documentation/content/en/admin/optional/captcha.md

---
title: Captcha
description: Mitigating automated signup bots
menu:
  docs:
    weight: 30
    parent: admin-optional
---

As of Mastodon 4.2, using CAPTCHA technology is supported to help mitigate against bots signing up for new accounts.
With CAPTCHA enabled, new registrations will be required to complete a challenge response as part of the e-mail verification process.

![](/assets/captcha/user-view.png)

{{< hint style="danger" >}}
For some people, the use of a central CAPTCHA service may be a security and privacy concern.
In addition, CAPTCHA can make the registration process significantly less accessible to some people.
{{</ hint >}}

Currently, hCaptcha is the only available provider supported by Mastodon.
Other providers may be added in the future.

## hCaptcha

- Create a free hCaptcha account at [hcaptcha.com](https://www.hcaptcha.com)
- After completing registration, use the hCaptcha dashboard to add a new site with your Mastodon server domain and obtain a Site Key
- From the Account Settings menu in hCaptcha, obtain your Secret Key
- Add the values to your Mastodon environment configuration as `HCAPTCHA_SITE_KEY` and `HCAPTCHA_SECRET_KEY`
- Restart the Mastodon services running on your server
- From the Mastodon web interface navigate to **Administration**  > **Server settings** > **Registrations** and check the box labled "Require new users to solve a CAPTCHA to confirm their account"

![](/assets/captcha/admin-view.png)
Add Captcha configuration page (#1406) * Add captcha page * And warning to privacy block 2024-02-19 18:31:07 +01:00			`---`
			`title: Captcha`
			`description: Mitigating automated signup bots`
			`menu:`
			`docs:`
			`weight: 30`
			`parent: admin-optional`
			`---`

			`As of Mastodon 4.2, using CAPTCHA technology is supported to help mitigate against bots signing up for new accounts.`
			`With CAPTCHA enabled, new registrations will be required to complete a challenge response as part of the e-mail verification process.`

			`![](/assets/captcha/user-view.png)`

			`{{< hint style="danger" >}}`
			`For some people, the use of a central CAPTCHA service may be a security and privacy concern.`
			`In addition, CAPTCHA can make the registration process significantly less accessible to some people.`
			`{{</ hint >}}`

			`Currently, hCaptcha is the only available provider supported by Mastodon.`
			`Other providers may be added in the future.`

			`## hCaptcha`

			`- Create a free hCaptcha account at [hcaptcha.com](https://www.hcaptcha.com)`
tweak 2024-02-19 21:43:50 +01:00			`- After completing registration, use the hCaptcha dashboard to add a new site with your Mastodon server domain and obtain a Site Key`
Improve hCaptcha site key and secret key description Had some feedback that the directions to obtain the site key and secret key were not as clear as they could be, this breaks them into two items with a direction of where to find the secret key. 2024-02-19 21:30:16 +01:00			`- From the Account Settings menu in hCaptcha, obtain your Secret Key`
Add Captcha configuration page (#1406) * Add captcha page * And warning to privacy block 2024-02-19 18:31:07 +01:00			- Add the values to your Mastodon environment configuration as `HCAPTCHA_SITE_KEY` and `HCAPTCHA_SECRET_KEY`
			`- Restart the Mastodon services running on your server`
			`- From the Mastodon web interface navigate to Administration > Server settings > Registrations and check the box labled "Require new users to solve a CAPTCHA to confirm their account"`

Improve hCaptcha site key and secret key description Had some feedback that the directions to obtain the site key and secret key were not as clear as they could be, this breaks them into two items with a direction of where to find the secret key. 2024-02-19 21:30:16 +01:00			`![](/assets/captcha/admin-view.png)`