Today computer and the internet play an important role in our daily life. We have shown highly remarkable of automated behavior that is criminal in violation of terms of services such as auto sharing or send friend request. SO, CAPTCHA is used for protecting webpages against automated programs which are called bots. It is providing challenge response tests that determine whether or not the users are human or bot. It contains various contorted letters that are difficult for attacker's bots, but easy for humans. Since there are a lot of services on the internet, for example (email, social network, search engine) which allow users to register, during registration, some attackers write malicious programs that make website resources damaged by making automated software which is called (Bots). Many research developed more techniques to prevent accessing web resources by spammers. This paper introduces a new mechanism of CAPTCHA approach using extended finite automata (XFA) for securing web pages and online social networks against a new breed of bots. The XFA CAPTCHA is a CAPTCHA based on image which generates its tests using the automata Graph technique. The result of our research evidence that the mechanism of XFA CAPTCHA is effective in terms of security and usability respectively. As a result of that, it improved the rate of efficiency by 97.8%, the time for solving is around 20 seconds, and the value the probability of success rate for speculation attack is decreased to 1.03% in average. When compared to other CAPTCHAs, the XFA CAPTCHA is a strong competitor in terms of security and usability function.