Self-Hosted CAPTCHA
Management Server
Open-source ALTCHA-compatible server with API keys, multi-site support, replay protection, and a statistics dashboard. No cloud. No tracking. Your server.
Features
Everything you need to manage CAPTCHA challenges on your own infrastructure
ALTCHA Compatible
Works with the official ALTCHA widget. Same protocol, same integration, drop-in replacement for ALTCHA Sentinel.
API Key Management
Create per-site API keys with custom difficulty, TTL settings, and domain restrictions for granular control.
Replay Protection
Consumed challenges are tracked and rejected on reuse. Prevents replay attacks automatically.
Statistics Dashboard
Track challenges issued, verifications, and failures per key and per day with built-in Chart.js visualizations.
Single Binary
Vue.js dashboard embedded in a ~3 MB Go binary via go:embed. One file to deploy, nothing else to manage.
Docker Ready
~15 MB image, SQLite embedded, zero external dependencies. One container is all you need.
Security First
Secret rotation, CORS configuration, non-root container, and automatic cleanup of expired challenges.
Zero Dependencies
SQLite embedded database. No PostgreSQL, no Redis, no external services. Fully self-contained.
How It Works
Three steps to protect your forms
Configure
Create an API key in the GateCHA dashboard with your desired difficulty, TTL, and domain restrictions.
Add Widget
Drop the ALTCHA widget into your HTML form with your GateCHA challenge URL and API key.
Verify
GateCHA verifies the proof-of-work solution server-side, rejects replays, and logs statistics.
Installation
Get up and running in minutes
# docker-compose.yml
services:
gatecha:
image: ghcr.io/upellift99/gatecha:latest
container_name: gatecha
restart: unless-stopped
ports:
- "8080:8080"
volumes:
- gatecha_data:/app/data
environment:
- GATECHA_ADMIN_PASSWORD=changeme
volumes:
gatecha_data:
Then run docker compose up -d and open http://localhost:8080. Log in with admin / changeme.
docker run -d -p 8080:8080 \
-v gatecha_data:/app/data \
-e GATECHA_ADMIN_PASSWORD=your-password \
ghcr.io/upellift99/gatecha:latest
Open http://localhost:8080 and log in with admin and your chosen password.
# Requires Go 1.26+ and Node.js 20+
git clone https://github.com/Upellift99/GateCHA.git
cd GateCHA
make build
./gatecha
The dashboard is available at http://localhost:8080. Default credentials: admin / changeme.
WordPress Plugin
Official integration for WordPress sites
Protect your WordPress forms with GateCHA's official plugin. Privacy-first CAPTCHA powered by proof-of-work — no cookies, no fingerprinting, no third-party services.
- Privacy-first: no cookies, no fingerprinting, GDPR-compliant
- Invisible proof-of-work — no image puzzles for users
- Bundled ALTCHA widget — no external CDN dependency
- Fail-open / fail-closed modes for resilience
-
[gatecha]shortcode for any custom form
14 Protected Form Types
WordPress Core
- Login
- Registration
- Password Reset
- Comments
WooCommerce
- Login
- Registration
- Password Reset
Form Plugins
- Contact Form 7
- WPForms
- Gravity Forms
- Elementor Pro
- Forminator
- Formidable Forms
- HTML Forms
GateCHA vs ALTCHA Sentinel
Same protocol, different philosophy
| GateCHA | ALTCHA Sentinel | |
|---|---|---|
| Hosting | Self-hosted | Cloud SaaS |
| Price | Free (MIT) | Paid plans |
| Data Ownership | Full | Third-party |
| ALTCHA Protocol | ||
| Widget Compatible | ||
| Dashboard | Built-in | Managed |
| Dependencies | Zero | Cloud infra |
| Open Source | ||
| WordPress Plugin | ||
| Multi-site Keys | ||
| Replay Protection | ||
| Statistics |
GateCHA is not affiliated with ALTCHA. GateCHA implements the same open ALTCHA proof-of-work protocol.
Frequently Asked Questions
What is GateCHA?
GateCHA is a self-hosted server that implements the ALTCHA proof-of-work CAPTCHA protocol. It provides API key management, multi-site support, replay protection, and a statistics dashboard. Think of it as an open-source alternative to ALTCHA Sentinel that you host on your own infrastructure.
How does it differ from ALTCHA Sentinel?
ALTCHA Sentinel is a paid cloud SaaS. GateCHA is free, open-source (MIT), and fully self-hosted. You get complete data ownership while using the same ALTCHA protocol and widget.
Does it work with the official ALTCHA widget?
Yes. GateCHA implements the same challenge/verify API that the ALTCHA widget expects. You can use the official ALTCHA widget (MIT licensed) from npm or CDN without any modification.
What are the system requirements?
Docker (any platform) or Go 1.26+ and Node.js 20+ to build from source. GateCHA uses SQLite internally, so there are no database servers to set up. The Docker image is approximately 15 MB.
Is there a WordPress plugin?
Yes. The official GateCHA WordPress plugin protects 14 form types including WordPress core forms, WooCommerce forms, and popular form builder plugins like Contact Form 7, WPForms, Gravity Forms, and more. It requires PHP 7.4+ and WordPress 6.0+.
How is user privacy protected?
GateCHA uses proof-of-work challenges instead of image puzzles. There are no cookies, no fingerprinting, no tracking, and no data sent to third parties. All data stays on your server. The approach is fully GDPR-compliant.
Can I use it with multiple websites?
Yes. You create separate API keys for each site with individual difficulty, TTL, and domain restriction settings. Statistics are tracked per key, giving you visibility into each site's CAPTCHA activity from a single dashboard.