Drop one PHP file into your site and every form submission is checked server-to-server — no client-side JavaScript validates anything, so there's nothing in the page source for a bot or a script to read, fake, or replay.
Two calls. That's the whole integration.
require 'kongi-client.php';
echo KongiCaptcha::field($SITE_KEY); // inside your <form>
if (KongiCaptcha::verify($SITE_KEY, $SECRET_KEY, $_POST)) {
// process the form
}
Get a site_key and secret_key in one step — free, no card required.
Add kongi-client.php to your project and call it from your form.
Your backend asks ours for a yes/no. The visitor's browser is never involved.
Randomly mixed per request, so there's no single fixed pattern to script around.
Invisible to real visitors; generic bots and autofillers tend to fill it anyway.
Powered by proxycheck.io — flag or block traffic from known anonymizing networks.
Every challenge is burned the instant it's used, so a captured answer can't be replayed.