Spam protection (CAPTCHA)

Kentico allows you to protect your website from automated spam bots. You can secure all forms where users enter data, by requiring users to type a security code called CAPTCHA.

You can use CAPTCHA to tell humans and computers apart in the following places:

  • Blog comments
  • Custom tables
  • Document types
  • Forms
  • Forums
  • Message boards
  • Other web parts that allow user input

Changing the default CAPTCHA type

You can choose which CAPTCHA type you will use in the system:

  • Simple - prompts users to retype a sequence of numbers from an image.

    Simple CAPTCHA

  • Logic - asks users to solve a simple arithmetic problem or to compare two numbers. Example: “one + four”; “Is six > than eight? (true/false)

    Logic CAPTCHA

  • Text - prompts users to retype a sequence of numbers, each number into an individual box.

    Text CAPTCHA

  • reCAPTCHA - uses a web service that provides images of words that users have to retype. You must configure reCAPTCHA before using it.


We recommend to use reCAPTCHA or logic CAPTCHA, as these are the most secure types and are hard to be fooled by automated programs.

The default CAPTCHA type is Simple. To change the default type:

  1. Go to Settings -> Security & Membership -> Protection.
  2. Under CAPTCHA settings, select a Control to use.
  3. Save the settings.

When you change the CAPTCHA type, all web parts that have CAPTCHA enabled use the new type. Also, all fields in custom tables, document types, and forms that use the Security code control, use the new type of CAPTCHA. Fields that use a specific CAPTCHA control don’t change.

Configuring reCAPTCHA

ReCAPTCHA is an on-line service which allows your application to tell apart humans and computers. ReCAPTCHA displays an image of two distorted words and requires users to enter those words into a text box. Users must enter at least one of the words correctly to pass the verification.

Before you start using reCAPTCHA you must sign up for using it and obtain a public and a private API key. Then you must register the API keys in the system.

To obtain the API keys for reCAPTCHA:

  1. Go to and sign up with your Google account.
  2. If you have configured reCAPTCHA for another site before, click My Account, then Add a New Site.
  3. On the Create a reCAPTCHA key page, enter the domain name that you want to use reCAPTCHA on. Follow the instructions on the page.
  4. Click Create Key.

To register the keys in Kentico:

  1. Go to Settings -> Security & Membership -> Protection.
  2. Under CAPTCHA settings, paste the Public Key and Private Key from your domain details into reCAPTCHA public API key and reCAPTCHA private API key settings, respectively.
  3. Save the settings.

With the API keys entered into the system, you can select reCAPTCHA as the default CAPTCHA type, or you can select reCAPTCHA as a control for a field in custom tables, documents types, or forms.