GateCHA for WordPress

The official WordPress plugin for GateCHA. Protect your forms with privacy-first ALTCHA proof-of-work CAPTCHA — no cookies, no fingerprinting, no third-party services. Challenges and verification stay on your own GateCHA server.

Get it on WordPress.org Installation Guide
GPL-2.0-or-later WordPress 6.0+ PHP 7.4+ 14 Form Types

Why the GateCHA Plugin?

Privacy-first CAPTCHA protection that respects your users and your data

Privacy-First

No cookies, no fingerprinting, no user tracking, and no data sent to third parties. Fully GDPR-compliant out of the box.

Invisible Proof-of-Work

Bots solve a computational puzzle in the background. No image puzzles, no friction for legitimate visitors.

Server-Side Verification

Every submission is verified by your GateCHA server, with central stats and built-in replay protection.

Bundled Widget

The ALTCHA Web Component ships with the plugin. No external CDN dependency and nothing to load from a third party.

Fail-Open / Fail-Closed

Choose what happens if your GateCHA server is unreachable: block submissions for safety, or allow them to avoid lockouts.

Shortcode for Any Form

Drop the [gatecha] shortcode anywhere to protect custom forms, then verify the altcha field server-side.

14 Protected Form Types

One plugin, every form that matters

Enable CAPTCHA on exactly the forms you want from a single settings page. The plugin mirrors the hooks and filters of the official ALTCHA plugin, so migration is straightforward.

  • Two-step setup: GateCHA URL + API key
  • Toggle each form individually
  • Auto-verify and hide-branding options
  • Centralized stats on your GateCHA dashboard
Get it on WordPress.org

Supported Forms

WordPress Core

  • Login
  • Registration
  • Password Reset
  • Comments

WooCommerce

  • Login
  • Registration
  • Password Reset

Form Plugins

  • Contact Form 7
  • WPForms
  • Gravity Forms
  • Elementor Pro
  • Forminator
  • Formidable Forms
  • HTML Forms

Installation

Protect your forms in three steps

1

Install the Plugin

In your WordPress admin, go to Plugins → Add New, search for GateCHA CAPTCHA, then install and activate it.

2

Connect GateCHA

Go to Settings → GateCHA and enter your GateCHA instance URL and an API key (starts with gk_) from your dashboard.

3

Enable Forms

Tick the forms you want to protect. The ALTCHA widget appears instantly and submissions are verified server-side.

Need a GateCHA server first? Install GateCHA in minutes — one Docker container, zero external dependencies.

Custom form? Place the widget anywhere with the shortcode:

[gatecha]

Available on the WordPress.org plugin directory. Prefer manual installs? Grab the source on GitHub.

Frequently Asked Questions

Do I need a GateCHA server to use the plugin?

Yes. The plugin connects your WordPress site to your own self-hosted GateCHA instance, which generates challenges and verifies solutions. You can deploy GateCHA with a single Docker container.

Is my API key safe in the browser?

The API key is used in the browser to fetch challenges, just like reCAPTCHA and hCaptcha site keys. You can restrict each key to specific domains in your GateCHA dashboard for additional protection.

Does the plugin send data to third parties?

No. All communication is between your WordPress site and your own GateCHA instance at the URL you configure. There is no cloud service, no tracking, and no fingerprinting.

What are the requirements?

WordPress 6.0 or later and PHP 7.4 or later. WooCommerce 8.0+ is optional and only needed if you want to protect WooCommerce forms. You also need a running GateCHA instance and an API key.

Can I bypass the CAPTCHA for automated testing?

Yes. Define a GATECHA_BYPASS_TOKEN constant in wp-config.php and set the altcha field to that token in your tests (Playwright, Cypress, etc.). Never define this constant in production.