Title: OpenPorte Spam Protection Author: huygens-25 Published: June 15, 2026 Last modified: June 15, 2026 --- Search plugins ![](https://ps.w.org/openporte/assets/icon.svg?rev=3573221) # OpenPorte Spam Protection By [huygens-25](https://profiles.wordpress.org/huygens-25/) [Download](https://downloads.wordpress.org/plugin/openporte.1.27.1.zip) * [Details](https://wordpress.org/plugins/openporte/#description) * [Reviews](https://wordpress.org/plugins/openporte/#reviews) * [Installation](https://wordpress.org/plugins/openporte/#installation) * [Development](https://wordpress.org/plugins/openporte/#developers) [Support](https://wordpress.org/support/plugin/openporte/) ## Description OpenPorte is a community-maintained fork of the ALTCHA Spam Protection plugin for WordPress (version 1), which provides a free, open source, self-hostable, privacy- friendly CAPTCHA alternative based on a proof- of-work mechanism — no cookies, no tracking, GDPR-friendly by design. For the list of contributors, refer to our GitHub project: [Contributors](https://github.com/jcberthon/openporte/graphs/contributors?from=1.6.2024). #### Background The original ALTCHA WordPress plugin (v1) was open source (GPLv2). Its authors have since released a version 2/3 which is no longer open source, and some features that were free in v1 are now paid. They no longer maintain v1 and recommend that users migrate to v2/v3. See the official project at https://altcha.org for their offering. OpenPorte continues the v1 line as free software (GPLv2 or later) for users who want to stay on a fully open-source, self-hosted solution. It is a faithful fork: existing v1 installations can switch to OpenPorte and keep their settings (see Upgrading). #### Compatibility OpenPorte is backward-compatible with ALTCHA v1: * Your existing settings are migrated automatically on activation. * The `[altcha]` shortcode keeps working (alongside the new `[openporte]`). * The `altcha_*` filters and actions keep firing as deprecated aliases. See the Deprecations section for the full list of compatibility aliases and what they map to. ### Upgrading #### From the original ALTCHA v1 plugin Deactivate the old ALTCHA plugin, then install and activate OpenPorte. Your existing configuration is detected and copied into the OpenPorte settings on first activation; the original ALTCHA settings are left untouched, so you can roll back to ALTCHA v1 without losing anything. Do not run both plugins at the same time. ### Deprecations The following ALTCHA-era identifiers are kept as aliases for backward compatibility and are scheduled for removal in a future release: * The `[altcha]` shortcode — use `[openporte]`. * The `altcha/v1` REST namespace — use `openporte/v1`. * The `altcha_*` filters and actions — now firing through WordPress’ deprecated hook mechanism; use the `openporte_*` equivalents. * The `AltchaPlugin` class and the `ALTCHA_VERSION` / `ALTCHA_WIDGET_VERSION` constants — use `OpenPortePlugin` and the `OPENPORTE_*` constants. * Integrations targeting paid-only third-party plugins; affected users should migrate to the official ALTCHA v2/v3 plugin. ### Privacy #### No cookies, no tracking OpenPorte prioritizes user privacy by avoiding the use of cookies and fingerprinting techniques. #### No external service This plugin remains fully contained within your WordPress installation, eliminating any reliance on external services. ### Modes of Operation OpenPorte verifies submissions in one of two modes, selected in the settings (API Mode): * Self-hosted (default) — a proof-of-work challenge is issued and verified by your own WordPress site through the REST API. Fully self-contained, with no external service and no additional setup beyond enabling the integrations you need. * Custom — point the Challenge URL at your own ALTCHA-compatible backend (for example a self-hosted ALTCHA Sentinel). Submissions are verified with your site’s signing secret. The paid altcha.org regional SaaS classifier offered by earlier versions has been removed; both