Add Captcha

### Describe the feature you'd like to request

Forms available for guests are prone to brute-force and DOS attacks. I want to have captcha as part of the toolkit.

### Describe the solution you'd like

Ability to enable captcha on signup and/or signin forms. Ability to add captcha on any other forms. 

### Describe alternatives you've considered

I'd probably be open to mCaptcha since it's a free open source project. All the other alternatives have a pricing tier. 

---

### 1. [FriendlyCaptcha (Self-Hosted)](https://github.com/friendlycaptcha/friendly-pow)
- **License**: AGPL-3.0
- **How it works**: Cryptographic puzzle solved silently in the background (no user interaction).
- **Pros**:
  - Fully privacy-preserving.
  - Invisible to users.
  - Modern and secure.
- **Cons**:
  - Adds some CPU load on the server for puzzle validation.

---

### 2. [mCaptcha](https://github.com/mCaptcha)
- **License**: AGPL-3.0
- **How it works**: Traditional distorted text CAPTCHA.
- **Pros**:
  - Fully open source and self-hostable.
  - Simple and effective.
  - Designed to resist automation.
- **Cons**:
  - Not very accessible (e.g., for visually impaired users).
  - Less polished UI compared to commercial services.

---

### 3. [hCaptcha](https://www.hcaptcha.com/)
- **License**: Not open source, but free to use for most websites.
- **How it works**: Image-based challenges (similar to reCAPTCHA).
- **Pros**:
  - Drop-in replacement for Google reCAPTCHA.
  - Strong focus on privacy and GDPR compliance.
  - Offers invisible and traditional checkbox modes.
- **Cons**:
  - UI and backend are not open source.
  - Free tier may show monetized content (ads).

---

### 4. [OpenCaptcha (Legacy)](http://opencaptcha.com)
- **License**: GPL (no longer actively maintained)
- **How it works**: Classic distorted text image CAPTCHA.
- **Pros**:
  - Very lightweight.
  - Easy to deploy.
- **Cons**:
  - Outdated.
  - Not resilient to modern bots.
  - No recent development.

---

### 5. DIY Captcha (Custom Implementation)
- **Examples**:
  - Simple math puzzles (e.g., “What is 3 + 4?”).
  - Image recognition with locally stored assets.
  - CSS honeypots (invisible fields to trap bots).
- **Pros**:
  - Full control.
  - Minimal/no dependencies.
- **Cons**:
  - Easy to get wrong and may be vulnerable.
  - Not recommended unless you know what you're doing.

---

## Summary Table

| Use Case                      | Recommended CAPTCHA             |
|------------------------------|---------------------------------|
| Modern, private, open source | FriendlyCaptcha, mCaptcha      |
| reCAPTCHA alternative (free) | hCaptcha                        |
| Lightweight and legacy       | OpenCaptcha                     |
| Custom/embedded logic        | DIY (math + honeypot)           |


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Captcha #12

Describe the feature you'd like to request

Describe the solution you'd like

Describe alternatives you've considered

1. FriendlyCaptcha (Self-Hosted)

2. mCaptcha

3. hCaptcha

4. OpenCaptcha (Legacy)

5. DIY Captcha (Custom Implementation)

Summary Table

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Use Case	Recommended CAPTCHA
Modern, private, open source	FriendlyCaptcha, mCaptcha
reCAPTCHA alternative (free)	hCaptcha
Lightweight and legacy	OpenCaptcha
Custom/embedded logic	DIY (math + honeypot)

Add Captcha #12

Description

Describe the feature you'd like to request

Describe the solution you'd like

Describe alternatives you've considered

1. FriendlyCaptcha (Self-Hosted)

2. mCaptcha

3. hCaptcha

4. OpenCaptcha (Legacy)

5. DIY Captcha (Custom Implementation)

Summary Table

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions