OneCaptcha is a powerful CAPTCHA plugin for WordPress that helps protect your website from spam, bot signups, and automated abuse without sacrificing user experience or performance.

It acts as a unified bridge between your WordPress forms and popular CAPTCHA providers like Cloudflare Turnstile, Google reCAPTCHA v2, and hCaptcha. With OneCaptcha, you can configure your preferred provider once and apply it instantly across all supported forms including WordPress core, WooCommerce, Contact Form 7, FluentForms, and more.

Why OneCaptcha? #

Traditional CAPTCHA plugins often require installing multiple add-ons or duplicate configurations for each form plugin. OneCaptcha simplifies this process with a modular, centralized architecture that works out of the box with leading WordPress form systems.

Here’s what makes OneCaptcha different:

• Smart Captcha: OneCaptcha’s intelligent balancing system that automatically rotates between multiple configured CAPTCHA providers.
• Modular Architecture: Each integration (called a Module) loads only if the related plugin or form exists — ensuring optimal performance and zero bloat.
• Multi-Provider Support: Switch easily between Turnstile, reCAPTCHA v2, or hCaptcha from one settings screen.
• Lightweight & Fast: Scripts are deferred and loaded only when a CAPTCHA is needed, no jQuery dependencies or redundant enqueues.
• Clean, Modern Admin UI: Built with TailwindCSS v4 for speed, clarity, and accessibility.
• Developer-Friendly: Fully namespaced PHP code, Composer autoloading, and WPCS + PHPStan compliant.

How It Works #

OneCaptcha is designed to be completely plug and play, once you’ve configured your preferred CAPTCHA provider, it automatically protects all supported forms across your website.

Here’s what happens behind the scenes:

1. Configure a provider (for example, Turnstile, reCAPTCHA, or hCaptcha) by adding your Site Key and Secret Key in the settings.
2. Once saved, OneCaptcha automatically detects all supported plugins and forms on your site including WordPress core forms, WooCommerce, Contact Form 7, and others.
3. For each supported form, OneCaptcha injects the correct CAPTCHA field dynamically without requiring any manual activation or shortcode insertion.
4. When a user submits a form, OneCaptcha verifies the token directly with the chosen CAPTCHA provider via a secure server-to-server request.
5. If the response is valid, the submission proceeds as normal. If not, the user receives a clear, friendly error message explaining the verification failure.

This means you only need to configure your provider once, and OneCaptcha will handle everything else, no need to manually enable “modules” or edit forms.

Example: If WooCommerce is active on your website, OneCaptcha automatically integrates with their forms and displays CAPTCHA challenges on login, checkout, or contact pages, instantly after setup.

Privacy & Compliance #

OneCaptcha does not store or log user input, IP addresses, or session data. All verification happens directly between your server and the chosen CAPTCHA provider.

Each provider has its own privacy policy and data handling approach, visit the provider documentation to learn more:

• Cloudflare Turnstile Privacy Policy
• Google reCAPTCHA Privacy Policy
• hCaptcha Privacy Policy