Add-on Settings

Security Levels

Snaptcha offers three levels of security:

  • High - requires javascript (blocking most spam bots) and only allows a form to be submitted once (preventing multiple unwanted form submissions)

  • Medium — requires javascript (blocking most spam bots) and allows multiple form submissions

  • Low — does not require javascript (relies on spam bots filling in all input fields)

We recommend using the high security level where possible and modifying the error message to suit your chosen security level and users. Please note that if using the high security level you should not use template caching on templates that will use Snaptcha.

Field Name Prefix

The prefix for the hidden snaptcha field (should be a unique value, a random suffix will be used)

Member Registration and Login Validation

Whether to enable validation of member registration and login forms (see below for details)

Rejected Form Submission Logging

Whether to enable logging of rejected form submissions (see below for details)

Error Message

The message to display if the user is believed to be a spam bot


If you set Rejected Form Submission Logging to ​“Enabled” then any rejected submissions will be logged to the log.txt file in the Snaptcha folder. The file must be writable so ensure that the permissions are set to at least 666.

Testing Snaptcha

If you want to test or see how Snaptcha works on your site then navigate to one of your forms, open your browser’s inspector or use Firebug and delete the input field that Snaptcha inserted. It will usually be towards the bottom of your form’s markup and will have an id that begins with the prefix in your extension settings (“snap” by default). After deleting the input field, submit the form and the error message from your extension settings should appear.

Comparison with Honeypot

The Honeypot captcha method is similar to Snaptcha’s low security level. It simply adds a hidden input field to the form and ​“hopes” that spam bots will enter a value into it, thereby giving them away as bots. Snaptcha’s medium and high security levels are far more secure than Honeypot, requiring javascript and the latter only allowing single form submissions. This means that the vast majority of spam bots will be blocked.

Using Snaptcha

Snaptcha will automatically add a hidden field to your forms and will validate it on submission. If it determines that a spam bot is attempting to submit the form then it will prevent the form from being submitted and will output the error message.

The following forms are supported:

  • Comment form

  • Safecracker form

  • Channel form (since EE 2.7)

  • Forum submission form

  • Freeform and Freeform Next

  • FormGrab

  • Zoo Visitor registration form

  • ProForm

  • DevDemon Forms

  • Member login form

  • Member registration form [1]

  • User Module registration form [2]

  • FreeMember registration form [2]

  • Threaded Comments form

  • Google Custom Search form

  • Email Form add-on

  • Solspace Rating form

  • IntoEEtive Stand-Alone Member Register form [2]

  • Email Module [3]

[1] If you set Member Registration and Login Validation to ​“Enabled” and you are using EE’s native Member Profile Templates then you must manually append the html code provided to the registration form as the member module does not have a hook that would allow Snaptcha to do this automatically. This method will only work with the medium and low security levels. By default this is found by going to Design > Themes > Member Profile Templates > Default > Registration Form.

[2] If you set Member Registration Validation to ​“Enabled” and you are using regular templates to generate your registration or logout forms then you must manually append a template tag to the form. Add the template tag {exp:snaptcha:field} to the bottom of the form when using the User Module, FreeMember or IntoEEtive’s Stand-Alone Member Register.

[3] The native Email Module does not have the necessary extension hooks for Snaptcha to support it, however Snaptcha 1.7.1 introduced the methods for making it work. To add support for the Email Module forms you will need to manually add the following blocks of code to in the module’s folder:

private function _setup_form($tagdata, $recipients,...)

/* -------------------------------------
/*  Add this code block to the very beginning of the _setup_form method
/*  'email_module_form_end' hook
	if (ee()->extensions->active_hook('email_module_form_end') === TRUE)
		$tagdata = ee()->extensions->call('email_module_form_end', $tagdata);
		if (ee()->extensions->end_script === TRUE) return;
/* -------------------------------------*/;

/* -------------------------------------
/*  Add this code block before loading the email library in the send_email method
/*  'email_module_send_email_start' hook
	if (ee()->extensions->active_hook('email_module_send_email_start') === TRUE)
		if (ee()->extensions->end_script === TRUE) return;
/* -------------------------------------*/

// Send email

Last updated