How to Use Captcha in Drupal 7


You’ve seen Captcha used on many, many websites. Before you can submit a form, it provides a question and asks for a response from you. This prevents many spam comments, form submissions and email submissions.

This tutorial will show you how to use the standard Captcha module for Drupal and will introduce you to several alternatives.

Step 1. Download and Install

You can get the standard Captcha module here


Download the module from

Go to Modules > Install new module and browse to find the file on your computer and upload it.

Step 2. Activate


You will see that two modules have been installed. You can see in the description that they are dependent upon one another so be sure to enable them both.

Click the check boxes and scroll to the bottom of the page and save to enable the the modules.


You will then be able to access the “Configure” option for both modules. Click Configure on CAPTCHA first.

A CAPTCHA can be added to virtually each Drupal form. Some default forms are already provided in the form list, but arbitrary forms can be easily added and managed when the option “Add CAPTCHA administration links to forms” is enabled.

Users with the “skip CAPTCHA” permission won’t be offered a challenge. Be sure to grant this permission to the trusted users (e.g. site administrators). If you want to test a protected form, be sure to do it as a user without the “skip CAPTCHA” permission (e.g. as anonymous user).

Step 3. Configure the module


Configure the Default Challenge type. This will be used by all forms unless you change the type for an individual form.
The module comes with two types of challenges built in.

  • Math: requires the user to solve a simple math problem.
  • Image: presents an obscured image of a word that can’t be read by a machine.

Each form you have on the site will be listed and you can customize the challenge type on each form individually from a drop down box in the Challenge Type column.

Step 4. Decide if all forms are going to use CAPTCHA


A CAPTCHA can be added to virtually each Drupal form, in both the user side and the administrative side .Some default forms are already provided in the form list, but arbitrary forms can be easily added and managed when the option “Add CAPTCHA administration links to forms” is enabled.

You can completely control whom is required to fill out capture by editing the permissions in the usual manner. Users with the “skip CAPTCHA” permission won’t be offered a challenge. Be sure to grant this permission to the trusted users (e.g. site administrators). If you want to test a protected form, be sure to do it as a user without the “skip CAPTCHA” permission (e.g. as anonymous user).


You can skip this button. For efficiency, the positions of the CAPTCHA elements in each of the configured forms are cached. Most of the time, the structure of a form does not change and it would be a waste to recalculate the positions every time. Occasionally however, the form structure can change (e.g. during site building) and flushing the CAPTCHA placement cache can be required to fix the CAPTCHA placement. There is no need to do this in the original setup. You only need to do it if you make changes to the structure of the forms.

Step 5. Add a description to the form for the visitor.


Click the check box, and the Challenge description field will be available for you to fill in. By default this doesn’t show. This description will be visible to everyone. You don’t have to use it.

Step 6. Set validation and persistence


Read the choices and you can make the validation more or less difficult by requiring case sensitivity. You can make things simpler for users, by hiding the form once they’ve logged in and completed the first challenge.

Save the Configuration and you are ready to use CAPTCHA.

Step 7. Configure image CAPTCHA if desired


This is an optional step. This configuration will help you match the challenge image to your design. You can choose colors, type fonts, and other parameters to create the display of the challenge image.

The image is generated on the fly for each request, which is rather CPU intensive for the server. Be careful with the size and computation related settings.


Make your image CAPTCHA configuration choices and you’re completely done. There are some other styles of CAPTCHA that you can try if you like them. Here’s a list with a brief description.

Other CAPTCHA styles explained

There are links to these downloads on the same page as CAPTCHA They are essentially “extensions to the extension” and are designed to add more security to the process.

reCAPTCHA – Uses the reCAPTCHA web service to improve the CAPTCHA system and protect email addresses.

CAPTCHA Pack – The CAPTCHA Pack module contains several CAPTCHA types for use with the CAPTCHA module. The CAPTCHA Pack module is meant to provide lightweight, yet effective alternatives for the traditional image CAPTCHA, which is undesirable in certain situation (e.g. bandwidth restrictions, cpu restrictions, accessibility constraints, etc).

Text CAPTCHA – This module provides a CAPTCHA which uses logic questions instead of standard visual or auditory challenges. This can help to improve the accessibility of CAPTCHAs, although it should be stated that no solution is perfect. The module uses the web service to provide logic questions and a list of possible appropriate answers.

Egglue Semantic CAPTCHA – The Egglue CAPTCHA module uses the Egglue Semantic CAPTCHA web service for generating over 10,000 knowledge-based, accessible CAPTCHA challenges on a Drupal site. The CAPTCHA module is required.

Captcha Riddler – Captcha Riddler is a sub module of Captcha that lets site administrators create their own questions to foil automated spam bots.

Hidden CAPTCHA – Hidden CAPTCHA is an extension to the CAPTCHA module. It offers a hidden CAPTCHA (duh!) The idea is very simple: If you offer an input box in any form, 99% of the time, robots will fill it with something before posting the form. If you offer an input box that has to stay empty, then the CAPTCHA system will prevent posts by robots.

CAPTCHA after – Show CAPTCHA protection on selected forms after specified number of unsuccessful form submit attempts has been made.


0 0 votes
Article Rating
Notify of

Newest Most Voted
Inline Feedbacks
View all comments
12 years ago

Super tutorial, greatly appreciated 🙂 Thanks

11 years ago

The explanation is ok. But captcha do not work in my installation.
11 years ago

You have to be logged off to see captcha

11 years ago

First: Thanks for this tutorial. Now: Problem

I implemented March (2013): newest Commerce Kickstart.

Within hours started spam mail abuse, 1 per h. After first 4 =human testers.

On March 30 I installed +enabled current



For Captcha, the link “Configur” is:


And in fact it goes there, hence not to the configuration interface.

Possible reasons?


Is there a primitive error by/from me?

Or a bug in the Captcha beta version?

Or is that Drupal distribution a problem?

Or did the spammers hack the Drupal code during the setup hours?

11 years ago

Captcha working like expected on my other new Drupal site (standard Drupal + added CivCRM).

So it is perhaps a problem of “Drupal Commerce Kickstart” or some other unusual problem.

Permisssions are identical for all directories and files concerned, between both Drupals.

It is perhaps not a fault to have this case added to a tutorial. But it is out of the scope of a tutorial. I will try the usual steps for problem localization. If not to detect, it will be transmitted to the issue list (Captcha development or Kickstart).

11 years ago

Very good tutorial thanks.

First time for me.

The only thing is that it says I should set a challenge for the search form. I don’t need one there.

9 years ago

Perfect! Thanks 🙂
9 years ago

this is very help full content for me. [url=][/url]

mark bill
mark bill
9 years ago


course, what a superb site with wonderful posts, enlightening issues has been

discussed I like it.
[url=]bypass captcha[/url]

Cak irul
Cak irul
9 years ago

I can not see FORM_ID in drupal me, please what’s the solution that I can see the list FORM_ID?

8 years ago

How to set captcha expire time ?

6 years ago

how to add CAPTCHA after module in webform

Would love your thoughts, please comment.x