Switch site to reCaptcha instead of hCaptcha

I could go on about the problems with hCaptcha, and why it’s generally worse than reCaptcha, but I’m not. I’ll get straight to the point with this:

I don’t like hCaptcha, nor do I want it anywhere on my website. Bot protection forcibly uses hCaptcha now, and I’d rather have it off than deal with hCaptcha. But this opens the door to bot attacks. It should 100% be up to the user of which captcha they use on their site, especially if it involves hCaptcha. If I have to add my own site key and private key, that will be fine by me, as long as my site never, ever uses hCaptcha.

I’m confident that the first ones to be hesitant of using hCaptcha were Cloudflare themselves, and for numerous reasons.

They point out China having intermittent access to ReCaptcha is a bit wacky, competitors to Cloudflare fixed this issue by implementing captchas that are more common in that region (GeeTest primarily). The financials involved behind it are the main reason why they had to switch to another vendor.

Overall I doubt you will see any changes in the near future.


Chinese users are not a problem, since nobody I trusted to allow them on my site is from, or living in China. If privacy was the main focus, frankly, I don’t care. If I needed to pay for rC, I wouldn’t mind either. As I said, it should be an option. I wasn’t saying rC should be forced back upon all CloudFlare sites (though I’m sure many people would appreciate that), I just to have the option to revert back to rC, even if I have to shell out some extra cash, or set a few keys up, or even give up a bit of privacy, is fair trade for much overlooked convenience and ease of rC.

You are talking about yourself and your own requirements, Cloudflare as a business is tuned for the majority of the customers, China representing 25% of the total traffic and an unexpected rise in privacy concerns in society are facts that can’t be ignored.

Regarding the extra cash, you can always rely on other enterprise solutions that are still allowed to use ReCaptcha, be advised that the cost for those solutions is in the order of 4 to 5 digits per month.
You could also set up a load balancer behind Cloudflare that displays a Recaptcha when certain thresholds are met, HaProxy allows you to do this on their enterprise version. Be aware that you will be paying $1 per 1000 calls above the 1M requests so… good luck in the event of a DDoS attack.

1 Like