Title: Is captcha a code execution plugin?
Last modified: August 22, 2016

---

# Is captcha a code execution plugin?

 *  Resolved [sd360](https://wordpress.org/support/users/sd360/)
 * (@sd360)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/is-captcha-a-code-execution-plugin/)
 * I am trying to harden wordpress against attacks. So I need to know if Captcha“
   allows arbitrary PHP or other code to execute from entries in a database” meaning
   I would have to “use custom page templates that call the function”
 * [https://wordpress.org/plugins/captcha/](https://wordpress.org/plugins/captcha/)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [bestwebsoft](https://wordpress.org/support/users/bestwebsoft/)
 * (@bestwebsoft)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/is-captcha-a-code-execution-plugin/#post-5687956)
 * Hi,
 * We have received your query and it is now being processed. We will get back to
   you on this forum as soon as we can.
 * Regards,
    BestWebSoft Support Team
 *  [bestwebsoft](https://wordpress.org/support/users/bestwebsoft/)
 * (@bestwebsoft)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/is-captcha-a-code-execution-plugin/#post-5687990)
 * Hi sd360,
 * If you’d like to add captcha to a custom form, please follow the steps below:
 * 1. Install the Captcha plugin and activate it.
    2. Open the file with the form(
   where you would like to add the captcha to). 3. Find a place to insert the code
   for the captcha output. 4. Insert the necessary lines:
 *     ```
       if( function_exists( 'cptch_display_captcha_custom' ) ) { echo "<input
       type='hidden' name='cntctfrm_contact_action' value='true' />"; echo
       cptch_display_captcha_custom() } ;
       ```
   
 * If the form is HTML you should insert the line with the PHP tags:
 *     ```
       <?php
       if( function_exists( 'cptch_display_captcha_custom' ) ) { echo
       "<input type='hidden' name='cntctfrm_contact_action' value='true'
       />"; echo cptch_display_captcha_custom(); } ?>
       ```
   
 * 5. Then you should add the lines to the function of the entered data checking
 *     ```
       if( function_exists( 'cptch_check_custom_form' ) &&
       cptch_check_custom_form() !== true ) echo "Please complete the
       CAPTCHA."
       ```
   
 * or
 *     ```
       <?php if( function_exists(
       'cptch_check_custom_form' ) && cptch_check_custom_form() !==
       true ) echo "Please complete the CAPTCHA." ?>
       ```
   
 * You could add this line to the variable and display this variable in the required
   place instead of `echo "Please complete the CAPTCHA."`. If there is a variable(
   responsible for the errors output) in the check function, this phrase can be 
   added to this variable. If the function returns ‘true’, it means that you have
   entered captcha properly. In all other cases the function will return ‘false’.
 * In case we did not grasp your idea correctly, could you please describe the target
   result in detail?
 * Regards,
    BestWebSoft Support Team

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Is captcha a code execution plugin?’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/captcha_92b6c9.svg)
 * [Captcha](https://wordpress.org/plugins/captcha/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/captcha/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/captcha/)
 * [Active Topics](https://wordpress.org/support/plugin/captcha/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/captcha/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/captcha/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [bestwebsoft](https://wordpress.org/support/users/bestwebsoft/)
 * Last activity: [11 years, 3 months ago](https://wordpress.org/support/topic/is-captcha-a-code-execution-plugin/#post-5687990)
 * Status: resolved