TrustCaptcha - Bot protection

Magento 2 CAPTCHA Plugin. Eliminate bots and spam.

TrustCaptcha effectively protects your Magento 2 stores from spam and bot attacks in minutes with the pre-built CAPTCHA-for-Magento 2 extension. TrustCaptcha prevents potential customers from leaving by entirely removing irritating image puzzles or tasks. TrustCaptcha protects you from data breaches, warnings and fines – rely on the European CAPTCHA alternative for the Magento 2 plugin with a clear focus on data protection and GDPR compliance.

Start Free Trial

Contact Sales

GDPR compliant

EU hosted

Why TrustCaptcha

TrustCaptcha saves you money and increases your conversion

Save money! Eliminate botsProtect your website from bot attacks and spam. Save yourself the resulting follow-up costs for higher server capacity, support staff, moderation teams and software developers. Learn how TrustCaptcha eliminate bots

Avoid fines! Be GDPR compliantDon't worry about the legal situation, bureaucracy and the threat of fines. Use TrustCaptcha-for-Magento 2 as a data protection-friendly and GDPR-compliant CAPTCHA alternative. More about the GDPR-compliance of TrustCaptcha

Don't lose customers! Increase conversionDon't make it difficult for your users to use your website with annoying image puzzles or tasks. Our CAPTCHA-for-Magento 2 ensures maximum conversion by making the website accessible to everyone with one click. Learn how TrustCaptcha makes your website accessible

Start Free Trial

Book a Demo

Integrate TrustCaptcha

Integrate TrustCaptcha in Magento 2 now! Simply follow these steps

Integrate TrustCaptcha with Magento 2 quickly and easily into your website, application or platform in just a few steps and effectively protect your online presence and services from bot abuse.

1 – Sign in or sign up
The first thing you need to do is sign in to your Trustcomponent account. If you do not yet have a Trustcomponent account, you can register with us quickly and easily in just a few steps. After that, go to your dashboard. Here you will see all existing CAPTCHAs and can create new CAPTCHAs.
2 – Choose existing CAPTCHA or create a new CAPTCHA
If you already have a CAPTCHA that you want to use, skip this step. If you don't have a CAPTCHA yet, create a new CAPTCHA now.Create a new CAPTCHADuring the creation process, select the “TrustCaptcha” product category and choose your preferred pricing plan. If you are not yet sure which pricing plan to choose, no problem! The plan can be extended at any time. Then decide whether you want to start with the 30-day trial version or go straight to a paid subscription. If you want to start directly with a paid CAPTCHA, all you have to do is add your billing details and optionally a payment method and you're ready to go.30-day trial periodIf you opt for the 30-day trial period, you can test CAPTCHA for 30 days risk-free. At the end of the 30-day trial period, CAPTCHA locks itself. During the 30-day trial period or up to 30 days after the end of the trial period, you can unsubscribe from CAPTCHA at any time for a fee or delete it with immediate effect. If you neither subscribe to the CAPTCHA for a fee nor delete it within 30 days of the end of the free trial period, it will be deleted automatically.Non-Commercial PlanIn addition to our standard plans, we also offer a permanently free “Non Commercial“ plan with 1 website and up to 500 free verifications for non-commercial websites and projects.
3 – Add your websites and check your credentials
On the dashboard of your CAPTCHA you will find all the important information, statistics and setting options. Here you will also find your site-key, the secret-key and, if available, the license-key. You will need these later on when integrating your CAPTCHA.Add your websitesYour CAPTCHA may only be accessed by websites that you explicitly authorise. To allow websites to access the CAPTCHA, enter all the websites on which you want to integrate the CAPTCHA in the settings.
4 – Install the Magento 2 CAPTCHA plugin
Install the Magento CAPTCHA extension via the Composer and Packagist. We are also planning to offer an installation option for the extension via the official plugin store in the near future. You can find more information about the extension installation in our documentation.TrustCaptcha functions as a native Magento CAPTCHA replacement. Magento can decide whether a CAPTCHA is required and request it if necessary. Alternatively, the CAPTCHA can always be displayed. Currently, the following actions and forms are supported, among others:
- Customer Login
- Create Account / Registration
- Forgot Password
- Contact Form
- Product Review Submission
- Email to a Friend
- Share Wishlist
- Orders & Returns
5 – Configure the Magento 2 CAPTCHA plugin
Login as an admin and go to Stores → Configuration → TrustComponent → TrustCaptcha. Set your site-key, secret-key and if necessary the license key. Finally, customize TrustCaptcha to suit your needs.
You can find more information about the extension installation in our documentation.
6 – Congratulations 🎉
You are now protected by TrustCaptcha - congratulations!

