Title: Privacy CAPTCHA for Cap Author: Daniel Sturm Published: June 19, 2026 Last modified: June 19, 2026 --- Search plugins ![](https://ps.w.org/privacy-captcha-for-cap/assets/banner-772x250.png?rev=3578211) ![](https://ps.w.org/privacy-captcha-for-cap/assets/icon.svg?rev=3578211) # Privacy CAPTCHA for Cap By [Daniel Sturm](https://profiles.wordpress.org/dsturm/) [Download](https://downloads.wordpress.org/plugin/privacy-captcha-for-cap.1.0.0.zip) * [Details](https://wordpress.org/plugins/privacy-captcha-for-cap/#description) * [Reviews](https://wordpress.org/plugins/privacy-captcha-for-cap/#reviews) * [Installation](https://wordpress.org/plugins/privacy-captcha-for-cap/#installation) * [Development](https://wordpress.org/plugins/privacy-captcha-for-cap/#developers) [Support](https://wordpress.org/support/plugin/privacy-captcha-for-cap/) ## Description **Privacy CAPTCHA for Cap** integrates [Cap](https://trycap.dev/) — a self-hosted, privacy-friendly, proof-of-work CAPTCHA — into the parts of WordPress that attract the most spam: comments, login, user registration, WooCommerce checkout, and Gravity Forms. Unlike third-party CAPTCHAs (reCAPTCHA, hCaptcha, Turnstile), Cap runs the proof- of-work entirely in the visitor’s browser and verifies the token against your own Cap server. No data leaves your infrastructure. > **Unofficial integration.** Cap is an independent open-source project by tiagozip( > https://trycap.dev/, Apache-2.0). This plugin is a third-party integration and > is **not affiliated with, endorsed by, or sponsored by** the Cap project. “Cap” > refers to that project solely to describe what this plugin works with. #### Features * **First-class Gravity Forms field** — drag a “Privacy CAPTCHA for Cap” into any form from the Advanced Fields group. Per-field display-mode override. * **WordPress comments, wp-login, registration** integrations — togglable from one settings page. * **WooCommerce checkout** integration — only loads when WooCommerce is active. * **Three display modes**: inline widget, floating popover, or fully programmatic( auto-solves silently). * **Fully self-hosted assets** — the proof-of-work WebAssembly module, the cap- widget script, and the pako decompression library all ship inside the plugin and are served locally, so no jsdelivr or other third-party CDN is contacted at runtime. DSGVO/GDPR-clean by default. * **WP 6.5+ native script-module API** for proper ES-module loading. * **i18n-ready** with German translations bundled. * **Theme-friendly CSS** built on Gravity Forms Orbital tokens with `--cap-captcha-*` overrides. * **Filter hooks** for asset URLs, button classes, i18n strings, and the display mode. #### Requirements * WordPress 6.5 or later * PHP 8.3 or later * A reachable Cap server (see https://trycap.dev/) * Gravity Forms 2.5+ (only if you enable the Gravity Forms integration) * WooCommerce (only if you enable the WooCommerce integration) ## Installation 1. Upload the `privacy-captcha-for-cap` folder to `/wp-content/plugins/`. 2. Activate the plugin via the _Plugins_ menu in WordPress. 3. Go to **Settings Privacy CAPTCHA for Cap** and enter your Cap endpoint URL, site key, and secret key. 4. Tick the integrations you want to enable. ## FAQ ### Is this an official Cap plugin? No. Cap is an independent open-source project by tiagozip (https://trycap.dev/), licensed under Apache-2.0. This plugin is an unofficial third-party integration and is not affiliated with or endorsed by the Cap project. We reference the “Cap” name only to indicate which software this plugin works with. ### Where do I get a Cap endpoint, site key and secret? You provision those in your self-hosted Cap server. See the Cap documentation at https://trycap.dev/. ### Where is the WASM loaded from? By default: from the copy bundled inside this plugin at `wp-content/plugins/privacy- captcha-for-cap/assets/wasm/cap_wasm_bg.wasm`. You can optionally switch to your own Cap server’s `/assets/cap_wasm_bg.wasm` endpoint under **Settings Privacy CAPTCHA for Cap Privacy**. Either