remaining modes are free and self-hostable. ### REST API This plugin requires the WordPress REST API. If you are using any “Disable REST API” plugins, ensure that the endpoint `/altcha/v1/challenge` (marked for deprecation) and `/openporte/v1/challenge` are allowed. ### Supported Integrations * CoBlocks * Contact Form 7 * Elementor Pro Forms (deprecated — paid plugin, see Deprecations) * Formidable Forms * Forminator * GravityForms * HTML Forms * WPDiscuz * WPForms * WP-Members * WordPress Login, Register, Password reset * WordPress Comments * WooCommerce * Custom HTML (via the `[openporte]` shortcode, or the deprecated `[altcha]` alias) ### Source Code All source code for the plugin, and the ALTCHA widget is available on GitHub. In the repository, you’ll also find versions of non-minified JavaScript and CSS assets: * Plugin: https://github.com/jcberthon/openporte * ALTCHA Widget: https://github.com/altcha-org/altcha ## Installation Download, install and activate `OpenPorte Spam Protection`. Alternatively, install the plugin manually: 1. Download the `.zip` from the [Releases](https://github.com/jcberthon/openporte/releases). 2. Upload `openporte` folder to the `/wp-content/plugins/` directory 3. Activate the plugin through the ‘Plugins’ menu in WordPress 4. Review the settings and enable your integrations ## Reviews There are no reviews for this plugin. ## Contributors & Developers “OpenPorte Spam Protection” is open source software. The following people have contributed to this plugin. Contributors * [ huygens-25 ](https://profiles.wordpress.org/huygens-25/) [Translate “OpenPorte Spam Protection” into your language.](https://translate.wordpress.org/projects/wp-plugins/openporte) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/openporte/), check out the [SVN repository](https://plugins.svn.wordpress.org/openporte/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/openporte/) by [RSS](https://plugins.trac.wordpress.org/log/openporte/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.27.1 * Renamed the Elementor form-field integration class to use the `OpenPorte_` prefix, as requested by the wordpress.org plugin review (avoids the reserved `Elementor` prefix). No behaviour change. * Removed the wordpress.org directory icon files from the plugin package; they are deployed separately as directory assets. * Removed the `load_plugin_textdomain()` call: since WordPress 4.6 (we require 5.6+) translations are loaded automatically by core. No behaviour change. #### 1.27.0 * Forked ALTCHA Spam Protection v1 as OpenPorte, a community-maintained, fully open-source (GPLv2 or later) continuation. * Rebranded the plugin to OpenPorte: new `[openporte]` shortcode and `openporte/ v1` REST namespace, with the `[altcha]` shortcode, `altcha/v1` endpoint, `altcha_*` hooks and the `ALTCHA_*` / `AltchaPlugin` symbols kept as deprecated aliases ( see Deprecations). * Existing ALTCHA v1 settings are copied into the OpenPorte namespace on activation; the original `altcha_*` options are left in place so you can roll back. * Removed the paid altcha.org regional SaaS classifier; self-hosted proof-of-work and custom self-hostable backends are unchanged. * Security: HMAC signatures are now compared with `hash_equals()` (timing-safe). * Wrapped the “This form requires JavaScript!” message so it can be translated. * Corrected the documented minimum requirements to match the plugin’s existing PHP 8.0 / WordPress 5.6 floor. Contributors (GitHub) for this release: jcberthon, ded-furby. Co-contributors: Mistral (AI), Claude (AI), GPT-OSS (AI). #### 1.26.3 * Fixed possible replay attacks via salt splicing. #### 1.26.2 * Updated readme for the new version 2. #### 1.26.1 * Fix Elementor Pro Forms widget rendering #### 1.26.0 * Added Formidable Forms integration * Fixed PHP warning in the verify function * ALTCHA Widget 2.2.2 #### 1.25.0 * Added hooks for improved customization and integration flexibility. [#45] #### 1.24.0 * Fix issue with duplicate widget rendering in Elementor