Should You Really Put CAPTCHA on Your Online Forms?

Should You Really Put CAPTCHA on Your Online Forms?

Sead Fadilpasic
Sead Fadilpasic

CAPTCHA is one of those divisive elements for website owners. If you’re in the game for increasing conversions, it’s vital to minimize friction that might prevent visitors from filling out your forms. On the other hand, if you do have a problem with spam, it’s only prudent to use CAPTCHA to keep the bots out and add a layer of protection for sensitive data.

It’s a dilemma that’s been around for quite some time now and one that’s still relevant, despite technological advancements. That’s because bots and spammers constantly find new ways to navigate around the obstacles set in front of them. CAPTCHA was created out of the need to distinguish human from machine interaction, preventing spam and data extraction from websites. So what’s the issue here?

The Case for CAPTCHA

On a strictly technical side, CAPTCHA is easy to install and available for almost every environment. Its primary use is as an anti-spam tool, and in that regard, it’s fairly effective. It’s not a perfect system (I’ll get to that in a minute) but it delivers in a few areas:

  • Protecting website registration against useless information and bot accounts
  • Preventing comment spam in the form of advertisements and unsolicited messages
  • Demonstrating to customers that you take security precautions seriously when it comes to sensitive or personal information

CAPTCHA is fairly good at what it does: keeping spam out of the forms. This is particularly important when it comes to gaining insights into the actual acquisition metrics for the business. Bots usually can’t maneuver around the challenges set up by CAPTCHA, whether it’s typing distorted text, identifying audio and video, or recognizing a common object in a set of images. Thereby, it prevents bots from submitting forms automatically en masse.

The Case Against CAPTCHA

In setting up hurdles meant to deter spammers, sometimes actual users can fall victim as well. Given that some instances can be challenging and thus time-consuming at times, CAPTCHA can affect the usability of your website. In fact, research has shown that it decreases conversion rates by up to 3.2%, a significant amount of potential business that your company might be missing out on.

There’s also the issue of plain bad user experience. A study conducted by Baymard Institute revealed that it is inevitable that CAPTCHA will frustrate users because they are difficult to decipher (as they’re supposed to be). Around 8.66% of all users will mistype their first attempt, which increases to whopping 29.45% if the CAPTCHA is case sensitive. Asking your visitors to go through one extra step increases the risk of abandonment and may lower brand affinity. Given the example below, can you really blame people for hating it?

CAPTCHA is case sensitive

UX aside, another issue with CAPTCHA is that the subsequent rise in the machine and deep learning means it can now often be defeated. Resorting to it in order to fight the bot problem is no longer as effective as before, due to advancements in AI. There’s also the use of cheap labor that can manually solve this challenge. This makes it all the harder to spot spam but can also render CAPTCHA increasingly less effective over time.

Alternatives to Traditional CAPTCHA

Due to some traditional CAPTCHA techniques losing their effectiveness, it is necessary to take a look at alternative methods. Arguably, there are better ways to tell if someone is a human without affecting the user experience much.

One of those is the honeypot method, where you basically add fields as additional pieces of code that are hidden from the human eye but visible to bots. If these fields are filled in, it’s safe to assume it was done by a machine. This is a popular method whose primary appeal is its unassuming nature, which does not affect customer experience.

You can also use an anti-spam plugin that blocks comment spam on the forms, such as Akismet. It has its own testing system for monitoring comments, trackbacks, and pingbacks on your website, and also learns about new forms of spam.

Another option is to use a non-traditional CAPTCHA, such as bot-unfriendly questions, which has proven to be more effective than earlier iterations. The idea here is to include a question that a human can easily answer, unlike a bot who doesn’t know how to fill it in. Mathematical questions such as “What is 12-7?” are one of the more frequent examples that have had success.

non-traditional CAPTCHA

It’s important to note that these solutions are not 100% spam-proof, nor do they recognize every type of spam. Spam is a huge and fairly lucrative business, so the people behind it are always on the lookout for new and creative ways to beat the system. Hence, using multiple methods is recommended, provided that the combination doesn’t deter customers.

Verdict: Put the User’s Experience First

CAPTCHA is good at what it does

If you’re a website owner, you are likely torn between providing the ease of access to potential leads and protecting yourself from false ones. To some degree, CAPTCHA is good at what it does. However, even if you use some of the best online form builders, placing a CAPTCHA on your lead generation forms will likely hurt your business more than spam ever will.

Regardless of how you implement it, CAPTCHA leads to some amount of lost sales, however small they may be. From the usability perspective, it’s a no-go as it often adds more to the problem than it does toward solving it. That said, there may be some good alternatives that can be implemented in a way that doesn’t disrupt the buyer’s journey, and increases the experience of all parties involved.

Lead generation aside, you can still leverage CAPTCHA if the online forms on your website are part of a larger ecosystem. For instance, your blog may cater to a focused audience that incites discussion, so CAPTCHA would be a helpful instrument in order to maintain only legitimate comments.

The point is, there is no perfect anti-spam solution, at least not yet. As for CAPTCHA, there is a place for it but its benefit is visibly shrinking as hackers try to find ways (and often succeed) to bypass it. If you feel like you absolutely must use it, use A/B split testing where possible to compare the conversion rate of the page with and without CAPTCHA. The results will point you in the right direction.



Having a CAPTCHA is Killing Your Conversion Rate:

CAPTCHAs Have an 8% Failure Rate, and 29% if Case Sensitive:






38 claps
Clap for the post if you found it useful!

Any comments?

0 out of minimum 100 characters
Required Field Maximal length of comment is equal 80000 chars Minimal length of comment is equal 100 chars

Get just one email a month and take your skills to the next level.

Sign up Now!

We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.

Share this blog post with friends and co-workers right now:

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

© 2019 All Rights Reserved.