Overview
Casdoor can be configured to support different captchas to verify if the operation is performed by a human. By adding a captcha provider and applying it in the application, when users login, register, or forget their password and need to send a code, a captcha check dialog will appear to verify if the operation is performed by a human.
Currently, Casdoor supports multiple captcha providers. The following are the providers supported by Casdoor:
| Default | Cloudflare Turnstile | reCAPTCHA | hCaptcha | Alibaba Cloud Captcha | Geetest |
|---|---|---|---|---|---|
 |  |  |  |  |  |
| ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
We will show you how to apply a captcha and add it to Casdoor.
Add a captcha provider
- Navigate to your Casdoor index page.
- Click on
Providersin the top bar. - Click on
Add, then you will see a new provider in the top list. - Click on the new provider to modify it.
- Select
Captchain theCategory. - Choose the captcha provider you need in the
Type. - Fill in the most important information. Different captcha providers may require different information to be filled in.
Applying in the application
- Click on
Applicationin the top bar and choose one application to edit. - Click on the provider add button and select the provider you just added.
- Configure the provider rule to control when CAPTCHA verification appears:
- None: Disables CAPTCHA completely - no verification modal will appear
- Dynamic: Shows CAPTCHA after 5 failed login attempts
- Always: Requires CAPTCHA for every login attempt
- Internet-Only: Shows CAPTCHA only for public internet requests
We also provide a demo video to demonstrate the differences in rules, which we hope will be helpful to you.
To completely disable CAPTCHA verification, set the provider rule to None. This is different from SMS/Email providers where "None" means "apply to all scenarios". For CAPTCHA, "None" specifically means the verification is disabled.