Captcha
Mitigating automated signup bots
As of Mastodon 4.2, using CAPTCHA technology is supported to help mitigate against bots signing up for new accounts. With CAPTCHA enabled, new registrations will be required to complete a challenge response as part of the e-mail verification process.
For some people, the use of a central CAPTCHA service may be a security and privacy concern.
In addition, CAPTCHA can make the registration process significantly less accessible, particularly for individuals with visual impairments, such as those who are blind or have low vision.
Currently, hCaptcha is the only available provider supported by Mastodon. Other providers may be added in the future.
hCaptcha
- Create a free hCaptcha account at hcaptcha.com
- After completing registration, use the hCaptcha dashboard to add a new site with your Mastodon server domain and obtain a Site Key
- From the Account Settings menu in hCaptcha, obtain your Secret Key
- Add the values to your Mastodon environment configuration as
HCAPTCHA_SITE_KEYandHCAPTCHA_SECRET_KEY - Restart the Mastodon services running on your server
- From the Mastodon web interface navigate to Administration > Server settings > Registrations and check the box labled “Require new users to solve a CAPTCHA to confirm their account”
Last updated · Improve this page