Posts by drew:

Securimage 3.6.4 Released

No Comments » Written on March 3rd, 2016 by
Categories: Uncategorized

Securimage 3.6.4 has been released to address an XSS vulnerability in example_form.ajax.php (an example included with Securimage) which could allow an attacker to inject arbitrary Javascript code via a crafted URL. Users directed to the malicious URL could have cookies or other sensitive information exposed, or have more dangerous Javascript code executed. Thanks to RedTeam for discovering the flaw.

It is recommended to update to 3.6.4 as soon as possible, or delete example_form.ajax.php from your Securimage directory.

Additionally, version 3.6.3 adds support for the following:

  • Add support for multibyte wordlist files
  • Fix code generation issues with UTF-8 charsets
  • Add parameter to getCaptchaHtml() to render components of captcha HTML individually for easier customization
  • Fix database audio storage issue with multiple namespaces

Securimage 3.6.2 Released

Comments Off on Securimage 3.6.2 Released Written on November 9th, 2015 by
Categories: Posts

Securimage 3.6.2 has been released which fixes some issues with the 3.6 branch including WAV/MP3 streaming on iOS devices. It includes the following changes:

  • Fix HTML5 audio playback on iOS devices (audio data is stored in the session and/or database to support HTTP range requests required by iOS)
  • Add a file where configuration settings (e.g. image display preferences, database settings) can be put to ease upgrading and allow securimage.php, securimage_show.php, and securimage_play.php to easily use the same settings.
  • Improved error messages if audio playback fails.

If you use an older version, consider upgrading to 3.6.2, and new users should download 3.6.2. If you are using database storage, make sure to re-create the database tables as they have changed.

The WordPress plugin was also updated to use the latest version of Securimage and now supports HTML5 audio as well.

Version 3.6 Released

Comments Off on Version 3.6 Released Written on September 27th, 2015 by
Categories: Posts

Securimage 3.6 has been released which includes the following new features:

  • HTML5 audio playback for compatibility mobile devices and removes the need for Flash
  • Audio can be streamed in MP3 format (requires LAME; see the HTML5 audio docs for more info)
  • Easier integration with MVC frameworks when using Securimage::getCaptchaHtml() method

If you use an older version, consider upgrading to 3.6, and new users should download 3.6. There are no issues upgrading old versions to the latest. Simply overwrite your existing files (make sure to preserve any custom changes to securimage_show.php or other files).

The WordPress plugin was also updated to use the latest version of Securimage and now supports HTML5 audio as well.

Somewhat unrelated, all comments to posts and pages have been deleted since many were old, no longer apply, and it was getting a bit difficult to sift through all the comments to find relevant information.

Latest updates

Comments Off on Latest updates Written on May 26th, 2015 by
Categories: Posts

Several recent updates have been made to the Securimage WordPress Plugin. Among the changes are:

  • Options to add CAPTCHA to WordPress registration, login, comment, and lost password forms
  • Works with BuddyPress registration forms
  • Automatic installation of language packs for audio CAPTCHA
  • Added a shortcode for displaying Securimage on any WordPress post or page
  • General improvements to functionality and appearance

HTML5 audio support with optional Flash fallback is coming soon so mobile devices will be fully supported. If the lame binary is installed on the system, CAPTCHA audio can be converted to MP3 to reduce bandwidth of audio CAPTCHA. Stay tuned for updates.

Version 3.5.2 Released

Comments Off on Version 3.5.2 Released Written on February 15th, 2014 by
Categories: Uncategorized

Securimage 3.5.2 has been released which includes new features and some improvements and fixes.

New Features:

  • Add getCaptchaHtml() method for automatically generating HTML code for forms.
  • Add getTimeToSolve() method for telling how long it took for the captcha to be solved (correctly or incorrectly).
  • Font ratio can be adjusted manually to fit the text into the image better for smaller images
  • Securimage was added to
  • The SoX (Swiss Army knife of audio manipulation) binary can be used to effect the audio files dynamically to make them more difficult for bots to solve.

If you use an older version, consider upgrading to 3.5.2, and new users should download 3.5.2.

Version 3.5 Released

Comments Off on Version 3.5 Released Written on March 29th, 2013 by
Categories: Posts

Securimage 3.5 has been released which includes a few new features and a number of portability improvements and fixes.

New Features:

  • Database support – Support SQLite3, MySQL, and PostgreSQL via PDO.
  • Captcha Ids – Store codes in a database without the need for cookies (should work for all clients). Read more.
  • Multi-word captcha – Display captcha images with 2 dictionary words

If you use an older version, consider upgrading to 3.5, and new users should download 3.5.

WordPress plugin released

Comments Off on WordPress plugin released Written on April 25th, 2012 by
Categories: Posts

A Securimage WordPress Plugin has been released. Installing it will add CAPTCHA protection to all of your site’s WordPress comment forms and help prevent spam. All options are configured from the WordPress settings menu. Check it out on

Securimage 3.2RC2 is available

Comments Off on Securimage 3.2RC2 is available Written on April 23rd, 2012 by
Categories: Posts

A new version of Securimage will be released soon. In the mean time, you can grab a copy of 3.2RC2 from GitHub. Download links for the new release candidate are available on the download page.

The new version includes numerous improvements and fixes including:

  • Add random “noise” to image captcha
  • Static CAPTCHA feature removes the need for PHP sessions (requires SQLite)
  • Improved SQLite functionality
  • Image and audio CAPTCHA can be used stand-alone (for integrating in 3rd party software platforms)
  • Audio CAPTCHA is obfuscated by white-noise and is randomly mixed with background audio
  • Improved the functionality and added new options to the CAPTCHA audio Flash button
  • Better error detection making installation troubleshooting easier

See the changelog within securimage.php for more details.

The demo page is now using 3.2RC2 so the new CAPTCHA and audio functionality can be seen there. Thank you for using Securimage.

3.0.2 Beta Available on github

Comments Off on 3.0.2 Beta Available on github Written on January 20th, 2012 by
Categories: Posts

You can get the new 3.0.2 beta version of Securimage on github.

It addresses the following issues:

  • Fixes a bug that could cause a broken image when PHP is running with display_errors turned on.
  • Uses a new class for generating WAV files which provides more secure audio and the ability to greatly customize the audio functionality in future versions.
  • Fixes a session incompatibility issue that is experienced if you have an active session with a 2.0 version of Securimage and then upgrade to 3.0.

Try the new version on the Securimage Demo Page. Thanks for using Securimge.

Securimage 3.0 Released

Comments Off on Securimage 3.0 Released Written on October 1st, 2011 by
Categories: Posts

Securimage 3.0 has been released which includes many new features, and fixes a vulnerability with mp3 audio files.

New in Securimage 3.0

  • Rewritten for PHP5, version 3.0 is no longer compatible with PHP 4
  • Uses only TTF fonts
  • Supports case-sensitive captcha codes for added security
  • Add namespaces to captchas to support multiple captcha images on a single page
  • Added option to show simple math problems instead of alphanumeric codes
  • Updated to stream wav files for audible captchas
  • Added new noise option for added security
  • Updated license to BSD License

Head to the download page to get the new version now or browse the source on GitHub.

Securimage 3.0’s code validation is backwards compatible with previous versions.

Please report any issues, or feature requests using the contact form.

Thank you for supporting Securimage.