Latest Update : How Custom CAPTCHA Enhances Security in Salesforce Environments
For public-facing Salesforce applications like Experience Cloud portals and Salesforce Sites, stopping automated bots from gaining access is a must.
Custom CAPTCHA serves as a first barrier to entry, limiting access to the system to genuine users only. It prevents very simple bots from reaching layers of security such as OTP/recaptcha.
In absence of CAPTCHA verification, systems are exposed to:
Custom CAPTCHA is a basic human validation system constructed by employing some logic like:
In this case a random math based CAPTCHA is used and the visitor needs to solve a simple addition problem.
User → Visualforce Page → CAPTCHA Display → User Input → Apex Validation → Allow / Block Access
User → LWC Component → Apex Controller → CAPTCHA Generation → UI Display → User Input → Validation (LWC/Apex) → Allow / Block Access
Two random numbers are generated in Apex using Crypto.getRandomInteger():
// CAPTCHA GENERATOR
num1 = Math.mod(Math.abs(Crypto.getRandomInteger()), 10);
num2 = Math.mod(Math.abs(Crypto.getRandomInteger()), 10);
<b>Solve this:</b> {!num1} + {!num2} = ?
<br/>s
<apex:inputText value="{!userAnswer}" style="width:100px"/>
// CUSTOM CAPTCHA VALIDATION
if(userAnswer == null || userAnswer != (num1 + num2)){
errorMessage = 'Invalid Captcha';
createInitialLog('Failed');
// regenerate captcha
num1 = Math.mod(Math.abs(Crypto.getRandomInteger()), 10);
num2 = Math.mod(Math.abs(Crypto.getRandomInteger()), 10);
return null;
}
<template>
<div class="captcha-box">
<p><b>Solve this:</b> {num1} + {num2} = ?</p>
<lightning-input type="number" label="Enter Answer" value={userAnswer}
onchange={handleChange}>
</lightning-input>
<lightning-button label="Submit" variant="brand" onclick={validateCaptcha}>
</lightning-button>
<p class="error">{errorMessage}</p>
</div>
</template>
import { LightningElement, track } from 'lwc';
import generateCaptcha from '@salesforce/apex/CaptchaController.generateCaptcha';
export default class CaptchaLwc extends LightningElement {
@track num1;
@track num2;
@track userAnswer = '';
@track errorMessage = '';
connectedCallback() {
this.loadCaptcha();
}
loadCaptcha() {
generateCaptcha()
.then(result => {
this.num1 = result.num1;
this.num2 = result.num2;
this.errorMessage = '';
this.userAnswer = '';
})
.catch(error => {
console.error('Error loading captcha', error);
});
}
handleChange(event) {
this.userAnswer = event.target.value;
}
validateCaptcha() {
let correctAnswer = this.num1 + this.num2;
if (parseInt(this.userAnswer) === correctAnswer) {
this.errorMessage = '✅ CAPTCHA Verified Successfully!';
} else {
this.errorMessage = '❌ Wrong Answer. Try Again!';
this.loadCaptcha(); // regenerate on failure
}
}
}
If the user inputs an incorrect response:
The Custom CAPTCHA solution offers a secure and efficient way to protect Salesforce applications from bots and automated attacks, while maintaining a smooth and user-friendly experience.
Don’t forget to check out: Salesforce Summer ’26: Pre-Release Planning Guide for Admins
Custom CAPTCHA adds an extra layer of protection to Salesforce applications by filtering out automated and malicious activities at the initial stage, ensuring that only genuine users can proceed further. Custom CAPTCHA strengthens Salesforce security by:
Custom CAPTCHA can be effectively used in:
To make Custom CAPTCHA more effective:
Log failed attempts for monitoring:
Custom CAPTCHA provides a simple yet powerful way to secure Salesforce applications at the entry level.
With a dynamic math based CAPTCHA, we can effectively screen out bots and allow only real users to continue further in the system.
SFCC Developer | SFCC Technical Architect | Salesforce Consultant | Salesforce Developer | Salesforce Architect |
Want to promote your products/services in front of more customers?
119 Views
175 Views
109 Views
323 Views
186 Views
182 Views
150 Views
