After some time I think I have finally finished version 2.8 of the reCAPTCHA WordPress Plugin. Back in January I believe I was contacted by Ben Maurer who works on reCAPTCHA asking me to work on the official reCAPTCHA plugin for WordPress. He asked me this after seeing that I wrote the WP-MailHide plugin. Well I took forever but I finally think I’ve finished. I might have one or two things to add but they should be minimal. I am just posting this here so that people see it and hopefully try it out and tell me what they think.
If you don’t know what reCAPTCHA is, you can read about it here. It is a really genius concept and I encourage you to read it. Basically these guys put meaning into CAPTCHAs. Instead of just randomly generating letters and numbers, they take words that Industry Standard OCR Scanners can’t read and construct the CAPTCHAs with them. One of the words they do know and one they don’t. After a certain complex condition is met (For example after a certain percentage of the people put the same spelling for the same word) the correct spelling is then given to the OCR scanners so that they could finish digitizing the books that they are scanning. So basically this means it is fundamentally (Whatever the opposite of flawed is) … epic? Spam bots that can bypass CAPTCHAs use OCR libraries. If industry level OCR scanners couldn’t read the word, I’m pretty sure these home-made OCR spam bots can’t either. Also, it removes the pain and frustration of having to fill in CAPTCHAs because you know that every word you type is going to a good cause.
Anyways, like I said it took me a while but I think I’m nearly finished if not finished already. The changes that have been made and things that have been fixed can be seen here. I have added a slew of features and options which aren’t meant to confuse the user but hopefully give them more freedom as to how to protect their blog from spammers. Among the many features I’ve implemented, a few are:
- Integrated MailHide into the Plugin. This scans each post that’s about to be viewed for emails and hides them using the MailHide method. More information on the wonderful MailHide technology can be found here. MailHide makes use of the mcrypt PHP module. If the module isn’t loaded, an alert will be displayed and it won’t be enabled.
- Stylesheet for all reCAPTCHA related things ranging from hidden emails, administration options, etc.
- XHTML 1.0 Strict compliant (Or so I believe, according to the validator. If you see otherwise please tell me)
- Ability to turn off reCAPTCHA and/or MailHide for Admins
- Ability to choose from different Languages and Themes
- New improved regular expressions for matching of all types of email addresses (For MailHide)
- Special nohide tags (BBCode Format, with []’s surrounding them) will allow one to bypass MailHide if they really want to directly show an email.
- Ability to add reCAPTCHA to the registration form.
- Fixed Akismet conflicts. Now, according to my tests, failed reCAPTCHA’s won’t equate to spam and therefor won’t be added to the Akismet Spam queue (No more ‘why am I still getting spam?’ questions).
Here are a few examples demonstrating MailHide:
test...@haha.com
This is a hyperlink with a plaintext email in the href
This is a hyperlink with a mailto: email in the href
The following are the same emails but won’t be hidden thanks to the nohide tags:
testing@haha.com
This is a hyperlink with a plaintext email in the href
This is a hyperlink with a mailto: email in the href
I would definitely like you guys to try it out and let me know what you think. Following are some screenshots, the download link is at the bottom:
Download the Official reCAPTCHA WordPress Plugin 2.8 Release Candidate 1 Plugin here.
I’ve FINALLY figured out how to get LightWindow automatically work with images that are posted using WordPress 2.5.1’s TinyMCE/GUI media uploader.
Anyways I think it’s working fine now, and it should supposedly also work with galleries. The solution took forever to figure out but it the implementation is actually really simple. One downfall is the fact that core files must be edited, meaning that with every update, the changes will have to be re-applied unless they come up with a simpler way of fixing this (There probbly already is but I’m just not that ‘pro’, I didn’t see anything though). But like I said the fixes are really easy so it shouldn’t be a problem (Even less if your host automatically updates WordPress for you when you want it to and backs up your previous installation, then you could simply copy+paste).
