Conditional Captcha for WordPress
Since I recently upgraded a bunch of WordPress blogs, the little SimpleCAPTCHA plugin stopped working. Oh, it displayed alright, but no matter what characters were typed into the captcha box, the comment would go through. And so, the comment spam increased and, even though we have comment moderation turned on, it was annoying to see piles of nonsense in my spam queue.
Earlier on, I'd been using various techniques to block comment spam, but they were a hassle and needed to be updated fairly often. Then I installed a captcha. I'd of course heard that spammers can get around captchas, and maybe they can, but my experience since first installing captchas has been that it pretty much stops the spam cold. Whereas I'd get dozens of spam blog comments a day (remember, I've worked to block them), after installing the captchas, I got one or two a month.
Now, I know that Akismet works great and I use it, but I don't like to see spam in my WP spam queue at all.
So I tried a bunch of "new" captchas, but each had its own problems. The main problem seemed to be due to the fact that I'd password-protected the wp-admin folder. For example, one captcha plugin was great (and the characters were easier to read, and it even had a audio function that would read the characters to you), but if you typed the wrong characters into the box, suddenly you got a window requesting that you log in; yep, to the admin area. While this isn't the worst thing in the world, I imagine that it would be pretty confusing, if not threatening, to most users.
So, after I upgraded our server to PHP5, I tried Conditional CAPTCHA. According to the plugin writer, Conditional CAPTCHA does not present a captcha in the comment section for every would-be commenter to fill in. Instead, there's no captcha — but when the comment is submitted, Conditional CAPTCHA checks it against Akismet's database and, if that commenter's information is in the Akismet database, only then does it present a captcha. This is pretty ingenious.
I did a little testing and found that (a) typing the wrong information into the Conditional CAPTCHA box blocks the comment from being accepted, (b) as does typing no information (leaving it blank). And no untoward requests to log in!
Lastly, you can do a bit of configuring of Conditional CAPTCHA in the WP admin area — for example, you can set it to send identified spam comments to the Trash, or to delete them cold.
So far, so good. Yes, I know Akismet occasionally gives false positives. But, so far, it's working. And I far prefer not to penalize innocent commenters with the task of trying to read captchas, and only testing those that fall into the Akismet database.
Not perfect. And I guess I'll see if I get a bunch of hate email from legitimate commenters. :)
7 Comments to "Conditional Captcha for WordPress"
Have your say ...
First-time comments will be held for moderation (but comments are appreciated). Otherwise, just be courteous. If your name is a bunch of keywords, your comment will be deleted. Don't post links unless highly pertinent. Posters must be 16 or older.