WP-Safety

Raptcha Security & Risk Analysis

wordpress.org/plugins/raptcha

A secure, animal-based CAPTCHA for WordPress forms featuring intelligent bot detection and multi-form integrations.

0 active installs v1.4.1 PHP 7.4+ WP 5.0+ Updated Jan 23, 2026
bot-detectioncaptchaformprivacysecurity
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Raptcha Safe to Use in 2026?

Generally Safe

Score 100/100

Raptcha has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The raptcha plugin v1.4.1 exhibits a generally positive security posture, with strong adherence to secure coding practices in several key areas. The absence of known CVEs and a clean vulnerability history are significant strengths. Notably, all SQL queries utilize prepared statements, and a high percentage of output is properly escaped, mitigating common risks like SQL injection and Cross-Site Scripting (XSS).

However, the plugin presents some areas of concern. The static analysis reveals a moderate attack surface with 7 total entry points, of which 2 AJAX handlers lack authentication checks. This is the primary security risk identified, as it could allow unauthenticated users to trigger potentially harmful actions. While taint analysis shows no critical or high-severity flows, the presence of unprotected AJAX handlers still warrants caution. The plugin also includes file operations and a single cron event, which, while not inherently insecure, add to the overall attack surface and require careful review in conjunction with the identified unprotected entry points.

In conclusion, raptcha v1.4.1 is on solid ground due to its secure handling of database queries and output escaping, as well as its clean vulnerability history. The most significant weakness lies in the unprotected AJAX endpoints. Addressing these specific entry points should be the priority to further strengthen the plugin's security.

Key Concerns

  • Unprotected AJAX handlers
Vulnerabilities
None known

Raptcha Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Raptcha Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
13
75 escaped
Nonce Checks
4
Capability Checks
1
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared6 total queries

Output Escaping

85% escaped88 total outputs
Attack Surface
2 unprotected

Raptcha Attack Surface

Entry Points7
Unprotected2

AJAX Handlers 6

authwp_ajax_raptcha_generate_challengeincludes\class-raptcha-core.php:110
noprivwp_ajax_raptcha_generate_challengeincludes\class-raptcha-core.php:111
authwp_ajax_raptcha_validate_challengeincludes\class-raptcha-core.php:112
noprivwp_ajax_raptcha_validate_challengeincludes\class-raptcha-core.php:113
authwp_ajax_kb_process_advanced_form_submitincludes\class-raptcha-form-integrations.php:719
noprivwp_ajax_kb_process_advanced_form_submitincludes\class-raptcha-form-integrations.php:720

Shortcodes 1

[raptcha] includes\class-raptcha-shortcode.php:47
WordPress Hooks 29
actionadmin_menuincludes\class-raptcha-admin-settings.php:44
actionadmin_enqueue_scriptsincludes\class-raptcha-admin-settings.php:45
actionadmin_enqueue_scriptsincludes\class-raptcha-admin-settings.php:46
actionadmin_initincludes\class-raptcha-admin-settings.php:47
actionlogin_enqueue_scriptsincludes\class-raptcha-core.php:114
actionlogin_formincludes\class-raptcha-form-integrations.php:109
filterauthenticateincludes\class-raptcha-form-integrations.php:110
filterrender_blockincludes\class-raptcha-form-integrations.php:112
actioncomment_form_after_fieldsincludes\class-raptcha-form-integrations.php:117
actioncomment_form_logged_in_afterincludes\class-raptcha-form-integrations.php:118
filterpreprocess_commentincludes\class-raptcha-form-integrations.php:119
filterwpcf7_spamincludes\class-raptcha-form-integrations.php:186
filterwpcf7_display_messageincludes\class-raptcha-form-integrations.php:189
actionwpforms_display_submit_beforeincludes\class-raptcha-form-integrations.php:503
actionwpforms_processincludes\class-raptcha-form-integrations.php:506
filterthe_contentincludes\class-raptcha-form-integrations.php:612
actionfluentform/before_insert_submissionincludes\class-raptcha-form-integrations.php:615
actionninja_forms_display_after_fieldsincludes\class-raptcha-form-integrations.php:777
filterninja_forms_submit_dataincludes\class-raptcha-form-integrations.php:780
filterforminator_render_button_markupincludes\class-raptcha-form-integrations.php:872
actionforminator_custom_form_submit_before_set_fieldsincludes\class-raptcha-form-integrations.php:875
filterthe_contentincludes\class-raptcha-form-integrations.php:972
filterfrm_validate_entryincludes\class-raptcha-form-integrations.php:975
actionaf/form/after_fieldsincludes\class-raptcha-form-integrations.php:1059
actionaf/form/validateincludes\class-raptcha-form-integrations.php:1062
actionplugins_loadedraptcha.php:59
actionraptcha_cleanup_challengesraptcha.php:143
filterplugin_action_linksraptcha.php:162
actionwp_enqueue_scriptsraptcha.php:253

Scheduled Events 1

raptcha_cleanup_challenges
Maintenance & Trust

Raptcha Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 23, 2026
PHP min version7.4
Downloads220

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

Raptcha Alternatives

WP Advanced Math Captcha

WP Advanced Math Captcha

wp-advanced-math-captcha

A
100

Protect your WordPress site with a powerful and user-friendly Math Captcha. Now with seamless WooCommerce, WPForms, and Formidable Forms integration!

7K No CVEs
No CAPTCHA reCAPTCHA

No CAPTCHA reCAPTCHA

no-captcha-recaptcha

A
85

Protect WordPress login, registration, comment and BuddyPress registration forms with Google's No CAPTCHA reCAPTCHA.

5K No CVEs
Contact Form 7 Spam Killer

Contact Form 7 Spam Killer

cf7-advance-security

A
100

"Contact Form 7 Spam Killer" is a advance spam blocker that will help to prevent unwanted spam for your Contact Form 7 plugin.

4K No CVEs
Power Captcha reCAPTCHA

Power Captcha reCAPTCHA

power-captcha-recaptcha

A
92

Protect WordPress/WooCommerce/Contact Form 7 forms from spam, brute-force attacks, fake comments, accounts, or registrations with Google reCAPTCHA.

1K No CVEs
Gravity Forms: GDPR Framework Add-On

Gravity Forms: GDPR Framework Add-On

gdpr-for-gravity-forms

A
85

The easiest way to make your Gravity Forms GDPR-compliant. Fully documented, extendable and developer-friendly.

400 No CVEs
Developer Profile

Raptcha Developer Profile

LaughterOnWater

7 plugins · 70 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Raptcha

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/raptcha/assets/css/raptcha-frontend.css/wp-content/plugins/raptcha/assets/js/raptcha-frontend.js
Script Paths
/wp-content/plugins/raptcha/assets/js/raptcha-frontend.js
Version Parameters
raptcha/assets/css/raptcha-frontend.css?ver=raptcha/assets/js/raptcha-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
raptcha-puzzle-containerraptcha-drag-dropraptcha-image-pieceraptcha-sliderraptcha-slider-trackraptcha-slider-thumbraptcha-message
HTML Comments
<!-- Raptcha Captcha Start --><!-- Raptcha Captcha End -->
Data Attributes
data-raptcha-puzzle-iddata-raptcha-settings
JS Globals
raptchaFrontendraptcha_frontend_params
Shortcode Output
[raptcha_captcha]
FAQ

Frequently Asked Questions about Raptcha