दस्तावेज़ीकरण

🚀 Quick Start

Add bot protection to any website in under 2 minutes with just 2 lines of code.

Step 1 — Add the script

<script src="https://captcha.btebresult.tech/embed.js"
        data-sitekey="YOUR_SITE_KEY"></script>

Step 2 — Verify server-side

<?php
$token = $_POST['shield_token'] ?? '';
$res   = file_get_contents('https://captcha.btebresult.tech/api/validate.php', false,
  stream_context_create(['http'=>['method'=>'POST',
    'header'=>"Content-Type: application/json\r\nX-API-Key: YOUR_KEY\r\n",
    'content'=>json_encode(['token'=>$token])
  ]])
);
if (!json_decode($res,true)['valid']) die('Bot!');
// ✅ Real human

💡 Done! Real users auto-pass silently. Bots always get a CAPTCHA.

⚙️ How It Works

Invisible Scoring (0–100)

🖱️

Mouse movement

Bots don't move naturally

+15

⏱️

Page timing

Bots submit under 100ms

-25 if fast

📜

Scroll behavior

Bots rarely scroll

+8

🕵️

Honeypot field

Only bots fill hidden fields

score=0

🌐

User-Agent

Detects curl/headless/scrapers

-30

📊

Visit history

Returning verified users score higher

+12

⚡

Request rate

Too many requests = bot

-20

🔧

JS check

embed.js running = JS enabled

+10

🤖 0–50 Bot

⚠️ Suspicious

✅ Auto-pass

🌐 HTML / PHP

Works on any PHP site — WordPress themes, custom sites, contact forms, etc.

Add script to your HTML <head>

Open your HTML file or PHP template (e.g. header.php) and paste before </head>

<!-- Paste in <head> section -->
<script src="https://captcha.btebresult.tech/embed.js"
        data-sitekey="YOUR_SITE_KEY"></script>

Validate in your form handler (PHP)

In the PHP file that receives your form POST request:

<?php
// form-handler.php

function shieldcaptcha_verify(string $token): bool {
    $res = @file_get_contents(
        'https://captcha.btebresult.tech/api/validate.php',
        false,
        stream_context_create(['http' => [
            'method'  => 'POST',
            'timeout' => 5,
            'header'  => "Content-Type: application/json\r\n"
                       . "X-API-Key: YOUR_SITE_KEY\r\n",
            'content' => json_encode(['token' => $token])
        ]])
    );
    if (!$res) return true; // fail open — network error
    return json_decode($res, true)['valid'] ?? false;
}

// In your form handler:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $token = $_POST['shield_token'] ?? '';

    if (!shieldcaptcha_verify($token)) {
        http_response_code(403);
        die('Security check failed. Please refresh and try again.');
    }

    // ✅ Real human — process form
    $name  = htmlspecialchars($_POST['name'] ?? '');
    $email = htmlspecialchars($_POST['email'] ?? '');
    // ... your code here
}

🟦 WordPress

There are two ways to integrate ShieldCaptcha with WordPress. Choose the one that fits your setup.

Method A — functions.php (Recommended)

Go to Appearance → Theme Editor → functions.php (or use a child theme). Add this at the bottom:

// ── ShieldCaptcha for WordPress ──────────────────────
define('SC_SITE_KEY', 'YOUR_SITE_KEY');
define('SC_API_URL',  'https://captcha.btebresult.tech/api/validate.php');
define('SC_EMBED_URL','https://captcha.btebresult.tech/embed.js');

// 1. Add embed.js to all pages
add_action('wp_head', function() {
    echo '' . "\n";
});

// 2. Verify function
function sc_verify(string $token): bool {
    if (empty($token)) return false;
    $res = wp_remote_post(SC_API_URL, [
        'headers' => [
            'Content-Type' => 'application/json',
            'X-API-Key'    => SC_SITE_KEY,
        ],
        'body'    => json_encode(['token' => $token]),
        'timeout' => 5,
    ]);
    if (is_wp_error($res)) return true; // fail open
    return json_decode(wp_remote_retrieve_body($res), true)['valid'] ?? false;
}

// 3. Protect Contact Form 7
add_filter('wpcf7_validate', function($result, $tags) {
    $token = sanitize_text_field($_POST['shield_token'] ?? '');
    if (!sc_verify($token)) {
        $result->invalidate('', 'Security check failed. Please refresh the page.');
    }
    return $result;
}, 10, 2);

