CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Its purpose is simple — to determine whether a site user is a real human or an automated bot. Earlier CAPTCHA was in the form of typing text from distorted images but modern solutions are much smarter and almost invisible to the user. CAPTCHA protects login forms from brute force, registration forms from bot signups and contact forms from spam.
Google reCAPTCHA v2 and v3
Google reCAPTCHA is the most widespread solution. v2 shows the familiar "I'm not a robot" button and in suspicious cases gives tasks like selecting traffic lights or buses in images. v3 is completely invisible — it analyzes user movements across the site and returns a score from 0 to 1. The developer acts based on the score — if low it asks for additional verification. v3 is especially convenient for e-commerce sites because it does not distract the user.
hCaptcha — privacy-friendly alternative
hCaptcha is an alternative to Google reCAPTCHA that respects user privacy more. Officially used by Cloudflare and a good choice for those concerned about Google data collection. hCaptcha asks users to select objects in images but these answers are used to train machine learning models and the site owner can be paid for this. Installation is almost the same as reCAPTCHA and migrating from Google is easy.
Cloudflare Turnstile
Cloudflare Turnstile is a new generation CAPTCHA that requires no action from the user at all. In the background it analyzes browser characteristics, behavioral signals and other markers and automatically determines this is a human. Turnstile is completely free and can be used on any site with a Cloudflare account. For the user it is the best experience — no images to select, the page simply loads and the form is ready to use.
CAPTCHA installation technique
The CAPTCHA installation process usually consists of two steps. First the site owner gets a site key and secret key from the service provider — they link CAPTCHA with the site. Second the owner adds a special JavaScript script and element to the form and on the server side using the secret key confirms the CAPTCHA response with the provider. If verification is successful the form is accepted, otherwise an error is returned. Frontend and backend integration is important — relying only on frontend check is dangerous because it can be bypassed.
Sayt.uz practice
Sayt.uz offers clients ready-made CAPTCHA installation solutions. Cloudflare Turnstile is added to every form in the site builder by default and it is completely free. Clients can replace it with Google reCAPTCHA or hCaptcha if they wish — just enter keys in settings. The cabinet has statistics showing how many bot attempts are stopped by CAPTCHA per day. CAPTCHA is mandatory on contact, registration and password recovery forms.