A plugin which adds the Google reCaptcha v2 or hCaptcha checkbox to the registration page to prevent automated created of accounts on your CTF.
Note: Although Google reCaptcha has a longer track record of security, I personally recommend using hCaptcha for it's commitment to user privacy.
- Create an account with your captcha provider and add your site.
- Google reCaptcha: Create a v2 checkbox site and obtain the site key and sceret
- hCaptcha: Create a new site and obtain it's site key. Obtain the secret for your account.
- Clone this repo into a folder in the plugin folder of your CTFd
- Set the configuration variables either as environment variables or by editing
config.pyin this repo.
- Set
CAPTCHA_PROVIDERtoreCaptchaorhCaptchadepending on your preferences. - Set
CAPTCHA_SECRETandCAPTCHA_SITE_KEYyour captcha keys.
Additional options, configurable either through environment variable or by editing config.py in this repo.
CAPTCHA_ENABLED(default: True): Determines whether or not to use the recaptcha feature. Set to False for debugging or otherwise turning off recaptcha.CAPTCHA_PROVIDER(required): Configures which captcha provider to use. Options are reCaptcha and hCaptcha.CAPTCHA_SECRET(required): The secret key provided to you by Google for reCaptcha.CAPTCHA_SITE_KEY(required): The public site key provided to you by Google for reCaptcha.CAPTCHA_INSERT_TAGS(default: True): Determines if the plugin should automatically attempt to insert tags (i.e. the script and check box). This works well if the registration template is not heavily modified, but set this to false if you want to control where the check box appears.CAPTCHA_VERIFY_REMOTE_IP(default: False): Should beTrueif you want to include the client ip address in the verification step.