WordPress.org
Get WordPress
WordPress.org

Plugin Directory

GateCHA CAPTCHA

GateCHA CAPTCHA

By gatecha
Download

Description

GateCHA CAPTCHA connects your WordPress site to your own GateCHA instance — a self-hosted, open-source CAPTCHA management service based on the ALTCHA proof-of-work protocol.

Why GateCHA?

  • Privacy-first — No cookies, no fingerprinting, no user tracking. Fully GDPR-compliant.
  • Self-hosted — Your challenges and verifications stay on your own server. No data goes to third parties.
  • Proof-of-work — Bots must solve a computational puzzle. No annoying image puzzles for humans.
  • Centralized stats — Track challenges issued, verified, and failed across all your sites from one dashboard.

Supported forms:

  • WordPress login, registration, password reset, and comments
  • WooCommerce login, registration, and password reset
  • Contact Form 7
  • WPForms
  • Gravity Forms
  • Elementor Pro Forms
  • Forminator
  • Formidable Forms
  • HTML Forms
  • Custom placement via [gatecha] shortcode

Setup in 2 steps:

  1. Enter your GateCHA instance URL
  2. Enter your API key

That’s it. Enable CAPTCHA on the forms you want to protect.

External Services

This plugin connects to your self-hosted GateCHA instance for CAPTCHA challenge generation and verification. Two API calls are made:

  1. GET /api/v1/challenge — Fetched by the user’s browser to obtain a proof-of-work challenge.
  2. POST /api/v1/verify — Called from your WordPress server to verify the solved challenge.

No data is sent to any third-party service. All communication is between your WordPress installation and your own GateCHA instance at the URL you configure in Settings GateCHA.

Source Code

The full source of this plugin is available at https://github.com/Upellift99/GateCHA-WordPress.

The plugin’s own JavaScript (assets/js/gatecha.js) and CSS (assets/css/gatecha.css) are shipped unminified and human-readable.

The plugin bundles one third-party library in minified form:

This is the unmodified production build distributed on npm as the altcha package (it corresponds to the package’s dist/altcha.js ES module build). To obtain and review the human-readable source, run npm install altcha@2.2.4 and inspect the package’s src/ directory on GitHub.

Screenshots

The GateCHA server dashboard — challenges, verifications and failures are tracked centrally across all your sites and API keys.
The GateCHA server dashboard — challenges, verifications and failures are tracked centrally across all your sites and API keys.

Installation

  1. Upload the gatecha-captcha folder to /wp-content/plugins/
  2. Activate the plugin through the Plugins menu
  3. Go to Settings GateCHA
  4. Enter your GateCHA URL and API key
  5. Enable CAPTCHA on the forms you want to protect

Requirements:

  • A running GateCHA instance
  • An API key from your GateCHA dashboard (starts with gk_)

FAQ

What is GateCHA?

GateCHA is a self-hosted CAPTCHA management service that wraps the ALTCHA proof-of-work protocol. It provides API key management, multi-site support, and an analytics dashboard. See the GateCHA website for more information.

How does proof-of-work CAPTCHA work?

Instead of asking users to solve image puzzles, the browser solves a small computational challenge in the background. This is invisible to legitimate users but expensive for bots trying to submit forms at scale.

Is my API key secure?

The API key is used in the browser to fetch challenges, similar to how reCAPTCHA and hCaptcha use site keys. You can restrict your API key to specific domains in your GateCHA dashboard for additional security.

Does this plugin send data to external services?

Only to your own GateCHA instance. No data is sent to any third-party service. See the External Services section below.

Can I use this with a custom form?

Yes, use the [gatecha] shortcode to place the widget anywhere. Then verify the altcha POST field server-side.

How do I bypass the CAPTCHA for automated testing (e.g. Playwright)?

Define a bypass token in your wp-config.php:

define( 'GATECHA_BYPASS_TOKEN', 'your-secret-test-token' );

Then in your tests, set the altcha hidden input to this token before submitting the form:

document.querySelector('input[name="altcha"]').value = 'your-secret-test-token';

The plugin will accept the token as a valid verification without contacting the GateCHA server. Never define this constant in production.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“GateCHA CAPTCHA” is open source software. The following people have contributed to this plugin.

Contributors

Translate “GateCHA CAPTCHA” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.0

  • Initial release.
  • WordPress login, registration, password reset, and comments integration.
  • WooCommerce login, registration, and password reset integration.
  • Contact Form 7, WPForms, Gravity Forms, Elementor Pro, Forminator, Formidable Forms, and HTML Forms integration.
  • [gatecha] shortcode for custom form placement.

Meta

  • Version 1.0.0
  • Last updated 18 hours ago
  • Active installations Fewer than 10
  • WordPress version 6.0 or higher
  • Tested up to 7.0
  • PHP version 7.4 or higher
  • Tags
  • Advanced View

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum