--- title: "Preventing spam in Joomla with Captcha" date: 2018-06-27 description: "A reCAPTCHA is a security measure. It prevents spam comments under your blog article via forms, for example." author: "Jeroen Moolenschot" --- # Preventing spam in Joomla with Captcha Nothing is more annoying than a mailbox full of spam responses or fake requests via your contact form. To prevent this, use a CAPTCHA: a security measure that checks whether a visitor is a human or a script (bot). Since the advent of Joomla 5, the default Google reCAPTCHA plugins have been removed from the installation. So Joomla no longer supplies built-in spam protection. You now have to choose which technique you want to use and install a plugin for it. [Joomla 6.1](https://www.joomill.com/index.php?option=com_content&view=article&id=352:whats-new-in-joomla-6-1&catid=8:blog&lang=en-GB&Itemid=2774) shipped a built-in proof-of-work captcha plugin called plg_captcha_powcaptcha. It is based on the Altcha open-source library, it does not call out to Google or any other third party, and it does not need an API key. [Read more about Captcha - Proof of work plugin](https://www.joomill.com/knowledge-base/joomla-extensions/captcha-proof-of-work-en) **Step 1: Choose and install a Captcha Plugin** Since the feature is no longer available by default, you first need to download a plugin from the Joomla Extensions Directory (JED). You have some logical choices: Cloudflare Turnstile: This is the modern alternative. It is free, much more privacy-friendly than Google. Google reCAPTCHA: Still want to stay with Google? Then you need to install an external plugin that brings back the functionality, this can be done e.g. with SharkyKZ's free plugin OCHCaptcha and ALTCHA: Are privacy-friendly Captchas Installation: - Download the chosen plugin. - Log in to your Joomla Administrator. - Go to System > Install > Extensions. - Upload and install the package. **Step 2: Creating keys** Depending on your choice in step 1, you need to create keys with the vendor. For Google reCAPTCHA: - Go to the Google reCAPTCHA Admin Console. - Choose v3 (invisible) or v2 (tick) and add your domain. - Copy the Site Key and Secret Key. For Cloudflare Turnstile: - Create a free account on Cloudflare.com. - In the dashboard, go to "Turnstile" and add your site. - Copy the Site Key and Secret Key. **Step 3: Setting up the Plugin** Now we link the keys to your Joomla site. In Joomla, go to System > Plugins (under the Manage heading). Find the plugin you installed in step 1 Open the plugin and paste the Site Key and Secret Key in the appropriate fields. Set the Status to Enabled. Click Save & Close. **Step 4: Activate for the entire website** As a final step, you need to tell Joomla that this new plugin is the "Default Captcha" for all forms. Go to System > General Settings (Global Configuration). You're on the Site tab. Find the Default Captcha option. Here, select the name of the plugin you just installed. Do you see "None selected"? Then the plugin is not yet on or has not been installed. Click Save. Congratulations! Your contact forms and registration pages are now protected against spam, with technology that fits current standards. Custom captchas are available for External form plugins such as RSForms or Tassos Convert Forms. ## Custom Fields **Call2Action Titel:** Need help setting up Captcha on your Joomla website? **Call2Action Tekst:** I'm happy to help!