How Captcha is Created (Complete Information)

how Captcha is created
How Captcha is Created

You must have surely seen some random challenges on websites that ask you to solve them by clicking on the images or retyping the phrases or words inside the box, right? Well, these random challenges that pop up on your screen, are known as the Completely Automated Public Turing test to tell Computers and Humans Apart (Captcha in short) that helps a website in shielding itself from the automated bots that try to launch malicious attacks like DDOS and spam. But, have you ever wondered how a new Captcha code gets generated every time? Well, if you are unaware of it, then don’t worry, because in this article we are going to discuss how Captcha is created.

So, what are you waiting for!

Just jump into the main discussion and get your doubts cleared.


How Captcha is created?

A unique Captcha is created every time by using the rand () function “(rand()%62)”, which generates a random number between 0 to 61, which is then taken as an index to the character array “chrs []”. Moreover, this loop runs “n” number of times to generate Captcha of a given length.

Note: The set of characters that helps generate a Captcha are stored in character array “chrs[]”, which contains “a-z”, “A-Z”, “0-9”, thus the size of chrs[]=62.

Is there any advanced technology rather than Captcha?

If you don’t want to implement the stone aged Captcha challenge that asks users to retype distorted random letters or numbers, then you can opt for Google’s revamped version of Captcha called reCaptcha v2, that enables a user to enter a webpage by clicking on the “I am not a robot” checkbox, thus removing the hassle of solving those annoying Captcha challenges.

So, if you want to enable this advanced version of reCAPTCHA on your website, then follow this simple tutorial that is mentioned below.

How to enable Google’s reCAPTCHA on a WordPress site?

If you want to enable Google’s reCaptcha on your WordPress website using reCaptcha plugin, then you can follow these steps:

  • Firstly, log in to your WordPress site as an “Administrator.”
  • Now, under Dashboard click on “Plugins.”
  • Then click on “Add new.”
  • Now, type “google captcha” in the search text box.
  • After that, click on “Search Plugins.”
  • Now find the “Google reCaptcha” plugin.
  • Then, click on “Install Now.”
  • Let WordPress finish the installation process.
  • After that, click on “Plugins” under Dashboard and then on “Installed Plugins.”
  • Now, find the “Google reCaptcha” plugin and then activate it by clicking on “Activate.”
  • Then, Click on “Settings.”
  • Now, you will be asked to create a “Public” as well as a “Private Key” to use Google Captcha, so, to do that, click on the registration link under “Authentication”, and then follow the instructions.
  • After you receive your keys from Google, type the public key and the private key into their respective text boxes.
  • Now, under “Options” select the settings that you want, and then click on “Save Changes.”
  • You have successfully activated reCaptcha for your site. So, if you wish to test it, then just visit the front page of your WordPress site, and then click on the comment link for a post. You will notice that a reCaptcha challenge is displayed in the submission form.

How many types of Captchas are available to date?

There are a total of 7 types of Captcha challenges available to date, and they are:

Text Captcha:

This is the first type of Captcha that was and is still used to protect websites from random bot attacks. Usually, this type of Captcha challenge contains randomly generated distorted texts or numbers, which a user needs to retype inside the submit box to move further.

Text-Image Captcha:

After the vulnerability of “Text Captcha” was exposed, website developers started to look for an alternative, and that’s where Google introduced its Captcha reCaptcha version where users were provided with text in an image format, which was to be retyped in the submit box.

Moreover, the text images that were generated by the Captcha bot were extracted from random digital books, magazines, road signs, and billboards.

Audio Captcha:

This type of Captcha was invented to make the solving task easy for visually impaired individuals. Not to mention, it played the Captcha code in an audio format with some background noises added to it, so that it gets extremely difficult for a bot to solve them.

Math Captcha:

Math Captcha is one of the most common types of Captcha challenge used on government websites like EPFINDIA and IRCTC. Now, if we talk about the functionality part, then a user is provided with a math problem like “96+5-20“, which he/she needs to solve in order to proceed ahead. However, a problem like “3-3” should be avoided.

Image Captcha:

Image Captcha or say Image reCaptcha is one of the most used Captcha types around the world. With this challenge, a person is provided with random images that can contain anything, to which a user needs to select only those images which is an exact match for the criteria provided. For instance, an image Captcha may ask you to select only those images that contain “Bus.”

Checkbox Captcha:

In this type of Captcha, a user only needs to checkmark the “I am not a robot” checkbox so that he can pass the Captcha challenge and move on to his/her content. While it may look easy for bots to bypass, it isn’t, because Captcha bots determine whether the user is a human or a bot by closely examining the movement of the mouse pointer, and then giving a score between 0 to 1 accordingly. The lesser the score, the harder to pass the challenge.

Invisible Captcha:

This type of Captcha challenge requires a user to do nothing. Yes, you heard it right, no clicking or solving any kind of challenge. In fact, this Invisible Captcha service runs in the background, so that it can collect the data of a user’s online behavior, including the internet history and cookies, and determine whether the user is a human or a bot.

What are the pros and cons of using a Captcha on a website?

The pros and cons of using a Captcha on a website are as follows:


  • Helps prevent automated bots that can send spammy emails, advertisements, or comments.
  • Prevents fake registration on sign-up forms.
  • Guards against cyber-attacks like DDOS attacks.
  • It becomes easy for websites to understand as they are familiar with Captchas.
  • Captchas can be easily implemented on a website.


  • They are not foolproof and can be bypassed with advanced technology.
  • It only prevents spam attacks.
  • Are time-consuming as well as annoying.
  • Can ruin the user experience.
  • Can kill business conversion rate.
  • A visually impaired person won’t be able to pass through any kind of visual Captchas.
  • Can affect the website ranking.

Can Captcha be bypassed?

Yes, Captcha can be bypassed easily using these methods.

Final Remarks on “how Captcha is created?”

So, after this long discussion, we can conclude that Captcha is created randomly with the help of the “rand()” function. So, if you are planning to use Captcha codes on your website, then I will recommend you follow the step-by-step guide that is mentioned in the article.