James Galley Software engineer - SaaS, AI automation & business operations

Using Captcha to prevent bots, spam and abuse

How adding a Captcha widget like Google's reCaptcha to your website's public forms helps keep out automated bots.

Security • Web applications

Adding a Captcha widget to your website, like Google's reCaptcha, can improve the security of your site. It is one of several measures worth combining as part of a wider approach to web application security.

Captcha stands for Completely Automated Public Turing test to tell Computers and Humans Apart, and it's a way of preventing automated bots interacting with your website.

Let's imagine you're a business owner with a website or web application that has a registration page, comments section or other public-facing page where user input is gathered through a form with fields such as name, email and password.

This kind of page is often sought out by automated software ("bots"), and once discovered, the bots automatically fill in the form fields and submit the form. This can lead to spam comments on your website and strange app registrations. It also means additional traffic using up bandwidth and server resources that you'd rather your real human customers enjoyed.

A Captcha widget sits on the form and asks the visitor to complete a challenge that is easy for a person but hard for a bot, before the form will submit. Google's reCaptcha is the most widely used, and in its more recent versions it works quietly in the background, scoring how likely a visitor is to be human without making them click on anything at all.