| 开发者 | hsarticle |
|---|---|
| 更新时间 | 2026年7月11日 23:07 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
No. Fully self-hosted, no external services.
Yes. Use the auto inject option in plugin settings — no HTML field required.
Yes. No data is sent to third parties. The answer is stored in a server-side PHP session only and cleared immediately after validation.
The plugin only starts a PHP session on pages that actually render a form. Pages without a form are not affected. For pages with forms, you should exclude them from full-page caching in your caching plugin (WP Rocket, W3 Total Cache, LiteSpeed Cache, etc.) to ensure the CAPTCHA field ID matches the session. This is standard practice for any form page.
Most shared hosts have PHP sessions enabled. If CAPTCHA validation always fails, ask your host to confirm sessions are available. Some managed hosts (such as WP Engine) restrict native PHP sessions — contact their support to enable session handling.
Sophisticated bots that render JavaScript and solve math can bypass any math CAPTCHA. This plugin stops the vast majority of spam bots which are simple automated form fillers. Additional layers (honeypot field and IP rate limiting) are built in. For high-security forms consider combining with Cloudflare Turnstile or hCaptcha.