PHP Spam Protection API

Stop PHP Form Spam Without CAPTCHAs

PHP powers 77% of all websites. Most of them still use CAPTCHAs to fight spam. ActiveLayer gives you a smarter option. One API call from your PHP code analyzes content, email, and IP server-side and returns a spam verdict in milliseconds. Works with cURL, Guzzle, or any HTTP client. No JavaScript. No puzzles. No framework required.

Get Spam-Free Forms →

✓ Millisecond response time

✓ 99.5%+ accuracy

✓ Zero CAPTCHAs

✓ 1,000 checks for free

Built by the same team whose software is trusted by 30,000,000+ websites worldwide.

Everything You Need to Eliminate Spam in PHP

No SDK required. No frontend scripts. Just a clean REST API that works with the PHP you already write.

Works With Any PHP Framework

Laravel, Symfony, CodeIgniter, Slim, CakePHP, or no framework at all. ActiveLayer is a standard REST API. If your code can make an HTTP request, it can check for spam.

cURL and Guzzle Support

Use PHP’s built-in cURL functions or the Guzzle HTTP client. No proprietary SDK to install. No dependencies to manage. Pick the HTTP method you already use.

Composer Package Available

Install via Composer for a cleaner integration. Or skip Composer entirely and call the API directly with cURL. Your choice. Both approaches work equally well.

Zero CAPTCHAs

Entirely server-side. Your users never see a puzzle, a checkbox, or a challenge. Your HTML forms stay clean. Your conversion rates stay high.

Millisecond Speed

Spam verdicts return faster than most database queries. Your form submissions process without perceptible delay. Your application stays fast for every visitor.

Shared Hosting Compatible

No shell access required. No background processes. No cron jobs. If your hosting runs PHP with cURL enabled, ActiveLayer works. Perfect for cPanel environments.

Automatic Fallbacks

If ActiveLayer is unreachable, your code handles it gracefully and submissions pass through normally. Your application never breaks because of spam protection.

JSON API Responses

Clean JSON responses with spam verdicts, confidence scores, and detection signals. Parse with `json_decode()` and make decisions in your existing logic.

IP and Email Analysis

ActiveLayer checks content, sender email reputation, and IP signals together. Catches sophisticated spam that honeypots and simple keyword filters miss completely.

Three Steps. Plain PHP. No Framework Required.

From API key to spam-free forms in under ten minutes.

Get Your API Key

Create a free ActiveLayer account and copy your API key. Store it as a constant or environment variable in your PHP configuration. Standard practice for any API integration.

Check Submissions With cURL

Call the ActiveLayer API from your form handler using PHP’s built-in cURL functions. One POST request with the form content, email, and IP address. One JSON response with a spam verdict.

Or Use Guzzle for a Cleaner API

Prefer a modern HTTP client? Use Guzzle for a more readable integration. Install with Composer and call the API with the same parameters.

Why PHP Developers Choose ActiveLayer

Your code stays simple. Your users stay happy. Your spam disappears.

CAPTCHAs Punish Your Users. ActiveLayer Punishes Spam.

reCAPTCHA loads 300KB+ of JavaScript on every page, slowing your site, tracking your visitors, and forcing real people to solve puzzles. ActiveLayer loads nothing on the frontend — zero JavaScript, zero cookies, zero user interaction. The spam check happens entirely on your server when the form is submitted. Your pages load faster, your forms convert better, and your users never know spam protection exists.

cPanel. Shared Hosting. No Problem.

Most PHP spam protection tools require Composer, CLI access, or specific server configurations. ActiveLayer just needs PHP with cURL enabled — available on virtually every host. Upload your files via FTP, add your API key, and spam protection is live. No SSH access, no Composer, no cron jobs, no background workers. If your $5/month shared host runs PHP, ActiveLayer works on it.

Custom CMS. Legacy App. Modern Framework. One Integration.

ActiveLayer is a plain REST API that works identically across your entire PHP portfolio — a custom WordPress plugin today, a legacy PHP 7 app tomorrow, a Slim API next week. Write the cURL integration once and reuse it everywhere, with no framework-specific packages and no version compatibility issues. One API key covers unlimited sites. Stop reconfiguring reCAPTCHA for every project.

From Awesome Motive. Trusted by 30 Million Websites.

ActiveLayer is built by Awesome Motive, the team behind WPForms, AIOSEO, MonsterInsights, OptinMonster, and 20+ products serving 30 million websites. Processing billions of form submissions a year, this is spam protection built by engineers who have fought form spam for over a decade — not a weekend side project. Enterprise-grade reliability with a developer-friendly API. Free to start, predictable pricing when you scale.

Frequently Asked Questions

Have questions about ActiveLayer for PHP? We’ve got answers.

Does ActiveLayer work on shared hosting?

Yes. ActiveLayer only requires PHP with the cURL extension enabled, which is available on virtually every shared hosting plan. No Composer on the server, no CLI access, no cron jobs, no special PHP extensions. If your hosting runs PHP, ActiveLayer works. Upload your files via FTP and you’re done.

What PHP version do I need?

ActiveLayer works with PHP 7.2 and above. The API uses standard cURL functions and `json_decode()` that have been available in PHP for over a decade. If you’re using Guzzle, you’ll need the version compatible with your PHP version. Guzzle 7 requires PHP 7.2+. There are no version-specific API features to worry about.

Do I need Composer to use ActiveLayer?

No. Composer is entirely optional. You can call the ActiveLayer API directly using PHP’s built-in cURL functions with zero dependencies. Composer is only needed if you prefer using the Guzzle HTTP client or want to install the optional ActiveLayer helper package. The cURL approach works on any hosting environment without Composer.

How is this different from using ActiveLayer with WordPress?

The WordPress integration is a plugin you install from the WordPress dashboard. It handles everything automatically: form detection, API calls, spam filtering, and admin UI. The PHP integration described on this page is for custom PHP applications, scripts, and non-WordPress projects where you write the API call yourself. Same API, same accuracy, different integration method.

Will the API call slow down my form submissions?

No. ActiveLayer returns spam verdicts in milliseconds. The total round-trip time depends on your server’s network latency to our API, but it’s typically faster than a database query. Set a 3-second timeout on your cURL or Guzzle call as a safety net. If the API doesn’t respond in time, let the submission through and your users experience zero delay.

Can I use ActiveLayer with Laravel?

Yes, and we have a dedicated [Laravel integration page](/integrations/laravel/) with Laravel-specific code examples using the HTTP facade, middleware, and Form Request validation. If you’re building with Laravel, start there for a more tailored integration guide.

What happens if the ActiveLayer API goes down?

Your application continues working normally. Always wrap your API call in error handling. If cURL returns an error or the response isn’t valid JSON, let the submission pass through. Your forms should never break because of spam protection. The API maintains 99.9%+ uptime, but defensive coding is always the right approach.

Is there a free plan?

Yes. 1,000 spam checks per month, no credit card required. Full API access with no feature restrictions. The free plan uses the same AI models, the same detection accuracy, and the same millisecond response times as paid plans. When you need more volume, upgrade to Pro at $19/month for 25,000 checks. One API key works across unlimited sites and applications.