Fill out the displayed form (label, reCAPTCHA type, all domains added to the store, your e-mail address).
– Read the regulations, accept them and send the data.
– You will be given two keys: public and private (don’t close this card!).
– Now you can turn on the antispam protection in the form of reCAPTCHA on your website:
– In a new tab, go to the store’s administration panel and log in.
– Select “security” in the settings.
– Set “YES” to “Secure forms in the store with reCAPTCHA”.
– Copy and paste the generated keys into the appropriate fields.
– Decide for which forms you want reCAPTCHA to apply and save the changes.

From now on, your website will have an active spam protection.

Published inParagraph ChangerreCAPTCHARephrase tool online