The fix involves just one file, wp-admin/wp-includes/media.php. Go to function get_image_send_to_editor which is around line 51. Now you’ll see this:
58
| $html = "<a href='".attribute_escape($url)."'$rel>$html</a>"; |
You are merely going to change it to be like this:
58
| $html = "<a caption='$alt' title='$title' class='lightwindow' href='".attribute_escape($url)."'$rel>$html</a>"; |
This will make it so that the values you enter when you edit the uploaded image’s information such as caption, title, etc. and it will show up in the image when it is clicked on. The lightwindow class is also added to the link which will make LightWindow know that it is going to be used for that image.
Anyways I hope this works for you! It was a hassle writing this post because I had to insert some code (I don’t even know if it’ll show up correctly yet) and I had to keep switching between Visual and HTML tabs with Visual always screwing everything up. Next objective is to find out a way to post this code without having this hassle, maybe through some type of custom TinyMCE button or something…
As I mentioned in the previous post, WordPress 2.5 changed the way it hashes passwords and stores cookies. Due to this, pretty much all of the integration bridges between WordPress 2.5 and other software are broken. The most popular and I think best bridge (If not only) between phpBB2 and phpBB3 to WordPress is WP-United. Unfortunately, the author hasn’t been on the site since last December (Which happened to be the last time there was a release too.). It’s a pity if this project has been abandoned (Which seems likely), because it really was, undeniable, the best if not only integration bridge between the phpBB forums and WordPress. It wasn’t a hackish attempt either, it was very complete with an administration interface and all.
Anyways, the good thing is that the site is still up, and people help each other out on the forums a lot. Amidst the confusion of WP 2.5 not working with phpBB, zujik was kind enough to investigate and eventually fix the problem. He was also kind enough to share his fix with everyone. You can find it here. Unlike other ‘fixes’, such as the one for Vanilla, this fix makes use of the new security measures in WordPress, meaning you don’t have to install the MD5 Password Hashes plugin to revert to the old hashing method. The fix is quick and easy. I did, however, have to do the whole ‘Forgot Password’ procedure for the changes to take effect. This means that after you apply the fix and you log in, the same problem will happen. So what you do is go to the WordPress login page, which is your url + /wp-login.php. Instead of logging in, click on “Lost your password?”. When it asks you can either give it your username of email. Submit it and you’ll get an email for further instruction. Anyways, once this is all done you will be able to continue logging in as usual.
If you’re installing WP-United for the first time, I suggest you first modify the files as detailed in the fix, then go through the installation procedure.
As you can see, I have WordPress and Vanilla integrated on my site. So when you create an account on this blog, you can use the same account to post on the forums (Not like they’re used much…yet). A developer for WordPress wrote up a guide on integrating both here. This was all great but with WordPress 2.5 there are enhanced security measures: salted password hashes with phpass and encrypts cookies.
So naturally this broke the integration. Foreseeing problems such as these, someone developed a plugin which reverts the password hashing method to the old plain MD5 hashing (i.e. sans salting). After installing this, it allowed me to log into the forums with my account, but that’s the problem, I have to login. With the old integration method I would just go to the forums and I would be logged in. So now the problem was adapting to the new cookie system.
So anyways, practically the same day that WordPress 2.5 came out I posted on the Vanilla Official Forum. I had a few people who also wanted this fix so it picked up (I also have a friend, SirNot or Nick E., who is a developer for Vanilla and has written many immensely popular plugins for it). micz was able to modify the People.Class.WordpressAuthenticator.php file which handled the authentication for WordPress, everything works fine now. I did have to go to wp-config.php though and define a SECRET_KEY. For some reason I didn’t have that in there already but wp-config-sample.php had it so I just did it the way it did it, do something like this if you don’t have it:
1
| define('SECRET_KEY', 'lolwtf1337hahaomghehethisislong'); |
Yes, just random stuff. Anyways, after you do that, then go to conf/database.php and define this:
1
| $Configuration['WP_SECRET_KEY'] = 'lolwtf1337hahaomghehethisislong'; |
Notice that the key is the same as in the wp-config.php file. Once you’re done doing this, you’ll have to re-login to WordPress. Once you’re done with that, go to your forum and you should be set.
If you’re doing this for the first time you will want to do everything in the integration guide first, then do what I mention here.
