How Many Websites Use CAPTCHA?

Your online business's success depends on customers' recognition of crosswalks or traffic lights. BuildWith's latest report shows that over one-third of the top 100,000 websites use CAPTCHAs. At the same time, 30 million websites use reCAPTCHA alone.

For years, CAPTCHA has been the frontline warrior against internet bots and fake traffic. However, all those years of using prevention against bots and hackers mean bad actors have had a lot of training to get past these. In 2014, Google found that bots could bypass their reCAPTCHA program over 99% of the time.

If it doesn’t deliver the security it once did, we must ask ourselves: Why are CAPTCHAs still a thing? How many websites continue to rely on CAPTCHA?

Number Of Websites That Use CAPTCHA

In 2022, spam emails accounted for nearly 49% of global email traffic. CAPTCHA forms are commonly used on websites to prevent bots and spam. These forms are encountered when signing up, creating an account, logging in, or leaving comments.

As of May 2023, there are 261,425 detections of CAPTCHA in the top 1 million sites. If you wonder how many more there are, read on.

CAPTCHA Usage Statistics

Out of over a billion websites, only a tiny fraction are active. Approximately 83% of all websites are inactive. Among the active ones, there are currently 13,436,839 websites using CAPTCHA technology. CAPTCHA has been widely used for a while now, with over 20 vendors providing it.

Worldwide, people type over 200 million CAPTCHAs daily, according to tsoHost. If you don't have a CAPTCHA test on your website, here’s everything you need to know:

1. 75% of the top 1 million websites using CAPTCHAs are from the US and Europe.

(Imperva, Siteefy)

The US currently has over 130 million websites registered. Given this figure, it is no surprise that 40% of malicious bots worldwide target websites in the United States. 

In 2020, 37.2% of bad bot traffic worldwide attacked US websites. This rate increased by 43.2% in 2021, making US websites the top target. Following Australia (6.8%), the UK (6.7%), and China (5.2%).

2. 97.14% of the websites use reCAPTCHA.

(BuiltWith, Developers, Compliance.io)

ReCAPTCHA is the most popular platform among all the CAPTCHA vendors. It is one of the services that uses an advanced risk analysis engine. Plus, it’s user-friendly and easy to set up. 

Initially, it used the exact distorted words as earlier CAPTCHAs, but with one main distinction. Instead of random words, it used text snippets to help Google Books' digitized books. Eventually, reCAPTCHAs evolved to include pictures of street signs and other text from Google Street View. It lets every CAPTCHA solved help enhance Google's machine learning.

3. About 50% of passed reCAPTCHAs are done by bots.

(Human Security)

As CAPTCHA mechanisms have evolved, so have bot-based threats. Today, a range of automated technologies allow attackers to bypass CAPTCHA challenges. One example is DeCaptcher. It is an optical character recognition system that provides a file to download with the necessary details to solve the challenges.

Given the current CAPTCHA solvers, organizations can’t fully trust CAPTCHA-based tools to block bots. These realities indicate a clear need for advanced tools that don’t frustrate users and are hard for bots to solve. 

The Takeaway

While it helps prevent basic bots and fraudsters from accessing a website, attack technology has evolved. CAPTCHA has not kept up with the times. Even though the creators upgraded it to be less intrusive, CAPTCHA still introduces friction and is easy to dodge.

Even those without a technical background can painlessly find a bot to bypass CAPTCHAs. Think about what well-funded criminal organizations can do. The bottom line is that a CAPTCHA can't simply stop fraud and abuse. You need to invest in modern approaches that enable malicious automation, which creates a safer and fairer online business environment for everyone.