Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Botpoison is an anti-spam and anti-bot service for website forms and interactive endpoints. It positions itself as an alternative to traditional CAPTCHA, avoiding the need for real users to complete image or text verification. Its website explicitly describes the core mechanism as proof-of-work—“puzzles for computers”—designed to stop form spam, contact form abuse, survey abuse, and to help defend login authentication endpoints against brute-force attacks and account takeover risks.
In terms of protection scenarios, Botpoison covers noisy spam messages, account takeover-related attacks, as well as fake votes, purchases, comments, and advertising/affiliate fraud. It is not a CAPTCHA centered on human recognition; instead, it works by generating a challenge on the frontend and validating the solution on the backend with a secret key. Deployment is lightweight, with support for HTML, JavaScript, React, Vue, Angular, and Svelte. Backend support includes Node.js, PHP, Go, Rust, Java, and REST API, and libraries such as @botpoison/browser and @botpoison/node are also available. The official site also says it can be used with static sites and native HTML submissions, and even without JavaScript.
For pricing, the official site only states that a free plan is available and that no credit card is required; enterprise plans require contacting the company. The collected information does not disclose specific quotas, prices, overage fees, or differences between plans. The terms of service indicate that prices may be adjusted, downgrades take effect after the current billing cycle ends, and refunds are provided only when required by law. On the management side, the documentation mentions the Botpoison Dashboard and the creation and use of public keys and secret keys, but there is no visible information about alerts, audit logs, reporting, SLA, or enterprise support response times. Compliance certifications are also not disclosed.
The advantages are a user-friendly experience, low-code integration, broad coverage across languages and frameworks, and a clear statement that it does not sell data. For static sites, landing pages, and form-heavy websites, the deployment barrier is lower than many full-scale risk control platforms. The downside is that its security boundaries need to be clearly understood: proof-of-work is effective against automated spam submissions, but it is not a complete replacement for detecting human fraud, complex business risk scenarios, or post-compromise behavior after an account has already been taken over. Public materials also lack details on pricing, capacity, compliance, availability, and support commitments, so enterprises should conduct load testing and legal review before production deployment.
Botpoison is suitable for small and medium-sized websites, static sites, form services, independent developers, and SaaS teams that want to reduce CAPTCHA-related conversion loss and quickly prevent automated abuse. The collected information does not provide details on access from China, so its status is unknown. If targeting users in mainland China, teams should test the script CDN, API latency, and availability in practice, and confirm payment methods with the provider. If localized support, domestic compliance, or more stable mainland China access is required, alternatives such as Alibaba Cloud CAPTCHA, Tencent Cloud CAPTCHA, and NetEase Yidun CAPTCHA may be worth comparing.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on botpoison.com official site.
botpoison.com is an United States Security provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach botpoison.com directly.