New: GDPR-friendly spam protection with Prosopo

Published on by

Version 4.9.19, released last week, adds integration with Prosopo — a CAPTCHA solution built specifically with privacy and GDPR compliance in mind. It’s the first built-in anti-spam option we’ve offered since removing the Google reCAPTCHA integration earlier this year.

Why Prosopo

The reason we removed reCAPTCHA wasn’t that CAPTCHAs are useless — it’s that reCAPTCHA specifically comes with privacy trade-offs that are hard to square with GDPR. It runs across your entire site, tracks visitor behaviour, and sends data to Google servers. For many sites, that means an extra entry in your cookie consent notice and potential compliance headaches.

Prosopo works differently. It analyses form submissions without persistent cross-site tracking, uses infrastructure based in Europe, and is designed from the ground up to be GDPR-compliant out of the box. You don’t need to add it to your cookie consent banner.

How to enable it

  1. Create a free account at prosopo.io
  2. Generate an API key from your Prosopo dashboard
  3. Go to Mailchimp for WP → Forms, open the form you want to protect, and navigate to the Settings tab
  4. Enter your Prosopo API key in the anti-spam section

Prosopo works alongside the plugin’s existing honeypot field, so you get two layers of protection without any disruption to legitimate visitors.

Thanks to Maxim Akimov for contributing this integration.

What about the honeypot?

The built-in honeypot catches most automated bot sign-ups without any configuration and without adding any friction for real visitors. For the majority of sites, it’s still the right first line of defence. Prosopo is worth adding if you’re seeing bots slip through, or if you want active CAPTCHA protection without the Google dependency.

As always, double opt-in remains the most reliable way to ensure only real people end up on your list.