You are here: System » CaptchaPlugin


26 Sep 2015 - 23:39 | Version 1 |
A visual challenge-response test to prevent automated scripts from using the wiki


This plugin tries to prevent automated scripts from creating users and spam your wiki. It does so by requiring a simple test to ensure that the request is done by a human being. The Captcha encodes information into a distorted image containing letters and digits. This information is easy to generate for the computer, easy to read for human beings but hard to recognize by computers. Note however, that Captchas aren't 100% bullet proof. They only raise the bar for automated scripts to pass the test. There are regular reports of Captchas of a specific kind being solved automatically for high profile internet sites.

CaptchaPlugin tries to create challenge-response tests hard enough to solve for computers, but does not claim that its tests are unbreakable on any scale. Read more about captchas at

Syntax Rules


This macro renders a simple captcha interface based on the jqCaptcha jQuery plugin (an image and a click handler to reload it). In most cases you'd use the CAPTCHAFORM macro for a more ready-to-use widget.


This simply expands to the captcha form as defined in the captcha.tmpl template.


  • validateonsubmit: boolean value specifying when the form is being validated. If set to true (default) validation of the captcha will be performed on the client already when clicking on the "Submit" button. If set to false, validation happens on the server side only.
  • disableonsuccess: boolean value specifying when the challenge is going to be "consumed" while validating it on the client side. This defaults to false so that the server validation check on the same challenge gets a chance to pass as well.


This macro can be used in own wiki applications to check a challenge at some point. It takes a challenge identifier and a response and verifies it while expanding the macro. Based on the result either error or success is returned.


  • challenge: the captcha challenge identifier
  • response: the response as provided by the user
  • error: format string to be returned when validation failed
  • success: format string to be returned when validation succeeded


You type:

<form action="%SCRIPTURLPATH{view}%/%WEB%/%TOPIC%#example" id="example">
<div class="foswikiFormSteps">
  <div class="foswikiFormStep">
    %BUTTON{"%MAKETEXT{"Submit"}%" icon="tick" type="submit"}%

  error="%JQICON{"error"}% There was an error checking the validation code."
  success="%JQICON{"accept"}% The validation code has been checked successfully."

You get:

Verification code: **

This is a security check to test whether you are a human visitor and to prevent automated spam submission.

You get (if installed)

captcha snapshot

Captcha-protected editing of topics

By switching on the {EnableSave} parameter in your Foswiki configuration, editing wiki topics will be guarded by requiring a captcha challenge to be passed. This feature is disabled by default as Foswiki core's own Strike-One mechanism is already well suited to protect accidental save actions to be performed (e.g. as performed by spam bots). In some cases an additional captcha guard might be interesting as to allow unauthenticated guests of a wiki to do regular edits. Use the {EnableSave} switch to enable this. The captcha challenge for topic edits can also be demanded even for registered users by enabling the {SaveForAll} flag. WARNING: this might raise the barrier to contribute to the wiki a bit too high for practical use. Only enable this feature when you really know what you are doing.

As by now the {EnableSave} feature is best integrated into the NatEditPlugin while needing extra provisions for other editors.

Installation Instructions

You do not need to install anything in the browser to use this extension. The following instructions are for the administrator who installs the extension on the server.

Open configure, and open the "Extensions" section. Use "Find More Extensions" to get a list of available extensions. Select "Install".

If you have any problems, or if the extension isn't available in configure, then you can still install manually from the command-line. See for more help.



Change History

02 Dec 2014: moving from jquery.tmpl to jsrender
28 Aug 2014: specify rest security settings
04 Apr 2014: flag rest handlers that don't require authentication
17 Jul 2013: brought back to live and improved - Foswiki:Main.MichaelDaum
24 Dec 2009: started to port to foswiki - Foswiki:Main.SvenDowideit
28 Oct 2007: Fixed bug on RegistrationAgent
16 Aug 2007: Added black and white shades only; Added editcaptcha.tmpl; Moved all attributes to LocalSite.cfg; Removed DeleteAfterRegistration
08 Aug 2007: Added support for captcha on topic save (thanks Foswiki:Main.KwangErnLiew), fixed some minor bugs, added some free fonts
06 Aug 2007: Colourised fonts; Randomised font type, font size, background colour, and font positioning; Fixed hash display on user pages; Modified oopscaptcha.tmpl
03 Aug 2006: Renamed to CaptchaPlugin, adapted to Dakar (TWiki 4.0.x).
03 Jan 2006: Fixed some problems with expiry, also optimised according to FastPluginHints.
10 Oct 2005: Strip hash and text from arguments to register binary, or they will end up in the newly created user topic.
07 Oct 2005: Initial version

This site is powered by FoswikiCopyright © by the contributing authors. All material on this site is the property of the contributing authors.
Ideas, requests, problems regarding AustLII Communities? Send feedback