What it does
Most unwanted WordPress traffic is automated. silentCAPTCHA helps separate real visitors and useful crawlers from bots targeting logins, comments, registrations, forms, and checkout paths.
Visitors do not see a challenge. Suspicious traffic can be blocked before it wastes moderation time or reaches sensitive workflows.
Why it matters
Bot traffic is often where WordPress security pressure starts. Login floods, fake registrations, spam comments, and junk form submissions create work before they create obvious damage.
silentCAPTCHA reduces that pressure early, so the rest of your security stack spends more time helping people and less time absorbing automation.
How it works
Shield watches request behaviour from the first visit and builds a confidence score for that visitor. Trusted traffic continues normally, while suspicious traffic receives the response configured in Shield.
The default behaviour is automatic. Site owners can tune the score threshold and review activity when they need more visibility.
What it protects
- Login and registration: bad automation is scored before it gets repeated chances to submit credentials or create accounts.
- Comments: automated comment spam can be refused before it lands in moderation.
- Forms: bot scoring protects form submissions without adding visible friction for real visitors.
- Checkout: store workflows can reject suspicious automation while keeping the buyer path clear.
Setup
There is nothing required to turn silentCAPTCHA into a separate challenge. It runs with Shield defaults after installation.
When you want more control, tune the score threshold and response behaviour in Shield. Scores and blocks can be reviewed through Traffic and Request Monitoring.