Panditya A. Putra

Apr 22, 2021

3 min read

Getting annoyed by the CAPTCHA these days? Let’s create the simple one!

The CAPTCHA provided challenges nowadays are improved so much that even make it hard to perform for bots or humans themselves which suppose to relatively easy. Back in old times, let’s create a simple CAPTCHA that easy to implement without using libraries and easy to perform by users.

Photo by Alex Knight on Unsplash

The Issues

When I was working as a frontend developer, creating a company website there was a request from the client that they want a security check each time visitor of their website wants to contact them by submitting a form. So I guess a CAPTCHA is required, I was thinking about using reCAPTCHA or hCaptcha but the project manager refused. The reason those kinds of CAPTCHA are too difficult when they are forced to select multiple images of something, they hate it so much.

Photo by Tim Gouw on Unsplash

I started looking for alternatives that easy to perform and implemented as well in my project but didn’t found any libraries that I want. Instead of wasting time searching, I thought that it was the same effort as writing on my own a simple security check that relies on client form validation.


In this case, I'm using React, first take look at this block of code,

generate random string function

Yep, just creating a normal state hook and a function to generate a random string, simple right I can just put the security code string that generated by calling it inside useEffect hook on input element then validate it when submitting the form. That’s gonna work except since the user could easily copy-paste the code or even if the select event is disabled by using a script or forced style in CSS the code still visible with inspect element.

So let's make some improvement, rendering the generated random string as an image. It could be done something like this,

rendering image element

That’s it, and then replace the input previously used as displaying code to an image element with the same id that is called inside the function. After that, I can continue creating the rest of the form and validate the code on submit function simply looks like this,

security code check on submit

It’s important to recall generate function after submit to rerender the image with a new security code, and that how it works.

Here the complete example with form,

Last Words

Maybe it’s very simple but some people don’t want to play an image game to make sure that they are human and clients don’t want to lose their visitors just because of using the CAPTCHA that really annoying. Remember it only runs validation on the client side. At some point, it has security issues for who knows it so please consider using another way especially when the form is very strict by using battle-tested libraries just like reCAPTCHA or its popular alternative hCaptcha.

Thank you for reading!