Multi-Form Anti-Spam Image CAPTCHA

Multi-Form Anti-Spam Image CAPTCHA adds a fast, accessible icon challenge — paired with honeypots and a submission speed check — to the form plugins and WordPress core screens spambots love to abuse. Users select the requested icon to verify; every challenge is generated server-side with a hashed answer so bots cannot scrape the correct option from the markup.

One plugin covers Gravity Forms, Contact Form 7, WPForms, WooCommerce, WordPress login, comments, and more — with full styling controls, 780+ icons, and layered bot defenses.

Integrations

• Gravity Forms — drag the MultiForm Image CAPTCHA field into any form
• Contact Form 7 — insert the [pbmfasic] form-tag (a one-click tag generator is included)
• WPForms — drag the MultiForm Anti-Spam Image CAPTCHA field into any form
• Formidable Forms — drop [pbmfasic] inside an HTML field
• Elementor Pro Forms — drop [pbmfasic] inside an HTML widget
• WooCommerce — toggle CAPTCHA on the Login, Registration, and classic shortcode Checkout forms (the block-based Checkout Block is not yet supported)
• WordPress login, registration, lost-password and reset-password forms
• WordPress comments

Spam protection

• Hashed, server-side icon challenge with per-render tamper tokens
• Honeypot fields plus a reverse-honeypot trap that catches bots that auto-fill every field
• Submission-speed check rejects bot-fast submissions
• Daily cleanup of stale CAPTCHA records
• Optional “disable for logged-in users” toggle

Styling and icons

• Switch between Font Awesome icon fonts (bundled) and 780+ bundled SVG icons
• Full styling controls: colors, borders, padding, font size, layout, alignment
• Custom prompt text and custom error messages
• Toggle mode hides the CAPTCHA until the user starts interacting with the form

Accessibility

• Keyboard-navigable radio buttons with ARIA labels
• Optional audio cues for screen-reader users (off by default; opt in on the General tab if you need an audio alternative)

Privacy

The plugin does not call any external services and does not send data off your site. CAPTCHA records are stored in a custom table on your own database and purged automatically every 24 hours.

Developer hooks

• pbmfasic_skip_wp_login_option — filter whether validation runs on WordPress login, registration, lost-password and reset-password forms
• pbmfasic_skip_validation — filter whether validation should be skipped for the current request
• pbmfasic_force_synchronous_render — return true to render the CAPTCHA inline instead of lazy-loading it via AJAX, useful when a form submits over a custom AJAX flow that needs the CAPTCHA fields present at first paint

Credits

This plugin bundles the following third-party assets, all under licenses compatible with the GPL v3:

• Font Awesome 4.7.0 — http://fontawesome.io — Font: SIL OFL 1.1, CSS: MIT License. Files: css/fontawesome.css, fonts/fontawesome-webfont.*, fonts/FontAwesome.otf.
• Font Awesome SVG icons (svgs/) — derived from the Font Awesome 4.7 free icon set — License: CC BY 4.0 (https://creativecommons.org/licenses/by/4.0/).
• Audio: “Failure 01” by rhodesmas — https://freesound.org/s/342756/ — License: CC BY 4.0. Used as audio/wrong.mp3 (trimmed).
• Audio: “Success 04” by rhodesmas — https://freesound.org/s/322929/ — License: CC BY 4.0. Used as audio/correct.mp3 (trimmed).

The plugin source code is distributed under the GNU GPL v3 (see LICENSE).