Configuration - akeeba/plg_captcha_altcha GitHub Wiki

When you edit the plugin you have the following options which change the way it behaves.

Basic options

Auto mode.

ALTCHA can start solving the CAPTCHA automatically. This is recommended for accessibility, and user convenience. The automatic start does not affect the CAPTCHA accuracy. You have the following settings available to you:

  • Off. The user has to manually click on the checkbox to solve the CAPTCHA.
  • When the CAPTCHA field receives focus (onfocus). The CAPTCHA starts solving itself as soon as its checkbox receives focus. Most accessible setting. Default.
  • When the page loads (onload). The CAPTCHA starts solving itself as soon as the page with the CAPTCHA loads. Least preferred option.
  • When the form is submitted (onsubmit). The CAPTCHA starts solving itself when the form is submitted.

Hashing algorithm.

ALTCHA proves the browser is likely to be used by a real user by solving a cryptographic challenge involving a hash. The SHA-1 algorithm offers the fastest to solve, but also weakest challenge whereas the SHA-512 algorithm provides the slowest, but also strongest challenge. The default is SHA-512.

If you expect a lot of low-powered devices, such as very old mobile devices with anaemic processors, to be widely used on your site you may want to use SHA-256, or even SHA-1.

Maximum number.

ALTCHA proves the browser is likely to be used by a real user by solving a cryptographic challenge involving a hash, iterated a number of times. This setting determines the maximum number of times the hash algorithm can be iterated, therefore the number of possible solutions for the CAPTCHA.

The default is 50000 (fifty thousand) which is a good compromise between speed of solution and CAPTCHA strength. If you want a stronger CAPTCHA you can go as high as 1000000 (one millions). If you want a faster to solve CAPTCHA you can go as low as 1000 (one thousand).

Salt length

ALTCHA proves the browser is likely to be used by a real user by solving a cryptographic challenge involving a hash made against a long, random string called a “salt”. The shorter the salt is, the faster the CAPTCHA is solved, but the weaker it is. Conversely, a longer salt makes the CAPTCHA take longer to solve, but also makes it stronger.

You can select a value between 12 and 64 characters. The default is 16 which is a good compromise.

Expiration

To prevent against brute-force and replay attacks, the CAPTCHA parameters (called a “challenge”) expire after a while. The shorter this expiration is, the better the protection against brute-force and replay attacks. At the same time, it is possible that the form submission takes long enough that the solved CAPTCHA has expired in the time between the user hitting the submit button and the server processing the CAPTCHA, in which case they will receive an error about the CAPTCHA not being solved.

The default value is 2 minutes which offers a balance between usability and resilience against attacks. If you are on a fast server you should choose 1 minute, or even 30 seconds. If your clients are on very slow networks (slow mobile 2G / 3G, satellite, congested connections such as cafes, hotels, airports etc) you may want to increase it.

Please note that if a CAPTCHA already solved on the page expires before the user submits the form its parameters will be automatically refreshed and the CAPTCHA solved again automatically without any user interaction.

Delay (msec)

Adds an artificial delay before starting to solve the CAPTCHA. This can be used to slow users down. The value is measured in milliseconds. It can be anywhere from 0 (no delay; default) up to 10000 (ten thousand milliseconds, i.e. ten seconds).

⚠️ If you add a delay make sure to increase the Expiration. Otherwise, you may end up with a situation where the CAPTCHA expires before it can be solved on the page!

Hide footer

Enable this option to hide the footer of the CAPTCHA control, where you see the “Protected by ALTCHA” text.

Hide logo

Enable this option to hide the ALTCHA logo shown to the right hand side of the control.

Advanced

In this configuration tab you can optionally change the look and feel of the ALTCHA user interface. If you prefer more control over that please see the Customisation page.

Due to limitations in Joomla's colour field any value which results in a transparent color (transparent, none, inherited, etc) will NOT result in a transparent colour. Instead, the default colour defined in the base CSS file will be used. If you want to use transparent backgrounds, colours with transparency, etc please see the Customisation page.

Customise look & feel.

Enable this option to change the way the ALTCHA user interface looks like. Enabling this option will show you the options detailed below.

Border width.

The thickness of the border surrounding the control. Enter a value with units. Default: 1px.

Border radius.

The radius of the border rounded corners. Enter a value with units. Use 0 for square corners. Default: 3px.

Maximum width.

The maximum width of the control. Enter a value with units. Default: 260px.

Background colour.

The background colour of the control. Default: #ffffff.

Border colour.

The colour of the border surrounding the control. Default: ``#a0a0a0.

Text colour.

The colour of the text inside the control. Default: no selection; uses the inherited colour from the HTML document.

Focused border colour.

The colour of the border surrounding the control, when the control is focused. Default: no selection; uses the same colour as the Border Colour.

Error text colour.

The colour of text inside the control indicating an error has occurred. Default: #f23939.

Footer background.

The background colour of the control's footer, where the “Protected by” text is shown. Default: #f4f4f4.

Customise Dark Mode colours.

Enable this option to change the way the ALTCHA user interface looks like when your site is displayed in Dark Mode. Enabling this option will show you the options detailed below.

ℹ️ The colours defined in the options below will be applied when this option is enabled, and the browser's prefers-color-scheme media selector is set to dark. If you are using a different way to determine when your site is displayed in Dark Mode you will have to use custom CSS as described in the Customisation page.

Background colour.

The background colour of the control. Default: #222222.

Border colour.

The colour of the border surrounding the control. Default: ``#a0a0a0.

Text colour.

The colour of the text inside the control. Default: no selection; uses the inherited colour from the HTML document.

Focused border colour.

The colour of the border surrounding the control, when the control is focused. Default: no selection; uses the same colour as the Border Colour.

Error text colour.

The colour of text inside the control indicating an error has occurred. Default: #f23939.

Footer background.

The background colour of the control's footer, where the “Protected by” text is shown. Default: #393939.

Copyright (C) 2025 Akeeba Ltd.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section "GNU Free Documentation License".

⚠️ **GitHub.com Fallback** ⚠️