HumanProof questions, answered.

HumanProof is a managed CAPTCHA control plane around proof-of-work challenges. It provides hosted widget assets, project keys, backend verification, usage limits, billing state, and organization controls.

HumanProof focuses on proof-of-work and operational control instead of puzzle-first flows. It keeps project setup, billing state, risk evidence, and audit history close to the forms your team already manages.

Friendly Captcha also uses a proof-of-work style approach. HumanProof adds brand control, project management, Stripe-aware plans, risk evidence, and recovery tools for support teams.

Free includes one project, 1,000 protected attempts per month, the branded default visible widget, no usage metrics, and community support.

Starter and higher plans can use unbranded widgets. Starter includes default and compact variants; Growth, Business, and Agency add invisible CAPTCHA.

A protected attempt is counted when a challenge is solved, a solve fails, or risk enforcement blocks the browser challenge flow. The following backend verification call does not double-count that same browser solve.

No. Free intentionally stays simple: branded default widget only. Compact starts on Starter, while invisible starts on Growth.

The hosted widget defaults to a 10 minute expiry. After expiry it clears the token and can solve again based on the configured trigger.

Growth, Business, and Agency include risk signals and protection presets. Projects can stay in observe mode, or enforce risk blocking when the score reaches the selected preset threshold.

No. HumanProof proxies public challenge traffic through project sitekeys and keeps the internal challenge engine/admin API isolated.

Only on your server. Browser code uses the public sitekey endpoint; your backend posts humanproof-token plus the secret to siteverify.

Yes. The docs include plain PHP and WordPress examples. The main requirement is reading humanproof-token from the submitted form and verifying it server-side.