way the file is served from your own infrastructure — no third-party CDN is contacted. ### Why is a `.wasm` file bundled, and where does it come from? The bundled `assets/wasm/cap_wasm_bg.wasm` is the WebAssembly module the Cap widget uses to run the proof-of-work challenge in the visitor’s browser. Bundling it locally is the privacy-friendly default: it means no third-party CDN (jsdelivr) is contacted at page load, so visitor IPs are never shared (DSGVO/GDPR-clean). It is the unmodified upstream file from the `@cap.js/wasm` npm package (Apache-2.0), part of the open-source Cap project. The plugin does not alter it. Its source and build live in the Cap repository at https://github.com/tiagozip/cap, and the vendoring step is reproducible via `scripts/build-assets.mjs` (`bun run build`), which copies the file verbatim and `bun run build:check` verifies it matches upstream. ### Can I store the secret outside the database? Yes. Define `CAP_CAPTCHA_SECRET_KEY` in `wp-config.php` and the plugin will use it instead of the value saved in `wp_options`. ### What is “fail-open” mode? When enabled, the plugin lets submissions through if the Cap server is unreachable. Off by default — only turn it on if temporary outages must not block legitimate users (logins, checkouts). ### Does the bundled `cap-widget` script make any external requests? No third-party CDN requests. All widget assets are bundled and served from this plugin, including the `pako` decompression library (`assets/js/vendor/pako_inflate. min.js`), which older browsers without the native `DecompressionStream` API load locally instead of from jsdelivr. The only network requests the widget makes are to your own Cap endpoint to fetch and verify challenges. ## Reviews There are no reviews for this plugin. ## Contributors & Developers “Privacy CAPTCHA for Cap” is open source software. The following people have contributed to this plugin. Contributors * [ Daniel Sturm ](https://profiles.wordpress.org/dsturm/) * [ dsturm ](https://profiles.wordpress.org/dsturm-1/) [Translate “Privacy CAPTCHA for Cap” into your language.](https://translate.wordpress.org/projects/wp-plugins/privacy-captcha-for-cap) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/privacy-captcha-for-cap/), check out the [SVN repository](https://plugins.svn.wordpress.org/privacy-captcha-for-cap/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/privacy-captcha-for-cap/) by [RSS](https://plugins.trac.wordpress.org/log/privacy-captcha-for-cap/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.0.0 * Initial release. * Gravity Forms field (inline / floating / programmatic display). * Comments, login, registration, WooCommerce integrations. * Fully self-hosted assets — WASM module, cap-widget script, and pako library all bundled and served locally; no third-party CDN is contacted at runtime. DSGVO- clean by default. * WP 6.5 native script-module loading. * Top-level Settings Privacy CAPTCHA for Cap page with integration toggles, WASM source choice (this plugin or your own Cap server), fail-open switch. * German translations. ## Meta * Version **1.0.0** * Last updated **12 hours ago** * Active installations **Fewer than 10** * WordPress version ** 6.5 or higher ** * Tested up to **7.0** * PHP version ** 8.3 or higher ** * Tags * [captcha](https://wordpress.org/plugins/tags/captcha/)[comments](https://wordpress.org/plugins/tags/comments/) [Proof of Work](https://wordpress.org/plugins/tags/proof-of-work/)[spam](https://wordpress.org/plugins/tags/spam/) [woocommerce](https://wordpress.org/plugins/tags/woocommerce/) * [Advanced View](https://wordpress.org/plugins/privacy-captcha-for-cap/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/privacy-captcha-for-cap/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/privacy-captcha-for-cap/reviews/) ## Contributors * [ Daniel Sturm ](https://profiles.wordpress.org/dsturm/) * [ dsturm ](https://profiles.wordpress.org/dsturm-1/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/privacy-captcha-for-cap/)