Title: CAPTCHA for PHPBB3 login page ? Last modified: January 14, 2026 --- # CAPTCHA for PHPBB3 login page ? * Resolved [exxos21](https://wordpress.org/support/users/exxos21/) * (@exxos21) * [3 months, 2 weeks ago](https://wordpress.org/support/topic/captcha-for-login-page/) * We are seeing (as others are) “chat bots” bypassing every current check. The only possible solution is to have a CAPTCHA on the login page, either some invisible to check and fallback to the “im not a bot” type thing. Quick logging is good for users, but detecting bots has become near impossible now. - This topic was modified 3 months, 2 weeks ago by [exxos21](https://wordpress.org/support/users/exxos21/). Reason: missing info Viewing 7 replies - 1 through 7 (of 7 total) * [vadimcleantalk](https://wordpress.org/support/users/usr1/) * (@usr1) * [3 months, 2 weeks ago](https://wordpress.org/support/topic/captcha-for-login-page/#post-18785566) * Hello [@exxos21](https://wordpress.org/support/users/exxos21/) * Thank you for your enquiry! Could you please send us 1–3 IDs of requests from your Anti-Spam log that bypassed protection? * Once we have a few examples, we’ll check how this specific form is being processed and then suggest the best solution or outline the next steps. * Your Anti-Spam log: [https://cleantalk.org/my/show_requests](https://cleantalk.org/my/show_requests) * Thread Starter [exxos21](https://wordpress.org/support/users/exxos21/) * (@exxos21) * [3 months, 2 weeks ago](https://wordpress.org/support/topic/captcha-for-login-page/#post-18786165) * I tried to find one ID but it doesn’t seem to be listed in the log anywhere. and the “user” posted today. The user registered 3 years ago so not recent… * From what I can tell, this user/bot is directly accessing the php scripts on the forum. So I suspect browser manipulation via scripts. * The posts look genuine, and they were only even found out because of a vision forum user it will also notice the same activity on 20 other different forums.. It is definitely some kind of auto responder bot of some sort. We have never seen anything like this before. * Is why I thought having captcha from something like cloudflare built into the forum login page would be a first defence to stop such automation tools logging in the first place. * I do use a cloudflare Turnstile to protect a basic HTML page, but no idea how to implement that into the forum. It may need a custom extension as nothing seems to exist. * Plugin Support [eugenecleantalk](https://wordpress.org/support/users/eugenecleantalk/) * (@eugenecleantalk) * [3 months, 2 weeks ago](https://wordpress.org/support/topic/captcha-for-login-page/#post-18786432) * Thank you for your reply. * Please clarify, are you using our plugin? If so, please tell us the name of your site or its Service #? You can find the Service # here: [your CleanTalk dashboard](https://cleantalk.org/my/?cp_mode=antispam) → the “Settings” button under your site name. * Also, please clarify whether the main problem is that some bots first go through the registration process on the forum and then post spam comments. * Thread Starter [exxos21](https://wordpress.org/support/users/exxos21/) * (@exxos21) * [3 months, 2 weeks ago](https://wordpress.org/support/topic/captcha-for-login-page/#post-18786887) * Hello, * Its exxosforum.co.uk . * Website Anti-Spam protection Created Aug, 12 2024. Phpbb31 5.80. * The user probably registered before I started using cleantalk.. But registering is already pretty complicated. * Theres nothing to stop a user registering, posting a several posts over months to “gain a reputation” as a valid users.. Then the AI bots take over.. * For example.. Just read this thread.. * [https://www.exxosforum.co.uk/forum/viewtopic.php?f=114&t=7320](https://www.exxosforum.co.uk/forum/viewtopic.php?f=114&t=7320) * We were pushed to decide if the kickstarter was even a scam or not at this point.. It looks genuine.. But if genuine users are registering on signup protection isn’t going to help all that much.. Automation takes over later, which is clearly evident in that thread and also across 20 other forums which have been reported to me as well. * This also creates a sideline problem, where actual users can register on multiple forums, gain a reputation over weeks months or years. Do many many posts.. Go unnoticed.. (Which is basically what has happened at this point already with 40+ posts over 3 years) and as a lot of forums allow editing unlimited time, bots could easily go back and edit all the posts with any sort of political or other scams. * Is why I think the only possible way to prevent bots logging in automatically, is to have CAPTCHA on the forum login page where bots simply can’t get past ( or at least struggle to) . But this even may not be enough because actual users could still login manually and then have scripts to spam or edit posts on mas after they have logged in anyway.. * Of course I would assume the clean talk extension