Skip to main content

Captcha Protection

Category: Security  ·  Type: Free first-party

Add ALTCHA Sentinel verification to all checkout forms — fast checkout on the product page, full checkout, and every order form on landing pages. Stops bots, fake orders, and VPN spam at the door without annoying real customers.

🎬 Video

Why install

If you're running paid traffic, you'll start seeing fake orders within days — bots filling forms with garbage, VPN-driven spam, repeat orders from the same IP. Each fake costs you a courier round-trip + your team's call-confirm time.

Captcha Protection blocks them at the form-submit step.

Features

  • ALTCHA Sentinel verification on fast checkout, full checkout & landing pages
  • Self-hosted — no Google reCAPTCHA, no third-party tracking
  • Adaptive difficulty — invisible to humans, blocks bots and headless browsers
  • Detects VPN / TOR / proxy / known bot IP ranges via Sentinel threat intelligence
  • Strict mode — blocks orders with missing or invalid verification
  • Fail-open on infrastructure issues — never blocks real orders due to our errors
  • Emergency platform-wide kill-switch via .env (ALTCHA_CHECKOUT_DISABLED=1)

Why ALTCHA over reCAPTCHA

ALTCHAreCAPTCHA
Self-hostedGoogle-hosted
No trackingTracks user across web
Always invisible"I'm not a robot" tick on suspicious users
Open sourceClosed
GDPR-friendlyData leaves to Google

How customers experience it

They don't. The verification runs in the background while the customer fills the form. If the form is filled by a bot, the verification fails and the order is rejected with a clear error.

How to use

  1. Install + activate from Dashboard → Add-ons → Captcha Protection.
  2. Settings → Captcha:
    • Strict mode: ON (block invalid) or OFF (log only)
    • Whitelist IPs (your office, dev machine)
  3. Save.

Monitoring

Dashboard → Reports → Captcha shows:

  • Total submissions
  • Blocked submissions
  • Top blocked IPs/countries
  • False-positive flags

Frequently asked

Q: Will this hurt my conversion rate? A: No — ALTCHA is invisible to real users. Conversion stays the same; fake orders drop ~80%.

Q: What if my own checkout broken something? A: We fail-open on infrastructure errors so real orders never get blocked due to us. The kill-switch in .env lets us disable it instantly platform-wide if needed.