// 4. Protect WooCommerce checkout
add_action('woocommerce_checkout_process', function() {
    $token = sanitize_text_field($_POST['shield_token'] ?? '');
    if (!sc_verify($token)) {
        wc_add_notice('Security check failed. Please refresh.', 'error');
    }
});

// 5. Protect WordPress comments
add_filter('preprocess_comment', function($data) {
    $token = sanitize_text_field($_POST['shield_token'] ?? '');
    if (!sc_verify($token)) {
        wp_die('Security check failed.', 'Error', ['back_link' => true]);
    }
    return $data;
});

// 6. Protect WP Login form
add_action('login_head', function() {
    echo '';
});
add_filter('authenticate', function($user, $username, $password) {
    if (!empty($_POST['shield_token'])) {
        if (!sc_verify($_POST['shield_token'])) {
            return new WP_Error('sc_failed', 'Security check failed.');
        }
    }
    return $user;
}, 30, 3);

Method B — Header & Footer Scripts Plugin

Install "Header and Footer Scripts" plugin

WordPress Admin → Plugins → Add New → search "Header Footer Scripts" → Install & Activate

Settings → Header and Footer Scripts

Paste in the Header section:

<script src="https://captcha.btebresult.tech/embed.js"
        data-sitekey="YOUR_SITE_KEY"></script>

Server validation

Add the sc_verify() function and hooks from Method A to your functions.php

💡 Which plugin? For Contact Form 7 and WooCommerce, Method A handles everything automatically. For Elementor forms, use the JS event listener approach (see React section).

⚛️ React / Next.js

Use the JS event listener approach for React SPAs and Next.js apps.

Install the script (Next.js — _app.js or layout.tsx)

// app/layout.tsx (Next.js 13+ App Router)
import Script from 'next/script'

export default function RootLayout({ children }) {
  return (
    <html>
      <body>
        {children}
        <Script
          src="https://captcha.btebresult.tech/embed.js"
          data-sitekey="YOUR_SITE_KEY"
          strategy="afterInteractive"
        />
      </body>
    </html>
  )
}

useShieldCaptcha Hook

// hooks/useShieldCaptcha.ts
import { useEffect, useState } from 'react'

export function useShieldCaptcha() {
  const [token, setToken] = useState<string | null>(null)
  const [verified, setVerified] = useState(false)

  useEffect(() => {
    const handler = (e: any) => {
      setToken(e.detail.token)
      setVerified(true)
    }
    window.addEventListener('shield:pass', handler)
    // Check if already verified
    if ((window as any).shieldToken) {
      setToken((window as any).shieldToken)
      setVerified(true)
    }
    return () => window.removeEventListener('shield:pass', handler)
  }, [])

  return { token, verified }
}

// ── Usage in a form component ────────────────────────
// ContactForm.tsx
export default function ContactForm() {
  const { token, verified } = useShieldCaptcha()

  const handleSubmit = async (e: React.FormEvent) => {
    e.preventDefault()
    if (!token) return alert('Security check not complete yet.')

    const res = await fetch('/api/contact', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ name, email, message, shield_token: token })
    })
    const data = await res.json()
    console.log(data)
  }

  return (
    <form onSubmit={handleSubmit}>
      <input name="name" placeholder="Name" />
      <input name="email" type="email" placeholder="Email" />
      <button type="submit" disabled={!verified}>
        {verified ? 'Send Message' : 'Security check...'}
      </button>
    </form>
  )
}

// ── Server-side validation (Next.js API route) ───────
// app/api/contact/route.ts
export async function POST(req: Request) {
  const body = await req.json()
  const token = body.shield_token || ''

  const res = await fetch('https://captcha.btebresult.tech/api/validate.php', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json', 'X-API-Key': process.env.SC_SITE_KEY! },
    body: JSON.stringify({ token })
  })
  const check = await res.json()
  if (!check.valid) return Response.json({ error: 'Bot detected' }, { status: 403 })

  // ✅ process contact form...
  return Response.json({ success: true })
}

💚 Vue.js / Nuxt

// composables/useShieldCaptcha.js
import { ref, onMounted, onUnmounted } from 'vue'

export function useShieldCaptcha() {
  const token    = ref(null)
  const verified = ref(false)

  function onPass(e) {
    token.value    = e.detail.token
    verified.value = true
  }

  onMounted(() => {
    window.addEventListener('shield:pass', onPass)
    if (window.shieldToken) {
      token.value = window.shieldToken
      verified.value = true
    }
  })
  onUnmounted(() => window.removeEventListener('shield:pass', onPass))

  return { token, verified }
}

// ── In your component ─────────────────────────────────
// ContactForm.vue
<script setup>
import { useShieldCaptcha } from '@/composables/useShieldCaptcha'
const { token, verified } = useShieldCaptcha()

async function submit() {
  if (!token.value) return
  await $fetch('/api/contact', {
    method: 'POST',
    body: { ...formData, shield_token: token.value }
  })
}
</script>

