Self-Hosted CAPTCHA
Management Server

Open-source ALTCHA-compatible server with API keys, multi-site support, replay protection, and a statistics dashboard. No cloud. No tracking. Your server.

View on GitHub Get Started

MIT License ~3 MB Binary ~15 MB Docker Image

Features

Everything you need to manage CAPTCHA challenges on your own infrastructure

ALTCHA Compatible

Works with the official ALTCHA widget. Same protocol, same integration, drop-in replacement for ALTCHA Sentinel.

API Key Management

Create per-site API keys with custom difficulty, TTL settings, and domain restrictions for granular control.

Replay Protection

Consumed challenges are tracked and rejected on reuse. Prevents replay attacks automatically.

Statistics Dashboard

Track challenges issued, verifications, and failures per key and per day with built-in Chart.js visualizations.

Single Binary

Vue.js dashboard embedded in a ~3 MB Go binary via go:embed. One file to deploy, nothing else to manage.

Docker Ready

~15 MB image, SQLite embedded, zero external dependencies. One container is all you need.

Security First

Secret rotation, CORS configuration, non-root container, and automatic cleanup of expired challenges.

Zero Dependencies

SQLite embedded database. No PostgreSQL, no Redis, no external services. Fully self-contained.

How It Works

Three steps to protect your forms

Configure

Create an API key in the GateCHA dashboard with your desired difficulty, TTL, and domain restrictions.

Add Widget

Drop the ALTCHA widget into your HTML form with your GateCHA challenge URL and API key.

Verify

GateCHA verifies the proof-of-work solution server-side, rejects replays, and logs statistics.

Installation

Get up and running in minutes

# docker-compose.yml
services:
  gatecha:
    image: ghcr.io/upellift99/gatecha:latest
    container_name: gatecha
    restart: unless-stopped
    ports:
      - "8080:8080"
    volumes:
      - gatecha_data:/app/data
    environment:
      - GATECHA_ADMIN_PASSWORD=changeme

volumes:
  gatecha_data:

Then run docker compose up -d and open http://localhost:8080. Log in with admin / changeme.

docker run -d -p 8080:8080 \
  -v gatecha_data:/app/data \
  -e GATECHA_ADMIN_PASSWORD=your-password \
  ghcr.io/upellift99/gatecha:latest

Open http://localhost:8080 and log in with admin and your chosen password.

# Requires Go 1.26+ and Node.js 20+
git clone https://github.com/Upellift99/GateCHA.git
cd GateCHA
make build
./gatecha

The dashboard is available at http://localhost:8080. Default credentials: admin / changeme.

WordPress Plugin

Official integration for WordPress sites

Protect your WordPress forms with GateCHA's official plugin. Privacy-first CAPTCHA powered by proof-of-work — no cookies, no fingerprinting, no third-party services.

Privacy-first: no cookies, no fingerprinting, GDPR-compliant
Invisible proof-of-work — no image puzzles for users
Bundled ALTCHA widget — no external CDN dependency
Fail-open / fail-closed modes for resilience
[gatecha] shortcode for any custom form

View Plugin on GitHub

14 Protected Form Types

WordPress Core

Login
Registration
Password Reset
Comments

WooCommerce

Login
Registration
Password Reset

Form Plugins

Contact Form 7
WPForms
Gravity Forms
Elementor Pro
Forminator
Formidable Forms
HTML Forms

GateCHA vs ALTCHA Sentinel

Same protocol, different philosophy

	GateCHA	ALTCHA Sentinel
Hosting	Self-hosted	Cloud SaaS
Price	Free (MIT)	Paid plans
Data Ownership	Full	Third-party
ALTCHA Protocol
Widget Compatible
Dashboard	Built-in	Managed
Dependencies	Zero	Cloud infra
Open Source
WordPress Plugin
Multi-site Keys
Replay Protection
Statistics

GateCHA is not affiliated with ALTCHA. GateCHA implements the same open ALTCHA proof-of-work protocol.

Frequently Asked Questions

What is GateCHA?

GateCHA is a self-hosted server that implements the ALTCHA proof-of-work CAPTCHA protocol. It provides API key management, multi-site support, replay protection, and a statistics dashboard. Think of it as an open-source alternative to ALTCHA Sentinel that you host on your own infrastructure.

How does it differ from ALTCHA Sentinel?

ALTCHA Sentinel is a paid cloud SaaS. GateCHA is free, open-source (MIT), and fully self-hosted. You get complete data ownership while using the same ALTCHA protocol and widget.

Does it work with the official ALTCHA widget?

Yes. GateCHA implements the same challenge/verify API that the ALTCHA widget expects. You can use the official ALTCHA widget (MIT licensed) from npm or CDN without any modification.

What are the system requirements?

Docker (any platform) or Go 1.26+ and Node.js 20+ to build from source. GateCHA uses SQLite internally, so there are no database servers to set up. The Docker image is approximately 15 MB.

Is there a WordPress plugin?

Yes. The official GateCHA WordPress plugin protects 14 form types including WordPress core forms, WooCommerce forms, and popular form builder plugins like Contact Form 7, WPForms, Gravity Forms, and more. It requires PHP 7.4+ and WordPress 6.0+.

How is user privacy protected?

GateCHA uses proof-of-work challenges instead of image puzzles. There are no cookies, no fingerprinting, no tracking, and no data sent to third parties. All data stays on your server. The approach is fully GDPR-compliant.

Can I use it with multiple websites?

Yes. You create separate API keys for each site with individual difficulty, TTL, and domain restriction settings. Statistics are tracked per key, giving you visibility into each site's CAPTCHA activity from a single dashboard.

Self-Hosted CAPTCHAManagement Server