Can You Break a WordPress CAPTCHA in 15 Minutes with Machine Learning?
This tutorial shows how to generate a labeled dataset from the open‑source WordPress "Really Simple CAPTCHA" plugin, train a lightweight convolutional neural network using Python, OpenCV, Keras and TensorFlow, and decode real captchas within fifteen minutes, demonstrating the power of modern computer‑vision techniques.
Introduction
Everyone hates captchas, but with deep learning they can be broken. Inspired by Adrian Rosebrock’s book, we target the open‑source WordPress plugin “Really Simple CAPTCHA”, which generates four‑letter images and has over one million active installations.
Challenge Goal
Can we break this plugin in 15 minutes? The plan is to create a large labeled dataset, train a neural network, and then use the model to decode real captchas.
Tools
Python 3
OpenCV for image processing
Keras with TensorFlow backend for deep learning
Dataset Creation
By modifying the plugin we saved 10 000 PNG captcha images, each named with its correct answer.
The plugin’s PHP source confirms that each captcha consists of four random letters drawn from a set of 32 characters, avoiding “O” and “I”.
Preparing the Training Set
We generated the 10 000 images and stored them in a folder where each file name is the correct answer.
Splitting Captchas into Individual Letters
Using OpenCV we convert each captcha to a binary image, then apply findContours() to locate connected pixel regions (contours).
Each contour is saved as a separate image. When a contour’s width exceeds its height (indicating two overlapping letters) we split it in half.
Neural Network Architecture
A simple CNN with two convolutional layers followed by two fully‑connected layers is sufficient for single‑letter recognition.
Model Definition (Keras)
Training
Training for ten epochs on the 10 000‑image dataset yields near‑100 % accuracy.
Decoding Real Captchas
To break a live captcha we:
Fetch the captcha image from a site using the plugin.
Split it into four single‑letter images using the same contour method.
Run each letter through the trained network to obtain predictions.
Combine the four predictions to form the answer.
The model successfully decodes real captchas, as shown below.
Command‑line usage produces the same result.
Get the Code
The full code, the 10 000 example images, and a README with execution instructions are available in the linked repository.
English original: https://ogmcsrgk5.qnssl.com/vcdn/1/%E4%BC%98%E8%B4%A8%E6%96%87%E7%AB%A0%E9%95%BF%E5%9B%BE/how-to-break-a-captcha-system-in-15-minutes-with-machine-learning-dbebb035a710.png Translator: Zhejiang South Bacterium
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.