WordPress How To

This guide explains how to fine-tune where ALTCHA runs in your WordPress site — including disabling protection for specific plugins and controlling where the widget scripts are injected.

Other resources:

• Troubleshooting
• Advanced Topics

Enabling ALTCHA for Certain Plugins

If you need to enable ALTCHA for a specific plugin, you can include the plugin’s Ajax paths or actions under Settings:

• If the plugin uses a REST API endpoint such as /wp-json/some-plugin/submit, add this to Paths:

  /wp-json/some-plugin/submit

  Or include all requests from that plugin:

  /wp-json/some-plugin/*

• If the plugin uses admin-ajax.php, add the Ajax action name to Actions:

  action_name

Controlling Where the Scripts Are Injected

By default, the widget scripts are injected into every page. To improve performance, you can limit script injection only to pages that require protection.

You have two options:

1. Configure Inject Paths in the plugin Settings
2. Use the altcha_inject filter for full programmatic control

The examples below inject the ALTCHA scripts only on /contact and all pages under /shop/*.

Example using Inject Paths (Settings):

/contact
/shop/*

Note: the default * wildcard has been removed. Leaving it would inject the scripts on all pages.

Example using the altcha_inject filter:

function altcha_inject_filter($inject, $bypass)
{
  global $pagenow;
  $altcha = AltchaPlugin::$instance;

  if ($bypass) {
    // Don't inject if a bypass (logged in, whitelisted IP, etc.) is triggered
    return false;
  }

  if ("wp-login.php" === $pagenow) {
    // Inject on the WordPress login page when "Protect Login" is enabled
    return true;
  }

  $inject_paths = array(
    "/contact",
    "/shop/*"
  );

  if ($altcha->match_patterns($altcha->get_request_path(), $inject_paths)) {
    // Inject only on matching paths
    return true;
  }

  return false;
}

add_filter("altcha_inject", "altcha_inject_filter", 10, 2);