🎉 Use coupon MYXERO to enjoy 20% recurring discount on any plan. View Pricing
XeroWP
SecureGate Captcha Lite
SecureGate Captcha Lite

SecureGate Captcha Lite

0/5 (0 ratings) 10 active installs Updated Apr 27, 2026
brute force protectioncaptchasecurityspam protectionturnstile
Download v1.1.0 Plugin Website
<strong>General Settings</strong> - Clean, modern interface for enabling protection and configuring global settings

<strong>General Settings</strong> - Clean, modern interface for enabling protection and configuring global settings

SecureGate Captcha Lite is a high-performance security suite built to safeguard your WordPress site from intrusive spam, malicious bots, and brute-force attacks. Leveraging professional-grade tools like Cloudflare Turnstile alongside our unique Math and Character CAPTCHA fallback system, we ensure your site remains impenetrable while maintaining a seamless, privacy-first experience for legitimate users.

Protect Your Store – Upgrade to Pro Now

Why Choose SecureGate Captcha Lite?

Complete Protection
Secure all critical WordPress forms including admin login, user registration, password reset, and comment submissions. Each form can be individually enabled or disabled based on your needs.

Privacy-First Approach
Built with GDPR compliance in mind. Uses Cloudflare Turnstile for privacy-focused bot detection and includes a self-hosted fallback CAPTCHA that requires zero external API connections.

Lightning Fast Performance
Optimized code that loads only when needed. No bloat, no unnecessary requests, and fully compatible with all major caching plugins to ensure your site remains fast.

Smart Rate Limiting
Intelligent rate limiting prevents brute-force attacks by tracking failed login attempts and automatically locking out suspicious IP addresses temporarily.

Easy to Configure
Intuitive admin interface with clear settings for CAPTCHA providers, protected forms, and security rules. Get started in minutes with sensible defaults.

Core Features

CAPTCHA Providers

  • Cloudflare Turnstile – Modern, privacy-focused CAPTCHA with excellent UX

    • Free forever with generous limits
    • Invisible verification for most users
    • No user frustration with image puzzles
    • Privacy-compliant (no cookies or tracking)
    • Easy API key setup

  • Built-in Fallback CAPTCHA – Self-hosted protection that works always

    • Math challenges (simple arithmetic)
    • Warped text recognition challenges
    • No external dependencies or API keys
    • GDPR compliant by design
    • Perfect for restricted networks

Protected Forms

  • WordPress Login – Protect admin and frontend login forms from credential stuffing
  • User Registration – Stop spam bot registrations instantly
  • Password Reset – Prevent password reset abuse and email flooding
  • Comment Forms – Block spam comments without moderation queues

Security Features

  • Rate Limiting – Configure maximum failed attempts before temporary lockout
  • Automatic IP Blocking – Temporary bans for suspicious IPs based on behavior
  • Customizable Thresholds – Set your own limits for attempts and lockout duration
  • Admin Exemptions – Administrators are automatically exempt to prevent lockouts
  • IP Allowlisting – Bypass CAPTCHA for trusted IP addresses

Privacy & Compliance

  • GDPR Ready – Anonymized IP logging with automatic expiration
  • Data Minimization – Only essential data is stored as transients
  • 7-Day Auto-Cleanup – All logs automatically deleted after 7 days
  • No External Tracking – Built-in CAPTCHA requires no third-party services
  • User Control – Administrators can disable all logging if desired

Performance Optimizations

  • Conditional Loading – Scripts load only on protected pages
  • Zero Impact – No performance degradation on unprotected pages
  • Cache Friendly – Works seamlessly with WP Rocket, W3 Total Cache, LiteSpeed Cache
  • Lightweight Assets – Optimized CSS and JavaScript for minimal footprint
  • Database Efficiency – Uses WordPress transients instead of permanent database rows

Perfect For

  • Bloggers – Protect comments from spam without moderation
  • Membership Sites – Secure registration and login processes
  • Business Websites – Prevent fake registrations and form abuse
  • Personal Blogs – Simple setup with powerful protection
  • Portfolio Sites – Keep contact forms and comments spam-free

Technical Specifications

  • WordPress Version: 5.8 or higher
  • PHP Version: 7.4 or higher (PHP 8.0+ recommended)
  • Multisite Compatible: Yes
  • Translation Ready: Yes (with .pot file included)
  • Performance Impact: Negligible (loads only on protected forms)
  • Browser Support: All modern browsers (Chrome, Firefox, Safari, Edge)

Supported CAPTCHA Providers

Cloudflare Turnstile
Turnstile is Cloudflare’s modern, privacy-preserving alternative to traditional CAPTCHAs. It uses sophisticated browser challenges that are invisible to most legitimate users while effectively blocking bots.

Built-in Fallback CAPTCHA
Our self-hosted CAPTCHA system offers two challenge types:
Math Challenges: Simple arithmetic problems (e.g., “What is 7 + 3?”)
Text Recognition: Warped text characters requiring human recognition

Both are effective against automated bots while remaining accessible to humans.

Comparison with Other CAPTCHA Plugins

Unlike many CAPTCHA plugins that rely solely on external services, SecureGate Captcha Lite provides:
– Multiple provider support with automatic fallback
– Self-hosted option for complete independence
– Advanced rate limiting built-in
– Modern, user-friendly admin interface
– Regular updates and active development
– Clean, well-documented code

Privacy & Data Collection

What Data Does This Plugin Collect?

SecureGate Captcha Lite is designed with privacy as a core principle:

Stored Locally (in your WordPress database as transients):
* Anonymized IP addresses (last octet removed)
* Timestamp of verification attempts
* Success/failure status of CAPTCHA verifications
* Failed attempt counters for rate limiting

NOT Stored:
* User emails or usernames
* Personal identifying information
* Browser fingerprints
* Tracking cookies (plugin-side)
* Permanent user profiles

External Service Data:
When Cloudflare Turnstile is enabled, user browser data is sent to Cloudflare for bot detection. Please review Cloudflare’s Privacy Policy for details.

When using the Built-in CAPTCHA, NO external services are contacted.

Data Retention:
All logs are stored as WordPress transients and automatically deleted after 7 days. Administrators can disable logging entirely in settings.

Right to Erasure:
No personal data is collected that would require manual erasure requests under GDPR.

Support & Documentation

Need Help?

  • Documentation: Visit the plugin page for guides and tutorials
  • Support Forum: Get help from the community at WordPress.org Support
  • Bug Reports: Report issues on the support forum
  • Feature Requests: Share your ideas on the support forum

Response Time:
We monitor the support forum regularly and aim to respond within 24-48 hours for most queries.

Credits & Acknowledgments

Developed with ❤️ by R.Sabbir

Third-Party Services:
When Cloudflare Turnstile is enabled, this plugin connects to Cloudflare’s servers for CAPTCHA verification. By using Turnstile, you agree to Cloudflare’s Terms of Service and Privacy Policy.