popups and WPDiscuz replies #### 1.23.0 * Support for CoBlocks #### 1.22.1 * Fix Gravity Forms validation with custom server #### 1.22.0 * Fix Forminator multi-page forms * Fix Gravity Forms with Sentinel and fields classification #### 1.21.0 * ALTCHA Widget 2.0.2 * Widget scripts are now injected only on pages, which include the widget * Support for custom Challenge URL and ALTCHA Sentinel #### 1.20.0 * Enfold Theme (contact and newsletter forms) integration #### 1.19.0 * Fix submit issues with Contact Form 7 + Conditional fields #### 1.18.0 * Fix language with Contact Form 7 #### 1.17.0 * Update widget to 1.2.0 * Widget removes support for Expires header fixing potential auto-revalidation issues * Widget script provided as a UMD module allowing for JS minification #### 1.16.0 * Fix reply to comments from the admin page [#36] #### 1.15.0 * Translations with gettext and automatic language detection [#33] #### 1.14.1 * Fix the “Settings” link [#32] #### 1.14.0 * Automatic language detection [#31] * Change placement of the “Settings” link in the plugin list [#32] #### 1.13.1 * Ignore WooCommerce form submissions in WordPress integration [#30] #### 1.13.0 * WooCommerce integration [#26] * Improved validation message [#27] * Password lost error message [#28] #### 1.12.0 * HTML Forms – skip verification if the shortcode is not in the form markup [#23] #### 1.11.1 * Fix Forminator compatibility issue #### 1.11.0 * Added support for WP-Members #### 1.10.0 * Added support for WPDiscuz #### 1.9.3 * Fix REST API Cache-Control header #### 1.9.2 * Enable Custom HTML (shortcode) integration by default when activated #### 1.9.1 * PHP 7 support (replace str_contains by strpos) [#19] #### 1.9.0 * Widget updated to version 1.0.0 * CF7 – fix widget placement * Fix page caching #### 1.8.0 * Shortcode (custom integration) – fix mode (SpamFilter) #### 1.7.0 * HTML Forms – add Shortcode option #### 1.6.1 * Fix WordPress login integration #### 1.6.0 * Fix Elementor Pro Forms widget rendering * Fix Contact Form 7 widget position and shortcode support #### 1.5.0 * Fix REST base URL (+ REST prefix removed from settings) [#13] #### 1.4.0 * Support for Elementor Pro Forms * Widget updated to 0.6.7 #### 1.3.1 * Fix site_url parsing issue [#11] #### 1.3.0 * Added support for custom REST API prefixes #### 1.2.0 * Forminator – fix widget rendering with file input * Widget updated to 0.6.4 #### 1.1.0 * Shortcode – support for `language` attribute #### 1.0.0 * Widget updated to 0.6.3 #### 0.3.0 * Added nonce sanitization * Removed server-side spam filter (required for Plugin Directory) #### 0.2.1 * Fixes requested by Plugin Directory review * Fixed various Spam Filter issues #### 0.2.0 * Widget updated to 0.6.0 * Added support for Floating UI #### 0.1.7 * Fix Forminator multi-step forms #### 0.1.6 * Widget updated to 0.5.1 #### 0.1.5 * Fixes requested by Plugin Directory review #### 0.1.4 * GravityForms – added label and description options * Altcha widget updated to 0.4.3 #### 0.1.3 * Fixed “lost password” verification bug * Altcha widget updated to 0.4.1 #### 0.1.2 * Fixed widgets footer link and log warnings #### 0.1.1 * Widget v0.4.0 * Challenge expiration #### 0.1.0 * First version ## Meta * Version **1.27.1** * Last updated **15 hours ago** * Active installations **Fewer than 10** * WordPress version ** 5.6 or higher ** * Tested up to **7.0** * PHP version ** 8.0 or higher ** * Tags * [anti-bot](https://wordpress.org/plugins/tags/anti-bot/)[anti-spam](https://wordpress.org/plugins/tags/anti-spam/) [captcha](https://wordpress.org/plugins/tags/captcha/)[GDPR](https://wordpress.org/plugins/tags/gdpr/) [spam](https://wordpress.org/plugins/tags/spam/) * [Advanced View](https://wordpress.org/plugins/openporte/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/openporte/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/openporte/reviews/) ## Contributors * [ huygens-25 ](https://profiles.wordpress.org/huygens-25/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/openporte/)