would probably pick up on a lot of actual spam in the first place.. But for the specific problem I am stating, it is very difficult to do protection for it because such a unique problem. * In my brief research, it does look like that kickstarter is genuine but it could easily be not.. And that brings now the risk of next level scams across the Internet, in particular with AI in the mix which is now clearly evident. - This reply was modified 3 months, 2 weeks ago by [exxos21](https://wordpress.org/support/users/exxos21/). Reason: typo * Plugin Support [eugenecleantalk](https://wordpress.org/support/users/eugenecleantalk/) * (@eugenecleantalk) * [3 months, 2 weeks ago](https://wordpress.org/support/topic/captcha-for-login-page/#post-18787033) * Thank you, exxos21. * Every comment, regardless of when the user registered, must be checked by our service. But judging by your Anti-Spam log on our website, this is not happening. * We need additional details about your website. Please contact us via our private Ticket System and add there a link to this topic: [https://cleantalk.org/my/support/open](https://cleantalk.org/my/support/open). * Thread Starter [exxos21](https://wordpress.org/support/users/exxos21/) * (@exxos21) * [3 months, 2 weeks ago](https://wordpress.org/support/topic/captcha-for-login-page/#post-18787116) * According to the settings it only checks newly registered users.. not long term registered users. * I think I did do a patch to the extension a while ago to monitor every post but I think I decided against it in the end because it was just slowing down posting on the forum which became annoying to the users. * My memory is a little fuzzy on it all, but in the end I think just monitoring new users was the solution. As if they got past moderation and cleantalk, then we assumed they are genuine users.. but that’s not the case anymore.. * I can understand that having each post monitored would be more secure but again it’s the lag which can just end up irritating users. * I’m not really sure how such posts would be detected anyway because they are using AI to emulate users. Some bots have even copied and pasted genuine posts into new threads to get around the first point moderation. * The only thing I see is that they tend to format the posts a lot more than genuine users do and use bold text more often genuine people rarely do that. But of course I cannot just ban people for using bold text ! lol * I think there might have been a lot of falsely rejected posts, I mean I get them occasionally on new users already and I do report them as not spam. But it’s not really something I have time to actively maintain. So we basically have to assume after the first three posts are manually approved by moderators that they are genuine users in order not to end up with a slower forum experience and more false positives. * it’s a “catch-22” type problem, damned if do and damned if don’t.. * Is why I thought that having captcha on the login page would be possible.. at least if theres no detectable human interaction then we could assume it is a bot logging in. * The possible problem is passwords which are saved in browsers could trigger such a detection but generally it is why the “I’m not a bot” tick box comes ups which is quick and simple for users to complete. * Plugin Support [eugenecleantalk](https://wordpress.org/support/users/eugenecleantalk/) * (@eugenecleantalk) * [3 months, 2 weeks ago](https://wordpress.org/support/topic/captcha-for-login-page/#post-18787294) * Thank you. * You can try installing a captcha, but our plugin does not have one. You need a different solution. * Since we are talking about a plugin for phpBB, I am closing this topic. This forum is only for WordPress plugins. Let’s continue our conversation in our ticket system (link in my previous reply). We will think about what can be done for now. Viewing 7 replies - 1 through 7 (of 7 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fcaptcha-for-login-page%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/cleantalk-spam-protect/assets/icon-256x256.png?rev=1637702) * [Anti Spam for Contact Forms, Comments & Online Stores - CleanTalk](https://wordpress.org/plugins/cleantalk-spam-protect/) * [Frequently Asked Questions](https://wordpress.org/plugins/cleantalk-spam-protect/#faq) * [Support Threads](https://wordpress.org/support/plugin/cleantalk-spam-protect/) * [Active Topics](https://wordpress.org/support/plugin/cleantalk-spam-protect/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/cleantalk-spam-protect/unresolved/) * [Reviews](https://wordpress.org/support/plugin/cleantalk-spam-protect/reviews/) ## Tags * [login](https://wordpress.org/support/topic-tag/login/) * 8 replies * 3 participants * Last reply from: [eugenecleantalk](https://wordpress.org/support/users/eugenecleantalk/) * Last activity: [3 months, 2 weeks ago](https://wordpress.org/support/topic/captcha-for-login-page/#post-18787294) * Status: resolved