CAPTCHAs

ExpressionEngine supports what are known as "CAPTCHAs", or Completely Automated Public Turing tests to tell Computers and Humans Apart. A CAPTCHA is a computer-generated test that humans can pass but computer programs cannot. It's most commonly used to prevent automated Bots from spamming comments, or from signing up for web services. Yahoo, for example, uses a CAPTCHA when you sign up for an account.

So how does this work? An image is generated in real time for a user loading a web page. This image contains a word that the user must submit in a form. The concept is effective because automated scripts generally can't read images, only humans can. Of course there is optical recognition software that can be used to get around CAPTCHAs but this technology can easily be fooled by distorting the image.

In ExpressionEngine, CAPTCHAs can be used in two places:

  1. Comment Form
  2. Member Registration Form

Comment Form

In order to use CAPTCHAs on the comment form, you must first enable the preference. In the Admin section of the Control Panel go to Weblog Management and look for the "Enable Captcha for Comment Posting?" preferences. Set this preference to "Yes".

Once you have the preference turned on, you'll need to add the CAPTCHA code to your {exp:comment:form} Comment Submission Form tag. See below for the actual code.

Member Registration Form

In order to use CAPTCHAs on the member registration form, you must first enable the preference. In the Admin section of the Control Panel go to Membership Preferences and look for the "Enable Membership Captcha" preferences. Set this preference to "Yes".

The necessary CAPTCHA code already exists in the Member Templates by default, so you should not need to add it. If you have a version of ExpressionEngine from before the CAPTCHA feature was added or if you otherwise need the code, see below for the actual code.

CAPTCHA Code

The code used inside both the Comment Form and the Member Registration Form is the same:

{if captcha}

<p>Submit the word you see below:</p>

<p>{captcha}<br />
<input type="text" name="captcha" value="" size="20" maxlength="20" style="width:140px;" /></p>

{/if}

The contents of the conditional ({if captcha}) tag will only appear if you have the CAPTCHA preference turned on for either the comment or member registration forms.

Notes

It is important to note that there is a downside to using CAPTCHAs. While they can be very successful in stopping automated bots from being able to post comments or sign up for memberships, it can also have the same effect on blind or visually impaired users of your site. If you enable CAPTCHAs, then you will be making it extremely difficult for these legitimate users to be able to use your site.

You should determine for yourself whether or not CAPTCHAs are appropriate for your situation.

In addition, your server must have the GD (or GD 2) image library support installed in order for CAPTCHAs to work.

For ExpressionEngine installations that power multiple domains or subdomains, you may instead need to place the server path for this setting. A server path is typically something similar to /usr/domain.com/http_docs/images/captchas/. The specific setting will vary from server to server so you may need to contact your Host or server admin to determine what your correct "server path" is.

Special CAPTCHA Files

The CAPTCHA system uses a couple of special files inside the backend:

  1. system/fonts/texb.ttf - This is the True Type Font that the CAPTCHA system will use in order to create the image files correctly. You should not alter this file.
  2. system/lib/words.php - The list of words from which the CAPTCHAs will be chosen. You may alter the list, but you need to ensure that you don't reduce the total number of available words.