|
1 | 1 | === GDPR Cookieless CAPTCHA for WooCommerce & Forms - captchaapi.eu === |
2 | 2 | Contributors: rajtik |
3 | | -Tags: captcha, recaptcha, gdpr, antispam, woocommerce |
| 3 | +Tags: captcha, recaptcha, spam, contact form, gdpr |
4 | 4 | Requires at least: 6.0 |
5 | 5 | Tested up to: 7.0 |
6 | 6 | Requires PHP: 7.4 |
7 | | -Stable tag: 2.0.0 |
| 7 | +Stable tag: 2.0.1 |
8 | 8 | License: GPLv2 or later |
9 | 9 | License URI: https://www.gnu.org/licenses/gpl-2.0.html |
10 | 10 |
|
11 | 11 | Cookieless, EU-hosted reCAPTCHA alternative for WooCommerce, WPForms, Fluent Forms & CF7. GDPR-clean, no cookie banner. |
12 | 12 |
|
13 | 13 | == Description == |
14 | 14 |
|
15 | | -Protects WooCommerce (login, registration, lost password, checkout), WPForms, Fluent Forms, Formidable Forms, Forminator and Contact Form 7 - cookieless, EU-hosted, no cookie banner required. |
| 15 | +Protects WooCommerce (login, registration, lost password, checkout), Contact Form 7, WPForms, Fluent Forms, Formidable Forms, Forminator, Gravity Forms and Elementor Forms - cookieless, EU-hosted, no cookie banner required. |
16 | 16 |
|
17 | 17 | A privacy-first alternative to reCAPTCHA: captchaapi.eu stops form spam without making your visitors click traffic lights. A free tier with commercial use allowed gets you started. The work happens in the background: the visitor's browser solves a small proof-of-work puzzle while they fill in the form, and a token rides along with the submission. There is nothing to solve and nothing to see. |
18 | 18 |
|
19 | 19 | When a form is submitted, your server confirms that token with captchaapi.eu over a single request, secured by your secret key. It is the same model every hosted CAPTCHA uses, and it keeps the secret on your server, never in the browser. |
20 | 20 |
|
21 | | -The service runs on hardware in the EU (Nuremberg, Germany). It sets no cookies and writes no per-visitor record to a database; the visitor's IP address is used only transiently for rate limiting and abuse detection. |
| 21 | += Privacy by design = |
22 | 22 |
|
23 | | -= What it protects = |
| 23 | +* No cookies, and nothing to add to a cookie banner. |
| 24 | +* No tracking and no visitor profile. The IP address is used only for rate limiting and abuse detection, then dropped; it is never written to a database. |
| 25 | +* Hosted only in the EU, in Nuremberg, Germany. No data leaves the EU. |
| 26 | +* No images and no puzzles to solve. The check runs in the background, so it works the same for every visitor, including people who find image challenges difficult or browse with a screen reader. |
| 27 | +* A free tier, with commercial use allowed. |
24 | 28 |
|
25 | | -* Login (wp-login.php and WooCommerce) |
26 | | -* Registration (WordPress and WooCommerce) |
27 | | -* Lost password (WordPress and WooCommerce) |
| 29 | += Forms and plugins it protects = |
| 30 | + |
| 31 | +WordPress core: |
| 32 | + |
| 33 | +* Login (wp-login.php) |
| 34 | +* Registration |
| 35 | +* Lost password |
28 | 36 | * Comments |
29 | | -* WooCommerce checkout |
| 37 | + |
| 38 | +WooCommerce: |
| 39 | + |
| 40 | +* Login |
| 41 | +* Registration |
| 42 | +* Lost password |
| 43 | +* Checkout |
| 44 | + |
| 45 | +Form plugins: |
| 46 | + |
30 | 47 | * Contact Form 7 |
31 | 48 | * WPForms |
32 | 49 | * Fluent Forms |
33 | 50 | * Formidable Forms |
34 | 51 | * Forminator |
| 52 | +* Gravity Forms |
| 53 | +* Elementor Forms |
35 | 54 |
|
36 | | -Each surface can be turned on or off from the settings screen. Integration options for Contact Form 7, WooCommerce, and the supported form plugins appear only when that plugin is active. |
| 55 | +Each form can be turned on or off from the settings screen. The WooCommerce and form-plugin options appear only when that plugin is active. |
37 | 56 |
|
38 | 57 | = How it works = |
39 | 58 |
|
@@ -83,7 +102,7 @@ Yes. Enable Contact Form 7 in the settings. The plugin acquires a token before C |
83 | 102 |
|
84 | 103 | = Which form plugins are supported? = |
85 | 104 |
|
86 | | -WooCommerce, WPForms, Fluent Forms, Formidable Forms, and Forminator, in addition to Contact Form 7. Enable each from the settings screen; the option appears only when that plugin is active. The plugin attaches a token before the form is sent and verifies it on the server. |
| 105 | +WooCommerce, WPForms, Fluent Forms, Formidable Forms, Forminator, Gravity Forms, and Elementor Forms, in addition to Contact Form 7. Enable each from the settings screen; the option appears only when that plugin is active. The plugin attaches a token before the form is sent and verifies it on the server. |
87 | 106 |
|
88 | 107 | = Do you set cookies or track visitors? = |
89 | 108 |
|
@@ -121,6 +140,9 @@ When a protected form is submitted, your server sends the token to the captchaap |
121 | 140 |
|
122 | 141 | == Changelog == |
123 | 142 |
|
| 143 | += 2.0.1 = |
| 144 | +* Clearer directory listing: grouped the protected forms by WordPress core, WooCommerce, and form plugins, added Gravity Forms and Elementor Forms to the list, refreshed the tags, and added a "Privacy by design" summary. No code changes. |
| 145 | + |
124 | 146 | = 2.0.0 = |
125 | 147 | * Verification is now a server-to-server call. The plugin confirms each token with the captchaapi.eu /verify endpoint using your secret key, instead of checking a signed token locally. The form field is now `captchaapi_response`. |
126 | 148 | * The service enforces single use, so the local replay table and its hourly purge cron are gone - both are removed automatically when you upgrade. |
|
0 commit comments