PutYourLightsOn

Snaptcha

Installation

Download and unzip Snaptcha, then follow the simple steps below:

1. Upload the system/expressionengine/third_party/snaptcha folder
2. Enable the Snaptcha extension (Control Panel > Add-Ons > Extensions > Enable)
3. Open the Snaptcha extension settings (Control Panel > Add-Ons > Extensions > Snaptcha), enter your license number and make any customisations

Updating

Download and unzip the latest version of Snaptcha, then follow the steps below:

1. Overwrite the system/expressionengine/third_party/snaptcha folder
2. Open the Snaptcha extension settings (Control Panel > Add-Ons > Extensions > Snaptcha) and modify any newly available features

Security Levels

Snaptcha offers three levels of security:

• High - requires javascript (blocking most spam bots) and only allows a form to be submitted once (preventing multiple unwanted form submissions)
• Medium - requires javascript (blocking most spam bots) and allows multiple form submissions
• Low - does not require javascript (relies on spam bots filling in all input fields)

We recommend using the high security level where possible and modifying the error message to suit your chosen security level and users. Please note that if using the high security level you should not use template caching on templates that will use Snaptcha.

Comparison with Honeypot

The Honeypot captcha method is similar to Snaptcha's low security level. It simply adds a hidden input field to the form and "hopes" that spam bots will enter a value into it, thereby giving them away as bots. Snaptcha's medium and high security levels are far more secure than Honeypot, requiring javascript and the latter only allowing single form submissions. This means that the vast majority of spam bots will be blocked.

Settings

Security Level

Select from the security levels described above

Field Name Prefix

The prefix for the hidden snaptcha field (should be a unique value, a random suffix will be used)

Member Registration Validation 

Whether to enable validation of member registration forms (see below for details)

Rejected Form Submission Logging

Whether to enable logging of rejected form submissions (see below for details)

Error Message

The message to display if the user is believed to be a spam bot

Using Snaptcha

Snaptcha will automatically add a hidden field to your Comment forms, Safecracker forms and Freeform forms and will validate it on submission. If it determines that a spam bot is attempting to submit the form then it will prevent the form from being submitted and will output the error message.

If you set Member Registration Validation to "Enabled" then you must manually add the html code provided to your member registration form. The member module does not have a hook that would allow Snaptcha to do this automatically so this step must be done manually.

If you set Rejected Form Submission Logging to "Enabled" then any rejected submissions will be logged to the log.txt file in the Snaptcha folder. The file must be writable so ensure that the permissions are set to 777.