Skip to main content

Captcha Protection

Category: Security  ·  Min plan: Pro  ·  Slug: captcha-protection

Add ALTCHA Sentinel verification to ALL checkout forms — fast checkout on the product page, full checkout, and every order form on landing pages. Stops bots, fake orders, and VPN spam at the door without annoying real customers.

Features

  • ALTCHA Sentinel verification on fast checkout, full checkout & landing pages
  • Self-hosted — no Google reCAPTCHA, no third-party tracking
  • Adaptive difficulty: invisible to humans, blocks bots and headless browsers
  • Detects VPN / TOR / proxy / known bot IP ranges via Sentinel threat intelligence
  • Strict mode: blocks orders with missing or invalid verification
  • Fail-open on infrastructure issues — never blocks orders due to our errors
  • Emergency platform-wide kill-switch via .env (ALTCHA_CHECKOUT_DISABLED=1)

Why use it

Algerian COD stores get hammered by:

  • Fake orders — random names + numbers entered by bots or competitors
  • Repeat-IP spam — same VPN IP placing dozens of orders
  • Headless scrapers — automated tools placing orders to test cards or harvest your inventory

ALTCHA Sentinel runs a small proof-of-work challenge in the customer's browser before the order submits. Real customers don't see it — the challenge solves in the background within milliseconds. Bots either fail or take too long, and Sentinel's IP intelligence flags VPN / TOR / proxy ranges before the form is even rendered.

How to activate

  1. Open Dashboard → Add-ons at /dashboard/addons.
  2. Find Captcha Protection under Security.
  3. Click Activate (Pro plan required).

There are no settings — once activated, every order form on your store is protected: the fast checkout widget on product pages, the full checkout page, and every landing page order form.

How it behaves

  • Real customer: nothing visible. The form submits normally.
  • Bot / headless / suspicious IP: order is rejected with a generic error. The customer is not told they were flagged (so attackers can't iterate against the rule).
  • Strict mode: any order missing or carrying an invalid token is rejected — no fallback.
  • Fail-open: if the verification service has an outage, orders go through normally so real customers are never blocked because of our infrastructure.

Emergency kill switch

If something goes wrong (you launched a campaign and verification is misbehaving for some segment), platform support can flip a global kill switch via the .env setting ALTCHA_CHECKOUT_DISABLED=1. Orders will start flowing without verification within seconds. Contact support if you need this.

Tips

  • Pair with Limit Orders Per IP for layered defense — captcha stops bot signatures, IP limit stops human-driven spam from a single IP.
  • Pair with Advanced Order Management — your Fake sub-status will see far less use after enabling captcha.
  • Captcha doesn't slow your store down. The proof-of-work runs in a Web Worker so even slow phones don't lag.
  • Self-hosted means no data leaves DZBuild — unlike Google reCAPTCHA, no third party sees your customers' browsing.