Support for hCaptcha as an Alternative to reCAPTCHA

dmitrijs.zalostiba · May 13, 2025, 12:34pm

As part of our ongoing efforts to improve privacy, reduce dependency on Google services, we would like to request native support for hCaptcha in OJS.
We are currently on OJS 3.4.0.8 for DEV and 3.4.0.5 PROD.

While reCAPTCHA is widely used, there is growing evidence that it is no longer sufficient on its own for bot mitigation in some environments. For example, in the Moodle community, there have been numerous reports of spam bots bypassing reCAPTCHA-protected forms — including user registrations and forum posts — even when reCAPTCHA v2 or v3 is in use.

This calls into question the sole reliance on reCAPTCHA and demonstrates the need for OJS to support alternative CAPTCHA solutions.

hCaptcha has emerged as a robust and privacy-focused alternative, offering comparable protection while being more compliant with privacy regulations (such as GDPR and CCPA) and not dependent on Google services.

Request is made by Server/System administrator.

Documentation available here:
https://docs.hcaptcha.com/

kaitlin · May 13, 2025, 3:08pm

Hi @dmitrijs.zalostiba, though it is not hCaptcha, I did want to flag that Altcha will be supported in OJS in the upcoming 3.5 release, so we will now have an alternative available. Here’s the relevant GitHub issue for more details.

dmitrijs.zalostiba · May 14, 2025, 6:14am

Thank you for Your response!

That’s a good start, but researching further creates some doubts. Maybe I’m to paranoid, but hCaptcha proves to be more secure for large-scale public sites.
Still having multiple options as a add-on/plugin - would be convenient to test it all out in real-environment scenarios.

Best regards

marc · May 14, 2025, 7:14am

Thanks for rasing this up Dmitris.

I agree we need a reCaptcha alternative (for the arguments exposed) but I will suggest adopting a FOSS solution (like the Altcha) instead of hCaptcha.