Frequently Asked Questions

Do you need more information about the Angular integration?

Frequently Asked Questions

What is a Magento 2 CAPTCHA?

A Magento 2 CAPTCHA is a security widget that asks visitors to complete an automated check—typically a lightweight proof-of-work task—to confirm they are human before a form is submitted. It blocks spam submissions, brute-force logins and other bot-driven abuse on Magento stores. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart, a term first coined in 2003. Modern solutions like TrustCaptcha run invisibly and start automatically, so users see no disruptive puzzles while the protection works in the background.

What is the best Magento 2 CAPTCHA?

The best Magento 2 CAPTCHA balances strong bot defense, privacy compliance and ease of customization—especially for stores targeting EU customers. TrustCaptcha delivers multi-layer security combining client-side proof-of-work, a real-time WordScore (bot score) and granular risk settings. Its EU hosting, instant Data-Processing Agreements and SLA make it GDPR-ready out of the box. Still, always evaluate options like TrustCaptcha, FriendlyCaptcha, CaptchaFox or self-hosted solutions such as Altcha against your threat model and performance goals before choosing.

How does a Magento 2 CAPTCHA work?

A CAPTCHA script is injected into the Magento 2 form, generates a token and asks the browser to complete a challenge; the server later validates that token before processing the request. TrustCaptcha kicks off this flow automatically, making the visitor perform a lightweight proof-of-work task that slows bots without bothering humans. At the same time it calculates a WordScore (bot probability) and passes it to your backend, where you set thresholds inside the plugin dashboard. All communication stays within EU data centers to comply with GDPR rules and avoid transatlantic data transfers.

Do I need a Magento 2 CAPTCHA?

You need a Magento 2 CAPTCHA if your store accepts logins, checkout or contact-form submissions that are attractive targets for spam and credential-stuffing bots. Security reports show brute-force logins remain among the most common attacks on e-commerce sites. A multi-layered system like TrustCaptcha blocks up to 99.9 percent of automated abuse before PHP ever runs, saving server resources. Even if you already use a firewall, adding a CAPTCHA provides an extra defense-in-depth layer for the forms your business relies on.

Is TrustCaptcha GDPR-compliant for Magento 2 sites?

Yes. TrustCaptcha is fully hosted in European data centers and stores only the minimal technical data required for verification, meeting GDPR storage-limitation principles. The service ships with ready-to-sign Data-Processing and Service-Level Agreements directly inside your account dashboard, so legal compliance takes minutes not weeks. Using the official Magento 2 plugin therefore keeps your site GDPR-compliant without additional paperwork, unlike many US-based alternatives. This peace of mind is particularly valuable for agencies managing multiple client stores across the EU.

How does TrustCaptcha’s multi-layered security protect my Magento 2 forms?

TrustCaptcha protects your forms with three coordinated layers: client-side proof-of-work that costs bots CPU time, a dynamic WordScore and custom cut-off thresholds you adjust per form. Bots must first solve the work token and are then filtered by the score; high-risk requests are silently rejected before reaching Magento. Because the score is calculated in real time, legitimate users pass instantly while bad traffic is blocked—maintaining user experience. This layered approach is significantly harder for automated tools to bypass than single-method CAPTCHAs.

Can I customise the appearance of TrustCaptcha in Magento 2?

The plugin lets you localise TrustCaptcha, choose light or dark themes, tweak colours and optionally hide the badge for a white-label look. You can link your own privacy-policy URL and decide whether the widget appears automatically or only after a risk check, giving granular control over the flow. These options help the CAPTCHA blend with your brand and preserve conversion rates across storefronts.

Will TrustCaptcha slow down my Magento 2 store’s performance?

TrustCaptcha loads asynchronously with a minimal footprint and is compatible with Core Web Vitals, so it will not slow down your Magento 2 store. Because the proof-of-work runs in the browser, server response times and cache hit ratios remain stable even under heavy bot traffic. If needed, you can lower the work factor or enable TrustCaptcha only on high-risk forms via the plugin settings for an extra speed boost.

More about TrustCaptcha