Translations of this page:


—- plugin —-

description: This plugin provides a CAPTCHA field on subscription forms.
author : Duncan Cameron
type :
compatible : 3.x
depends :
conflicts :
similar :
tags : spam

sourcerepo :

Important The Securimage package is no longer supported or recommended for use, see If you want to use a captcha with phplist subscription forms then there are alternative phplist plugins

reCAPTCHA V2 plugin

reCAPTCHA V3 plugin

hCaptcha plugin

Friendly Captcha plugin

This plugin provides a CAPTCHA field on subscription forms using the Securimage package.

The CAPTCHA requires that the user type the letters and digits of a distorted image. Securimage
also provides a refresh button to display an alternative image, and an audio button to play a sound recording of the characters.

The plugin can also check subscription emails for spam using the class. This currently uses only the Stop Forum Spam service to check email addresses, as that can be used without registering.
The other services supported by Botbouncer (Akismet, Project Honeypot, and Mollom) could be added if Stop Forum Spam proves not to be sufficient.

For another approach to captcha see the reCAPTCHA plugin.


See the README file on the GitHub page

Change to the Securimage code

Starting in release 3.5.5 of phpList the php session is named 'phpListSession'.

Therefore if you are using phpList release 3.5.5 or later then you need to make a small change to the Securimage code so that it uses that session name.

In file securimage/securimage.php find this line. In release 3.6.7 of securimage it is line 487

    public $session_name   = null;

then change it to

    public $session_name   = 'phpListSession';



On the Settings page you can specify:

  • The path to the securimage directory on your web site (the default path is `/securimage`)
  • Whether to validate the email address using the BotBouncer class (the default is yes)
  • The prompt for the CAPTCHA field
  • The message to be displayed to the subscriber when the entered CAPTCHA is incorrect
  • The message to be displayed to the subscriber when the email address is rejected
  • Whether to write a record to the event log for each incorrect CAPTCHA and subscription attempt
  • Whether to send an email to the admin for each incorrect CAPTCHA and subscription attempt

Subscribe pages

For each subscribe page that you create you can select whether it should include a captcha field.

Customising the appearance of the captcha

The plugin does not support customising the appearance of the captcha widget. Instead you need to make minor modifications one of the Securimage files. See this page of the Securimage documentation for more details.

Changing the number of characters displayed in the captcha

The captcha will display 6 characters by default. To alter this number you need to follow the guidance for customising the appearance of the captcha to modify the code_length property. For example to reduce the number of characters to 4:

// display only 4 characters in the captcha
    $img->code_length = 4;


If your subscribe pages are in a language other than English then on the Settings page you can change the prompt and messages that are displayed to the subscriber to be in the local language.

Securimage supports a limited number of languages for the audio playback.
See Changing language files for how to change the language.

Test that it works

On your phplist subscription page enter all of the mandatory fields and an incorrect value in the CAPTCHA field.
The subscription attempt should be rejected.

Go to Stop Forum Spam and select an email address from the Last 500 Entries.
Then try to subscribe to your lists using that email address.


Report any issues or questions in the support forum