Does your website really need a CAPTCHA?

What is CAPTCHA?

CAPTCHA is an acronym for “completely automated public Turing test to tell computers and humans apart.” This can be with images / audio or whatever we will see in future.

Why do sites use it?

CAPTCHA is used to prevent bots from automatically submitting forms with SPAM or other unwanted content. Google and other companies use it to prevent bots from creating multiple Gmail accounts.

What is wrong with it?

Users will have to enter this additional information every time they have to submit a form. This is getting more and more difficult to decode for humans as the bots are getting better at it. I am sure that everyone reading this post has atleast once got a CAPTCHA entered wrongly.

Alternative Simple soultion:

NOTE: Does not apply for highly targeted sites like gmail, yahoo mail and others alike.

If you have a sales form which requires an entry of username, email and phone number for a call back
a simple contact us form with just name, number, description.

1) Have server validation of data.
All the forms have only client validation in javascript. Just validate in server and you can have 70% of spam bot submissions caught.
EG: If your form has Name, Email, Telephone.
The bot will send some 500 character text in Name and valid email and some random data in phone field. A simple validation on the server to trash Name having more than 30 characters will do the trick.

2) Hidden input element
Add an extra text input element to your form. In an external style sheet you set the element to display: none; thus making it invisible to all users with CSS enabled. Spam bots will usually fill all fields in a form you know that any forms submitted where this invisible field is not empty are spam.

With the above two simple steps you can see that most sites can avoid spam messages and still not having to use a captcha.

So in short – for all the websites with simple contact forms why do we use CAPTCHA and risk giving the customer an additional field to fill and risk not to getting them to fill it at all ??

Startrek data CAPTCHA

Also read...


  1. Desmond said on :

    Thanks, You are probably right!

    Simple checks should be sufficient for a NOT highly targeted site. Which is 99.999% of the websites in the world!

  2. Timothy said on :

    Wow that hidden input field trick is really good. And logical. I never really considered that option. Thanks for the info

  3. Stephanie Boucher said on :

    What would be the php code to deal with the hidden field solution? Stephanie

    • php-manual said on :


      PHP code doesnt change. It will be the same as accepting data for any other field $_POST[‘hidden_field’] and just check if this data is still present.

  4. Stephanie Boucher said on :

    I’ve tried that many times but the php form always crashes. I’m doing something wrong but I don’t understand php enough to know what.

  5. GarykPatton said on :

    How soon will you update your blog? I’m interested in reading some more information on this issue.

  6. Yazid Erman said on :

    Thank you,
    but regarding the point of : Hidden input element, isn’t it easy for a bot, to check if the input tags were hidden or not, to fill them only if their style don’t hide them!

    Anyway, i have read about a very good idea and used it also, which is to create a hidden field, on page load, using javascript, and filling it with an auto randomly generated string, which is written to a cookie at the same time, and on submission, we can check the values, in addition to the differences of dates (between cookie creation and form submission), this way, we don’t punish users, and control the form in a good way.

  7. Logan said on :

    Thanks for the tip. I have now been using this tip for the last 4 months. It works great with 0 spam till date.

  8. Eddie Wetserfield said on :

    Have you ever thought how nice it would be to never have to read and type crooked letters into a box ever again. Meet Pramana’s Human Present Technology, it’s the CAPTCHA Killer! The product (BotBlock) launches on Wednesday April 7th and it is sure to make a splash in the Botnet world. This product gives you a realtime validation based on human behavior, while allowing more users in and keeping the bots out. NO more hard to read letters, check it out.

Comments are closed.