This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.



Securimage-WP-Fixed is a fixed and improved version of Securimage-WP plugin which was removed from wordpress plugins due to XSS vulnerability.

Securimage-WP utilizes the powerful CAPTCHA protection of Securimage Captcha to add protection to your WordPress comment forms.

From your WordPress Settings menu, you can easily customize all aspects of the CAPTCHA image to match your site’s look, as well as customize the security features of the CAPTCHA.

Securimage-WP also has the ability to stream secure, high-quality, dynamic audio CAPTCHAs to visitors.

Additional Features Include:

  • Customize code-length, image dimensions, colors and distortion factors from a menu
  • Supports word or math based CAPTCHA images and audio
  • Add a custom signature to your images
  • Customize icon used in Flash button for streaming audio
  • Easily add CSS classes and styles to the CAPTCHA inputs
  • Select the sequence of the CAPTCHA inputs to match your site layout
  • Allows pingbacks and trackbacks, and replies from administration panel
  • Visitors do not need cookies enabled, stores codes in a database table


  • WordPress 3.0 or greater
  • Requires PHP 5.2+ with GD and FreeType

About This Plugin:

This plugin was developed by Drew Phillips, the developer of Securimage PHP CAPTCHA. Securimage is completely free and open-source for the community and your use, as is this WordPress plugin. If you find either of these things useful, please consider donating. Thank you for using this plugin!

XSS vulnerability fix and other improvements from 3.5.3 version by Jehy.

You can also use Secureimage-WP-REG plugin to protect your registration page with this plugin.

Donate or help?

If you want to ensure the future development and support of this plugin, you can make donation on this page or just write about this plugin in your blog.


  • Securimage-WP shown on a comment form
  • A math CAPTCHA with custom text instead of a refresh button in the Twenty Ten theme
  • A CAPTCHA customized to use a CSS border and margin
  • Admin options to control image appearance
  • Miscellanous options for captcha functionality and look


Installation of Securimage-WP is simple.

  1. From the Plugins menu, select Add New and then Upload. Select the .zip file containing Securimage-WP. Alternatively, you can upload the securimage-wp directory to your /wp-content/plugins directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. Customize the CAPTCHA options from Securimage-WP under the WordPress Settings menu.


What are the requirements?

Securimage-WP requires PHP 5.2+, GD2, FreeType, and WordPress 3+.
If you install Securimage-WP, there is a test script that will tell you whether or not your system meets the requirements.

The CAPTCHA image is not displaying

From the Securimage-WP settings menu, enable the Debug Image Errors option, save the settings, and then click the link labeled View Image Directly. Ideally, this will reveal any error messages that may be causing the image generation to fail. Try to troubleshoot the error, or contact us for assistance.

The refresh button does not work

Javascript must be enabled for the refresh buttons to work. Make sure Javascript is enabled or check for errors that may prevent it from functioning.

I noticed the image refresh by itself when I was looking at my comment form

CAPTCHA codes have expiration times in order to reduce the amount of time spammers have to break the CAPTCHA. The default time is 15 minutes. After this time lapses, the CAPTCHA refreshes since it is no longer valid. You can customize this setting in the options menu.


Read all 3 reviews

Contributors & Developers

“Securimage-WP-Fixed” is open source software. The following people have contributed to this plugin.


Translate “Securimage-WP-Fixed” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Fixed PHP warning if using PHP 5.4
  • Small fixes and improvements


  • Plugin fixed and published by Jehy. New name – SecureImage-WP-Fixed
  • Fix one more potential XSS
  • Upgrade Securimage library to latest version
  • Fixed one HTML bug
  • Fixed case with possible MySQL error
  • Added better user identification


  • Fix potential XSS vulnerability in siwp_test.php
  • Upgrade Securimage library to latest version


  • Initial release of WordPress plugin