// ── Nuxt — add to nuxt.config.ts ────────────────────
export default defineNuxtConfig({
  app: {
    head: {
      script: [{ src: 'https://captcha.btebresult.tech/embed.js', 'data-sitekey': 'YOUR_KEY' }]
    }
  }
})

🔴 Laravel

// 1. Add to .env
SC_SITE_KEY=your_site_key_here
SC_API_URL=https://captcha.btebresult.tech/api/validate.php

// 2. Create a middleware: app/Http/Middleware/VerifyShieldCaptcha.php
namespace App\Http\Middleware;

use Closure; use Illuminate\Http\Request;

class VerifyShieldCaptcha {
    public function handle(Request $request, Closure $next) {
        $token = $request->input('shield_token', '');

        $response = \Http::timeout(5)
            ->withHeaders([
                'X-API-Key'    => env('SC_SITE_KEY'),
                'Content-Type' => 'application/json',
            ])
            ->post(env('SC_API_URL'), ['token' => $token]);

        if (!$response->successful() || !$response->json('valid')) {
            return response()->json(['error' => 'Bot detected'], 403);
        }
        return $next($request);
    }
}

// 3. Register in bootstrap/app.php (Laravel 11+)
->withMiddleware(function (Middleware $middleware) {
    $middleware->alias(['shieldcaptcha' => \App\Http\Middleware\VerifyShieldCaptcha::class]);
})

// 4. Use on routes
Route::post('/contact', [ContactController::class, 'store'])
     ->middleware('shieldcaptcha');

// 5. Add to Blade layout (resources/views/layouts/app.blade.php)
// Before </head>:
<script src="https://captcha.btebresult.tech/embed.js"
        data-sitekey="{{ env('SC_SITE_KEY') }}"></script>

🐍 Python / Django / Flask

# 1. utils/shieldcaptcha.py
import requests

SC_SITE_KEY = 'YOUR_SITE_KEY'
SC_API_URL  = 'https://captcha.btebresult.tech/api/validate.php'

def verify_token(token: str) -> bool:
    try:
        r = requests.post(SC_API_URL,
            json={'token': token},
            headers={'X-API-Key': SC_SITE_KEY},
            timeout=5)
        return r.json().get('valid', False)
    except Exception:
        return True  # fail open

# 2. views.py
from django.http import HttpResponseForbidden, JsonResponse
from utils.shieldcaptcha import verify_token

def contact(request):
    if request.method == 'POST':
        token = request.POST.get('shield_token', '')
        if not verify_token(token):
            return HttpResponseForbidden('Bot detected')
        # ✅ process form...
        return JsonResponse({'success': True})

# 3. base.html — before </head>
# {% block head %}
<script src="https://captcha.btebresult.tech/embed.js"
        data-sitekey="YOUR_SITE_KEY"></script>

from flask import Flask, request, jsonify, abort
import requests

app = Flask(__name__)
SC_KEY = 'YOUR_SITE_KEY'
SC_URL = 'https://captcha.btebresult.tech/api/validate.php'

def sc_verify(token):
    try:
        r = requests.post(SC_URL, json={'token': token},
            headers={'X-API-Key': SC_KEY}, timeout=5)
        return r.json().get('valid', False)
    except:
        return True  # fail open

@app.route('/contact', methods=['POST'])
def contact():
    token = request.form.get('shield_token','') or \
            request.json.get('shield_token','') if request.is_json else ''
    if not sc_verify(token):
        abort(403, 'Bot detected')
    return jsonify({'success': True})

from fastapi import FastAPI, HTTPException, Form
import httpx

app     = FastAPI()
SC_KEY  = 'YOUR_SITE_KEY'
SC_URL  = 'https://captcha.btebresult.tech/api/validate.php'

async def sc_verify(token: str) -> bool:
    async with httpx.AsyncClient() as client:
        try:
            r = await client.post(SC_URL,
                json={'token': token},
                headers={'X-API-Key': SC_KEY},
                timeout=5)
            return r.json().get('valid', False)
        except:
            return True

