Captcha
Stop Bots. Protect Revenue. Zero Configuration Hassle.
Running a multisite network with custom domains? You know the pain: Google reCAPTCHA and hCaptcha require you to register every single domain in their admin console. Add a new customer site? Update the captcha config. Map a custom domain? Update again. It never ends.
Ultimate Multisite: Captcha changes everything.
Cap Captcha: Self-Hosted Protection That Just Works
Our new Cap Captcha provider is a game-changer for multisite networks:
- Zero Configuration — Activate the addon and you're protected. No API keys, no Google account, no hCaptcha dashboard, no domain whitelisting.
- Works on Every Domain Automatically — Subdomains, mapped domains, customer domains—they're all protected instantly.
- Self-Hosted & Private — Your data never leaves your server. Fully GDPR compliant with no third-party tracking.
- Invisible Proof-of-Work — Users solve a computational puzzle in the background. No clicking fire hydrants, no frustrating image grids.
- Lightweight — Just 20KB. Won't slow down your checkout.
WooCommerce Card Testing Protection
Card testing attacks cost merchants billions annually. Fraudsters use bots to validate stolen credit cards against your WooCommerce checkout—you pay the processing fees, they get valid card numbers.
We protect where it matters most:
- Store API Protection — Blocks bot attacks on
/wp-json/wc/store/v1/checkoutthat bypass traditional form captchas - PayPal Payments Compatible — Works seamlessly with WooCommerce PayPal Payments
- Real-Time Statistics — See exactly how many attacks you're blocking
Still Need Google reCAPTCHA or hCaptcha?
We've got you covered. Full support for:
- Google reCAPTCHA v2 (Checkbox)
- Google reCAPTCHA v2 (Invisible)
- Google reCAPTCHA v3 (Score-based)
- hCaptcha (Standard)
- hCaptcha (Invisible)
Switch between providers anytime from your network settings.
Built for Scale
- Network-wide settings with per-site overrides
- Statistics dashboard to monitor protection
- Adjustable security levels (Fast, Medium, Maximum)
- Developer-friendly with extensible provider architecture
Installation
- Upload
ultimate-multisite-captchato your/wp-content/plugins/directory - Network Activate the plugin
- That's it. You're protected.
Cap Captcha activates automatically—no settings to configure, no API keys to enter. Every supported endpoint across your entire network is protected the moment you activate.
Optional: To use Google reCAPTCHA or hCaptcha instead, navigate to Ultimate Multisite → Settings → Captcha and select your preferred provider.
Frequently Asked Questions
Do I need to configure anything?
No! Cap Captcha is enabled automatically when you activate the addon. Your entire network is protected immediately—no settings to configure, no API keys to enter.
Do I need API keys for Cap Captcha?
No. Cap Captcha is completely self-hosted. No external accounts, no domain registration, no configuration headaches.
Will this slow down my checkout?
Cap Captcha is only 20KB and runs proof-of-work challenges in the background. Your customers won't notice any delay.
Does this protect against card testing attacks?
Yes! Unlike traditional captchas that only protect HTML forms, our WooCommerce integration hooks directly into the Store API to block bot attacks at the API level—where most card testing attacks happen.
Can I use different captcha providers on different sites?
The captcha provider is set network-wide, but you can adjust difficulty settings based on your needs.
Is this GDPR compliant?
Cap Captcha is 100% self-hosted with no data sent to external services. For Google reCAPTCHA and hCaptcha, please review their respective privacy policies.