HumanProof questions, answered.

HumanProof is a managed CAPTCHA control plane around proof-of-work challenges. It provides hosted widget assets, project keys, backend verification, usage limits, billing state, and organization controls.

HumanProof focuses on proof-of-work and operational control instead of puzzle-first flows. It keeps project, billing, risk, and audit state in your own product workflow.

Friendly Captcha also uses a proof-of-work style approach. HumanProof adds a custom branded/unbranded widget layer, project management, Stripe-aware plans, risk telemetry, and support-ready recovery workflows.

Free includes one project, 100 protected attempts per month, the branded default visible widget, no usage metrics, and community support.

Starter and higher plans can use unbranded widgets. Starter includes default and compact variants; Growth and Business add invisible CAPTCHA.

A protected attempt is counted when a challenge is solved or blocked by the challenge flow. The following backend verification call does not double-count that same browser solve.

No. Free intentionally stays simple: branded default widget only. Compact starts on Starter, while invisible starts on Growth.

The hosted widget defaults to a 10 minute expiry. After expiry it clears the token and can solve again based on the configured trigger.

Growth and Business include risk signals and protection presets. Projects can stay in observe mode, or enforce risk blocking when the score reaches the selected preset threshold.

No. HumanProof proxies public challenge traffic through project sitekeys and keeps the internal challenge engine/admin API isolated.

Only on your server. Browser code uses the public sitekey endpoint; your backend posts humanproof-token plus the secret to siteverify.

Yes. The docs include plain PHP and WordPress examples. The main requirement is reading humanproof-token from the submitted form and verifying it server-side.