Contents

Captcha settings — Plugixa Recipe

The Captcha tab picks a spam-protection provider for the frontend submission form and review form. All providers are free for typical volume.

Go to Recipes → Settings → Captcha.

Captcha settings

Options

Key Default Notes
captcha_provider honeypot none / honeypot / recaptcha_v2 / recaptcha_v3 / hcaptcha.
captcha_site_key (empty) Public key. Not required for Honeypot.
captcha_secret_key (empty) Server-side secret. Encrypted at rest.
captcha_v3_threshold 0.5 reCAPTCHA v3 only. Scores below this are rejected silently (no user-visible challenge).
captcha_blocked_ips (empty) Newline-separated IPv4/IPv6 addresses or CIDR ranges that can never submit.

Which provider should I pick?

  • Honeypot — invisible, zero friction, catches ~80% of bots. Good default for low-to-medium traffic.
  • reCAPTCHA v3 — invisible score-based. Better bot coverage but requires Google keys and the v3 threshold tuning.
  • reCAPTCHA v2 — classic “I’m not a robot” checkbox. Highest friction but most transparent.
  • hCaptcha — GDPR-friendlier alternative to Google, compatible with reCAPTCHA sites.
  • None — only pick this if you have a server-side WAF handling spam.

Each provider has its own docs page for getting keys; follow the link from the provider dropdown.

Quick Links