Plugin inspection:

Really Simple CAPTCHA

No issues found

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

We didn't find anything worrying in this plugin. It's probably safe. Read more about this recommendation.


This recommendation applies to version 1.8 of this plugin, but the most recent version is These findings may no longer be correct.


Note that this plugin doesn’t do anything on its own, but is used by contact-form-7 (and maybe other plugins) to provide captchas

As a test of the strength of the captcha we generated a captcha form and used an open-source character-recognition tool called gocr to attempt to decipher the image.

We generated 10,000 images generated by this plugin (using $captcha_instance->generate_random_word() to pick a random 4-character sequence).

Gocr achieved 964 passes (10%). This is fairly high considering gocr is designed for reading scanned documents as opposed to obfuscated characters. Therefore this plugin should not be relied upon as the sole method for protecting high-value forms (such as login forms)