Introduction & Overview

The Spam Protection module secures your PrestaShop store against spam and bots. It protects your forms without annoying real customers.

Traditional spam protection tools often force users to click "I am not a robot" or identify objects in images. This module is different. Depending on your chosen provider, it uses Invisible Behavior Analysis or Proof of Work mechanisms to verify visitors in the background. If the visitor is a real person, they will not see any challenge.

Key Features

  • Frictionless Security: No puzzles, math problems, or checkboxes for your customers to solve manually.
  • Compliance Ready: Built-in support for privacy-first technologies that meet strict global data protection laws.
  • Multiple Providers: Choose the engine that fits your needs: Google reCAPTCHA (v3 & v2), hCaptcha, or the self-hosted ALTCHA.
  • Granular Control: Select exactly which forms to protect (e.g., enable on Registration but disable on Contact).
  • Advanced Blocking: Automatically block temporary (disposable) emails and blacklist specific IP addresses or patterns.

Global Compliance & Accessibility

In addition to standard security, this module offers a 100% self-hosted solution (ALTCHA) designed to meet the most rigorous international standards:

Data Protection

Our self-hosted protection is designed to comply with worldwide privacy regulations, including:

  • Europe: GDPR (General Data Protection Regulation)
  • United States: HIPAA and CCPA (California)
  • Canada: PIPEDA
  • Global: LGPD (Brazil), DPDPA (India), and PIPL (China)

Accessibility

We ensure that your security does not become a barrier for users with disabilities. The module supports accessibility standards such as:

  • WCAG: Web Content Accessibility Guidelines
  • EAA: European Accessibility Act

Supported Providers

You can choose between the following services to power the security of this module:

1. Google reCAPTCHA v3

The modern industry standard. It assigns a "risk score" to every visitor based on their behavior across the web.

  • Best choice for: Most standard stores looking for maximum convenience.
  • Key Benefit: Completely invisible experience with zero user interaction, ensuring the highest conversion rates.

2. Google reCAPTCHA v2 (Invisible)

The classic version adapted for invisible use. It works in the background but acts as a smart fallback: if a user looks suspicious, it will challenge them with an image puzzle.

  • Best choice for: Stores experiencing heavy bot attacks that bypass standard filters.
  • Key Benefit: Extremely reliable; the visual challenge provides an extra layer of security against hard-to-detect bots.

3. hCaptcha

A privacy-focused alternative to Google that also supports invisible verification.

  • Best choice for: Merchants who want behavioral analysis but prefer to avoid the Google ecosystem.
  • Key Benefit: Offers enterprise-grade bot protection while maintaining high privacy standards.

4. ALTCHA (Self-Hosted & GDPR Compliant)

A 100% privacy-first solution. It uses a Proof of Work mechanism (solving a complex math problem on the device) instead of tracking user behavior.

  • Best choice for: Strict GDPR compliance and privacy-conscious brands.
  • Key Benefit: Fully self-hosted (no external API keys), no cookies, and zero user tracking. It is the only option that keeps all visitor data strictly on your own server.

Supported Forms

  • Contact Us form
  • Account Registration & Login
  • Newsletter Subscription
  • Guest Checkout
  • Password Reset
  • Product availability email notifications (Back-in-stock alerts)
  • Product Reviews
  • Forms inside Creative Elements and Creative Popup
Note: This module is not compatible with custom contact forms created by other third-party modules.
© WebshopWorks - Professional PrestaShop Addons