Requirements
Joomla! 4.4 PHP 8.1 PHP 8.2
Joomla! 5.0 Joomla! 5.1 PHP 8.1 PHP 8.2
- Basic Joomla! knowledge available between the chair and the keyboard :)
Installation is easy!
- Download the plugin
- in the Back-end go to menu Extensions > Manage
- in the tab [Upload file package] click [browse] and select your downloaded plugin
- click [Upload & Install], wait for the installation to finish
Configuration
- in the back-end go to menu Extensions > Plugins
- search / locate the 'ochCaptcha' captcha plugin
- open the plugin
- in the tab [Plugin] set status to [Enabled]
- ...
- click [Save & Close] and you are good to go
important
ochCaptcha is a Joomla Captcha plugin. After you configured and enabled it, you need to tell Joomla Core that you actually want to use it on your site forms. You can activate this via your website's Global Configuration, tab [Site], setting 'Default Captcha' > select 'Captcha - ochCaptcha'. Now all forms that follow Joomla Coding Guidelines will ask Joomla Core for a Captcha and Joomla Core will present the one you selected in the Global Configuration.Important
Tassos's ConvertForms doesn't work with Joomla Captcha plugins as it implements it's own (Google / hCaptcha) functionality, therefore ochCaptcha will NOT work with ConvertFormsActivate Joomla! One Click update and change-log integration
When you installed the extension, it will automatically integrate with the Joomla Updater for both updates and change-logs.
On first use, the Joomla updater will prompt you with 'A Download Key is missing!' message.
- On this site: In the menu [Tools > My Subscriptions] copy your 'Download ID#'
- On your site: go to menu System > Update Sites, locate the extension and paste the Download key in the'Download Key' field. Click [Save and Close], that's all it takes!
In the plugin tab you can configure the following settings:
- Display ochCaptcha: Configure to show or hide the ochCaptcha.
- Verbose Captcha [only visible when Display Captcha = Yes]: Display verbose information on Captcha. Use this to get form information needed to configure protection per form.
The Submit Protection tab allows you to configure a minimum dwell time requirement before a submitted form is accepted. This helps to prevent bot-generated spam submissions by ensuring that users spend a reasonable amount of time on the page before submitting the form.
Configuration: To configure submit protection settings, follow these steps:
- Minimum Time: This setting applies to all forms where ochCaptcha is used. Specify the minimum amount of time (in seconds) that a visitor must spend on the page before the form submission is accepted.
- Blocklist Age: Set the duration (in minutes) for which offenders (those who fail the honeytrap or missing token checks) are added to the blocklist. A value of 0 disables blocklist functionality. Default is 60 minutes.
- Trigger onFirewallAdd: Enable this option to trigger the onFirewallAdd event for offenders, adding them to the Firewall Blacklist. Note: This feature is only compatible with firewalls that support this triggered event (e.g., ochSimpleFirewall).
- Protected Forms: This section allows you to configure a minimum dwell time requirement for specific forms. This overrides the generic minimum time setting for the specified forms.
- Form Identifier: Enter the unique identifier of the form you want to configure. Enable 'Verbose Captcha' (in the [Basic] tab, only visible when Display Captcha = yes) to show the Form Identifier and configured minimum time on the Form's ochCaptcha display.
- Minimum Time: Specify the minimum amount of time (in seconds) that a visitor must spend on the page before the form submission is accepted for this particular form.
ochCaptcha Initialization and Visual Feedback
Upon enabling the captcha display, you will initially see the message 'ochCaptcha initializing... please wait...'. This message will be replaced with 'Protected by ochCaptcha!' after the configured minimum time (in seconds) has elapsed. For instance, if the minimum time (generic or form-specific) is set to 10 seconds, the message will change after 10 seconds, providing visual confirmation that the form is ready for submission.Blocklist location
You can find the blocklist here: [site_root]/media/plg_captcha_ochcaptcha/blocklist.json. If needed, you can safely delete this file.The Content Protection tab allows you to configure minimum word count requirements and link restrictions for individual form fields. This helps to prevent spam and ensures that submitted content meets your specific requirements.
Example: For a contact form, you can require a minimum of 10 words in the message field and prohibit links or URLs. This helps to minimize spam and ensure that messages are substantial and relevant.
Configuration: To configure content protection settings, follow these steps:
- Form Identifier: Specify the unique identifier of the form you want to configure. Enable 'Verbose Captcha' to show the Form identifier and configured minimum time on the Form's ochCaptcha display.
- Form Field: Identify the specific form field that contains the content you want to validate. Enable 'Verbose Captcha' (in the [Basic] tab, only visible when Display Captcha = yes) to show the Form Fields on the Form's ochCaptcha display.
- Minimum Words: Set the minimum number of words required in the specified form field.
- Allow Links: Enable or disable links and URLs in the specified form field.
Once configured, ochCaptcha will validate the message based on the specified settings. If the message does not meet the requirements, an error message will be displayed.
- Enable Debug: Enable Debug to get additional logging.
- Emergency Bypass: This setting basically bypasses the Captcha and always returns successful. It will still log what would have been done by the captcha. Use this for debugging and setting up the plugin.
Tips & Tricks
ochLogFiles
ochCaptcha makes use of Joomla logging for information, warnings and errors. As part of your subscription you have free access to ochLogFiles (available in your download section) with which you can inspect your logfiles from the Joomla Back-end without going into your Hosting Control panel.- After making changes to the Captcha configuration make sure to clean cache as it is possible (depending on where the captcha is used) that the display of the captcha is cached together with the content / form and your changes are not visible / taking effect
- All (visible) text strings can be changed via a Joomla Language override
- ochCaptcha works on all forms that use Joomla Core Captcha functionality, but in order to be able to configure Form specific settings, the Form must have an ID (unique) attribute on the <form> HTML element. When the form doesn't have an ID attribute, the Verbose Captcha will not display any additional information and the form can only be used with the generic settings (Minimum Time)
- With Verbose Captcha enabled you will see the Form Id, the configured settings (generic or specific) and all the fields used on the form: you can use this information to configure a specific form and to check if the settings you configured are in effect.
- Important: Always start with advanced setting 'Enable Debug' = Yes. A lot of valuable information is being logged to the plg_captcha_ochcaptcha-log.php logfile. When turning debug to off, only warnings and errors are being logged (e.g. when a bot is blocked)
Technical support and feature requests via our forum (You need a valid subscription to be able to post)