Captcha - HashCash

- Joomla! 3
- Joomla! 4
- Joomla! 5
- Joomla! 6

Stop Spam Without Annoying Your Users

Frustrated visitors abandoning your forms because they can't read distorted CAPTCHA text? Tired of relying on Google's reCAPTCHA that tracks your users and raises privacy concerns? Captcha - HashCash is an invisible anti-spam solution that runs silently in the background - your users never see it, never interact with it, and never get frustrated. Your forms stay protected while your visitors enjoy a seamless experience.

Overview

Proven Protection for Modern Joomla Sites

"Superb - possibly the best Captcha available" - John Vesey, March 2025

"Easiest Solution for Blocking Spam/Bots" - Greg Smela, March 2025

"Smart, easy and efficient... Do exactly what it is supposed to do, and without annoying pictures to read or questions to answer" - Philippe, October 2025

Listed in the Joomla Extension Directory with 5-star reviews. Used by sites worldwide, mentioned on Grokipedia's CAPTCHA page, and recommended by VirtueMart and CMS Junkie.

See it in action on our contact form →

How It Works

When someone loads your form, their browser automatically solves a simple puzzle in the background while they're filling out the form. Real people never notice it happening - the calculation finishes before they click submit. But spam bots waste so much processing power trying to solve the puzzle that they give up or get blocked. No blurry images to decipher, no "select all the traffic lights" games, no Google tracking your visitors - just invisible protection that works.

What You Get

Invisible Protection - Your users see nothing. No interaction required, just smooth form submission.
Complete Privacy - No external services, no Google tracking, no cookies. Fully GDPR and EU e-Privacy compliant.
Works Everywhere - Protects all Joomla forms automatically: contact forms, user registration, comments, everything.
Zero Maintenance - Install once, forget about it. No updates required, no API keys to manage, no subscriptions.
Adjustable Security - Choose your protection level from basic (fast) to maximum (stops even advanced bots).
Background Processing - Page stays responsive. The security calculation runs in a separate thread so nothing slows down.
Bot Punishment Mode - Optional feature that traps detected bots in impossible calculations, wasting their resources instead of yours.

Frequently Asked Questions:

Is this hard to install?

Install like any Joomla plugin: download, upload through Extensions Manager, enable it in System > Plugins, and select it as your CAPTCHA method in Global Configuration. Most people finish in under 5 minutes.

Will this slow down my site?

No. The calculation happens in the user's browser while they fill out the form, using a background process that doesn't affect page responsiveness. Your server just verifies the answer—one quick check that takes milliseconds.

What if I'm not technical?

You don't need to be. The default settings work great for most sites. Just install and enable—it protects your forms immediately. Want to adjust the difficulty? Simple text field and radio button. That's it.

Is it really free? Forever?

Yes. No trials, no limits, no premium upgrades. Free to download, free to use, free forever. No registration required.

Will this work with my forms?

If it's a Joomla form, yes. Contact forms, registration, password resets, comments—it protects them all automatically once enabled. Third party forms? Maybe - if it uses the system-configured Captcha - then yes.

What about privacy laws?

HashCash is completely self-hosted. No data leaves your site, no external services, no tracking cookies. It's GDPR-compliant by design.

Download Captcha - HashCash

Captcha - HashCash 5.5.212661

Report a Bug Documentation

Technical Details

Technical Specifications

For developers and the technically curious

Algorithm Options

SHA-256 - Fast, basic protection (easily defeated by modern bots)
SHA-384 - Medium protection
SHA-512 - Strong protection
PBKDF2 - Enhanced GPU resistance through memory-hard sequential hashing
PBKDF2+64KB Memory Loop - Maximum protection forcing 8-18 second solve times on GPUs while keeping user delays under 3 seconds

Detailed algorithm comparison →

Advanced Features

Web Worker Implementation - Hashing operations run in dedicated background thread (technical details)
Delayed Calculation - Waits for user interaction before starting calculation, blocking bots that submit too quickly or wait too long
Configurable Difficulty - Levels 1-5 adjusting hash complexity
Optional Tor Blocking - Prevent anonymous network abuse via Console - Tor Nodes integration
Realtime DNSBL - Multiple blacklist options for IP reputation checking
Bot Punishment Mode - Present unsolvable calculations to detected bots

Technical Requirements

Secure Context Required - HTTPS on production (localhost acceptable for testing)
JavaScript Enabled - Uses Web Cryptography API and Subtle.Crypto
Modern Browser - Supports all current browsers with WebCrypto support
PHP 7.2+ - Compatible with standard shared hosting
Joomla 3.x, 4.x, 5.x, 6.x - Native support, no backward compatibility layer needed for J5/J6

Standards & Implementation

Based on HashCash proof-of-work concept originally proposed by Adam Back in 1997
Implements memory-hard functions to resist GPU parallelization attacks
Sequential PBKDF2 with 10,000+ iterations forces several seconds per solve on GPUs
PBKDF2+64KB mode adds memory bandwidth bottleneck pushing GPU solve times to 8-18 seconds

Security Notes

CVE-2006-3750 does NOT apply to this extension - that vulnerability was in a different, unrelated Joomla extension from 2006
Self-hosted solution eliminates third-party attack vectors
No cookies or external dependencies reduces privacy liability
Source available for security auditing

Integration Notes

If using System - Page Cache plugin, exclude form pages from cache by adding com_users and com_contact to the URL exclusion list in the Page Cache plugin's Advanced tab.

About HashCash

RicheyWeb did not invent HashCash - the concept was created by British cryptography expert Adam Back. We adapted this proven anti-spam technique into an accessible Joomla plugin. Learn more at hashcash.org or read the Wikipedia article.

Reviews

5 Reviews

Retrieved from JED monthly

Complete - Unfiltered

HashCash is a helpful solution

2016-07-13 - Ali

Functionality: helpful
Ease Of Use: just enabling and selecting is enough

Very Good Plugin

2019-08-26 - cyskye

Functionality: It really does the work and protects the contact form from spammers.
Ease Of Use: Very very easy: just download, install and enable the plugin. That's all.

Superb - possibly the best Captcha available

2025-03-15 - John Vesey

Functionality: Packed with features and J5 native (no b/c plugin needed). Completely invisible save for an optional “spinner” whiles calculations done.
Ease Of Use: Really easy; just set in global configuration and set desired option via the plugin. Simple yes/no switches for the various options.
Support: Not needed, but Michael is active on the Forums and via direct contact. Like everything he does, it just works!
Documentation: Not used yet but will use to integrate functionality into non-standard forms.

Easiest Solution for Blocking Spam/Bots

2025-03-20 - Greg Smela

Functionality: Great features including an optional spinner that lets people know it is working behind the scenes. Native for J5 so no b/c needed.
Ease Of Use: Extremely easy to set (and forget)! Instal the plugin and enable it. Optional switches can be set but generally not needed.
Support: Never needed support but the author is active on the forums and the documentation is comprehensive.
Documentation: See above. I've not needed docs for any of Michael's tools but know it is there if needed.

Smart, easy and efficient

2025-10-25 - Philippe

Functionality: Do exactly what it is supposed to do, and without annoying pictures to read or questions to answer for the user.
Ease Of Use: Very simple. You install it, eventually change the very few preset parameters and that its.
Support: Support is not needed as hash-cash is so easy to install and to use. work immediately.
Documentation: No need for extensive documentation. What is avaialalbe on developper site is more than enough.

Joomla Plugins