Note that this plugin doesn’t do anything on its own, but is used by contact-form-7 (and maybe other plugins) to provide captchas
As a test of the strength of the captcha we generated a captcha form and used an open-source character-recognition tool called gocr to attempt to decipher the image.
We generated 10,000 images generated by this plugin (using
$captcha_instance->generate_random_word() to pick a random 4-character sequence).
Gocr achieved 964 passes (10%). This is fairly high considering gocr is designed for reading scanned documents as opposed to obfuscated characters. Therefore this plugin should not be relied upon as the sole method for protecting high-value forms (such as login forms)