CAPTCHA gate
Challenges guest visitors with a CAPTCHA before they can start a download. Logged-in members always pass.
Modes
| Setting | Values | Default | What it does |
|---|---|---|---|
| CAPTCHA challenge for guests | Disabled, Always, On rate limit | Disabled | When the challenge fires. |
| Mode | Behavior |
|---|---|
| Disabled | The gate passes for everyone. |
| Always | Every guest hits a CAPTCHA on every fresh download (subject to the pass window). |
| On rate limit | The CAPTCHA only fires when the guest is approaching their rate limit bucket. Light traffic stays unchallenged. |
Pass window
| Setting | Default | What it does |
|---|---|---|
| CAPTCHA pass duration | 30 minutes | How long a successful CAPTCHA result is remembered for the same guest session. 0 re-challenges on every download. |
One successful CAPTCHA covers every download from the same guest within the window.
CAPTCHA provider
The gate uses whatever CAPTCHA provider you have configured under AdminCP > Setup > Options > User registration > CAPTCHA. Whatever works for new-user registration (reCAPTCHA, hCaptcha, Cloudflare Turnstile, the built-in image challenge) works here too.
Logged-in users
Members never see the CAPTCHA. It is a guest-only protection.
When to use "On rate limit"
Recommended for public sites: low-volume downloads stay frictionless, scrapers and bots hit a wall when their rate climbs. Pair it with sensible guest rate limits.