Contents
Captcha settings — Plugixa Recipe
The Captcha tab picks a spam-protection provider for the frontend submission form and review form. All providers are free for typical volume.
Go to Recipes → Settings → Captcha.

Options
| Key | Default | Notes |
|---|---|---|
captcha_provider |
honeypot |
none / honeypot / recaptcha_v2 / recaptcha_v3 / hcaptcha. |
captcha_site_key |
(empty) | Public key. Not required for Honeypot. |
captcha_secret_key |
(empty) | Server-side secret. Encrypted at rest. |
captcha_v3_threshold |
0.5 |
reCAPTCHA v3 only. Scores below this are rejected silently (no user-visible challenge). |
captcha_blocked_ips |
(empty) | Newline-separated IPv4/IPv6 addresses or CIDR ranges that can never submit. |
Which provider should I pick?
- Honeypot — invisible, zero friction, catches ~80% of bots. Good default for low-to-medium traffic.
- reCAPTCHA v3 — invisible score-based. Better bot coverage but requires Google keys and the v3 threshold tuning.
- reCAPTCHA v2 — classic “I’m not a robot” checkbox. Highest friction but most transparent.
- hCaptcha — GDPR-friendlier alternative to Google, compatible with reCAPTCHA sites.
- None — only pick this if you have a server-side WAF handling spam.
Each provider has its own docs page for getting keys; follow the link from the provider dropdown.
Related
- Form settings — submission form fields
- Reviews settings — review moderation
- Settings overview