@app.post('/contact')
async def contact(shield_token: str = Form('')):
    if not await sc_verify(shield_token):
        raise HTTPException(403, 'Bot detected')
    return {'success': True}

🟩 Node.js / Express

// middleware/shieldCaptcha.js
const SC_KEY = process.env.SC_SITE_KEY || 'YOUR_SITE_KEY';
const SC_URL = 'https://captcha.btebresult.tech/api/validate.php';

async function verifyToken(token) {
  try {
    const res = await fetch(SC_URL, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json', 'X-API-Key': SC_KEY },
      body: JSON.stringify({ token }),
      signal: AbortSignal.timeout(5000),
    });
    return (await res.json()).valid === true;
  } catch { return true; } // fail open
}

// Middleware
module.exports = (req, res, next) => {
  const token = req.body?.shield_token || '';
  verifyToken(token).then(valid => {
    if (!valid) return res.status(403).json({ error: 'Bot detected' });
    next();
  });
};

// ── Express app.js ────────────────────────────────────
const express   = require('express');
const shieldMW  = require('./middleware/shieldCaptcha');
const app       = express();

app.use(express.json());

// Apply to specific routes
app.post('/contact',  shieldMW, (req, res) => res.json({ ok: true }));
app.post('/checkout', shieldMW, (req, res) => res.json({ ok: true }));

// ── Add embed.js (EJS template) ───────────────────────
// views/layout.ejs — before </head>:
<script src="https://captcha.btebresult.tech/embed.js"
        data-sitekey="<%= process.env.SC_SITE_KEY %>"></script>

API: Check Visitor

POSThttps://captcha.btebresult.tech/api/check.php

Scores the visitor. Returns auto-pass token OR signals to show CAPTCHA. Called automatically by embed.js.

Field	Type	Description
`site_key`	string	Site API key REQ
`mouse_moves`	int	Mouse event count
`time_ms`	int	Ms since page load
`scrolled`	bool	User scrolled?
`hp_field`	bool	Honeypot filled?

{"status":"pass","token":"abc123…","score":87}

{"status":"captcha","captcha_type":"emoji","score":42}

API: Get Challenge

GEThttps://captcha.btebresult.tech/api/challenge.php?type=math&site_key=KEY

{"type":"math","question":"14 × 3 = ?","challenge_id":"f3a9…","expires_in":120}

API: Verify Answer

POSThttps://captcha.btebresult.tech/api/verify.php

{"success":true,"token":"d8f2…"}

{"success":false,"message":"Wrong answer"}

API: Validate Token

POSThttps://captcha.btebresult.tech/api/validate.php

⚠️ Always call from your server. Never from client-side JS. One-time use, 10 min TTL.

{"valid":true,"issued_at":"2025-01-15 12:30:00"}

{"valid":false,"reason":"Token invalid or expired"}

🎭 CAPTCHA Types — Live Preview

Click any type to try a live preview of how it looks and works.

🎭

Emoji Selection

Visual

🔢

Math Challenge

Logic

🎨

Color Match

Visual

🔡

Reverse Text

Logic

📝

Word Puzzle

Logic

🔤

Sequence Order

Logic

🧩

Puzzle Slider

Interactive

🔄

Rotate Image

Interactive

🔢

Count Objects

Visual

👁️

Spot Difference

Visual

✏️

Draw Shape

Interactive

🌫️

Blurred Text

Visual

🎈

Balloon Pop

Interactive

🃏

Memory Cards

Interactive

🔍

Odd One Out

Logic

🔷

Pattern

Logic

🎵

Tile Tap

Interactive

অ

Bangla Letters

Local

🍛

Food Recognition

Local

👥

Shadow Match

Visual

🔎

Hidden Object

Visual

🕵️

Honeypot

Invisible

🖱️

Mouse Tracker

Invisible

📜

Scroll

Invisible

⏱️

Time on Page

Invisible

💎 Plans & Limits

Plan	Price	Sites	Req/mo	CAPTCHA Types
Free	$0	1	5,000	Basic
Pro	$9/mo	10	100,000	All 25
Business	$29/mo	∞	1,000,000	All 25

⚠️ Error Codes

HTTP	Error	Fix
`400`	Missing fields	Check required params
`400`	Token expired	Token is one-time, 10 min TTL
`403`	Invalid site_key	Check your API key in dashboard
`429`	Limit reached	Upgrade plan