A quick look at hCaptcha - I am human!

hCaptcha is a solution to stop spam from web forms by providing a captcha.

Let's take a quick look at its features and how to integrate it.

Features

If you know Google reCaptcha, the feature set of hCaptcha will look very familiar to you. Captcha wise, they both come with nearly the same feature set - in fact hCaptcha aims to be a drop-in replacement of reCaptcha.

In comparison, hCaptcha is more privacy-focused and promises to only collect and use the minimal amount of data necessary to evaluate whether the user is a bot or human. Additionally, users can earn money (for themselves or for charity) when using hCaptcha as the service is paid by the people providing the captchas (for example: you can pay hCaptcha to categorize your asset library).

To me the privacy focus makes a lot of difference and is basically why I took a look at it in the first place.

Note: for the more advanced features like SSO or invisible / passive modes, you will need to pay - see https://www.hcaptcha.com/#plans

hCaptcha Settings

The setup is pretty easy, after creating an account, we can create a site for our captcha integration.

For that site, we can access the settings where we find our sitekey - which we need for any integration.

Additionally, we can configure some things:

  • Add hostnames to restrict where this site key can be used
  • Configure the difficulty of the captcha
  • Configure specific topics for your captchas (note that this is more a preference than a must-have filter)

After creation of an account, we need to integrate hCaptcha into our application of choice. See the next section for some infos on how to do that.

Integrations

As hCaptcha is a drop-in replacement of reCaptcha basically every reCaptcha integration with configurable URLs and keys will work.

These four settings are relevant:

  • Api Script: The JavaScript URL to the captcha JavaScript file
  • Siteverification URL: The URL to the verification call back (usually something like hcaptcha.com/siteverify)
  • Public/Private Key: The public and private keys (site key and verification key)

Integrate hCaptcha in Laravel, Symfony, etc.

Searching for hCaptcha on Packagist reveals integrations for several frameworks, for example:

... and as above, any configurable reCaptcha integration should work, too.

Integrate hCaptcha in TYPO3

As there was no TYPO3 extension for hCaptcha yet, I wrote a custom extension for TYPO3 version 10 and above with the goal to keep the integration slim and minimal. It provides a custom element type for EXT:form which can be used to add a captcha where necessary.

See https://extensions.typo3.org/extension/hcaptcha/

For older TYPO3 versions, I'd recommend taking a look at reCaptcha implementations that can be configured.

Links:
hCaptcha packages on packagist
hCaptcha website 
hCaptcha docs and FAQ
hCaptcha TYPO3 extension in TER
hCaptcha TYPO3 extension on packagist