hcaptchaplus

hCaptcha Plus – Native hCaptcha Provider for Dolibarr (v21+)
hCaptcha Plus integrates hCaptcha as an alternative CAPTCHA provider within Dolibarr’s native security system (v21 and higher).

The module works as a standalone provider and does not replace or modify the standard CAPTCHA module. Both providers can coexist and be enabled or disabled independently from the Security settings panel.

Key Features
Native integration with Dolibarr CAPTCHA system

Compatible with Dolibarr v21 and v22

PHP compatibility from 7.4 up to 8.4

Modern image-based hCaptcha challenge

Protection against bots and brute-force login attempts

GDPR-friendly alternative to reCAPTCHA

Fully compatible with Dolibarr debug mode

Secure Credential Management
Site Key is visible for verification purposes.

Secret Key is encrypted using Dolibarr’s native dolcrypt-AES-256 system.

Secret Key is masked in the interface for privacy.

When the module is disabled, stored credentials are automatically removed from the database.

This ensures no sensitive data remains stored if the module is no longer in use.

Architecture & Compatibility
hCaptcha Plus follows Dolibarr development guidelines:

Uses GETPOST standards

Does not override or replace existing core files

Does not modify database structures during updates

Clean enable/disable lifecycle management

The module integrates as an alternative CAPTCHA provider within Dolibarr’s security framework.

Installation
Go to:
Home → Setup → Modules/Applications → Deploy/Install External Module

Upload the provided ZIP file.

Activate hCaptcha Plus from the modules list.

Click the gear icon (⚙) to configure:

Enter your Site Key

Enter your Secret Key

Save changes

Copy the provider file from:

custom/hcaptchaplus/core/modules/security/captcha/modCaptchaHcaptcha.class.php

to:

htdocs/core/modules/security/captcha/

Go to:
Setup → Security → CAPTCHA

Enable CAPTCHA (if disabled)

Select hCaptcha as active provider

The default CAPTCHA remains available and can be re-selected at any time.

- The module and the CAPTCHA switch in Setup → Security → CAPTCHA are independent.  
  Disabling the module without changing the CAPTCHA setting may cause login errors if the selected provider is not available.

Important Notes
If the provider file is removed while active, Dolibarr will behave as with any missing active module.

The module does not interfere with other security modules.

Designed to be update-safe and production-ready.

Support
Professional support available via:

Website: virtualmachine.digital

Email: scripts.servers@gmail.com

© 2026 Rafael CF – Licensed under GPL v3