What is reCAPTCHA?
reCAPTCHA is an anti-spam method originating from Carnegie Mellon University which uses CAPTCHAs in a genius way. Instead of randomly generating useless characters which users grow tired of continuosly typing in, risking the possibility that spammers will eventually write sophisticated spam bots which use OCR libraries to read the characters, reCAPTCHA uses a different approach. They effectively kill two birds with one stone.
Digitizing of Books
If you didn’t know, the world is in the process of digitizing books (Even the Library of Congress is too) so that they can last forever as well as become searchable. To digitize the books, Scanners scan the pages of the books resulting in image files. OCR technology is then used to attempt to convert the images to text. Sometimes, however, certain words are illegible to the OCR technology but the good thing is that they know when the technology knows when this happens and can mark the words and put them into a repository. To construct a CAPTCHA, reCAPTCHA takes one of the words from these repositories and couples it with a word they do know, then distorts them some more. When a certain percentage of people type in the same spelling for the unknown word, it is assumed to be correct and sent back to help with the digitization process.
A typical reCAPTCHA form
How is this any better?
This effectively means that users who fill in reCAPTCHA forms can feel good knowing they are contributing to the digitizing of books all over the world, so it gives it a purpose. Also, if Industry Standard OCR Scanners can’t read certain words, add to that the fact that they are further distorted before being added to a CAPTCHA, one can be almost certain that Spam Bots won’t be able to read the CAPTCHAs either, this makes it secure.
reCAPTCHA has many security measures including IP Address Detection to review and potentially block IPs which have solved too many CAPTCHAs in a limited amount of time and adaptive security meaning they can fix bugs if they’re found, as they are found because the CAPTCHAs are generated on their servers (Meaning less load for you as well). But what if someone hosts a reCAPTCHA on their website, collects answers from their visitors and submits the answers to your site? Well that’s why reCAPTCHA uses a key system to authenticate. The keys are domain specific meaning you will need new ones for each domain you want to use reCAPTCHA on (Though this doesn’t apply to sub-domains). There is a public key and private key which are client-side and server-side respectively.
Many popular websites such as Twitter, Facebook, and even certain Government Websites like the TV Converter Box Coupon site are using reCAPTCHA. It is definitely becoming more and more widespread, and the neat thing is that it is accessible to everyone.
MailHide EMail Protection
Another project from reCAPTCHA is email protection. They call it MailHide. MailHide takes email addresses and encrypts them so that it becomes impossible for spam bots to take and add to their spam lists. MailHide generates a link which users click on to reveal the address. Once this link is clicked, they solve a simple reCAPTCHA form and the email is revealed. Email addresses that are hidden by MailHide show up by default like so: myem…@emailserver.com. Users then click on the three dots in the middle, solve the reCAPTCHA form that appears, and the email is revealed. This is just one way of putting reCAPTCHA forms to good use. Google is already using a similar method in their Google Groups site.
WordPress Plugin Features
Some of the many features that the WordPress reCAPTCHA Plugin includes are:
- Choice of reCAPTCHA anti-spam in:
- Comments
- Registration Form
- Language support:
- English
- Dutch
- French
- German
- Portuguese
- Russian
- Spanish
- Turkish
- Themes:
- Red
- White
- Black Glass
- Clean
- XHTML 1.0 Strict Compliance
- Tab Index customization on the comments post form
- HTTPS / SSL Support
- MailHide integration for email address protection. For example: bla...@gmail.com
- mcrypt module detection
- nohide BBCode tags to bypass email address protection
- Option to have admins exempt from reCAPTCHA forms and/or MailHide email protection
- Separate stylesheet for styling purposes (i.e. styling of protected emails)
- Can now work while Akismet is enabled (Though there shouldn’t be a reason to have it enabled while this is)
As if all this weren’t enough, WP-reCAPTCHA is also WordPress MU compatible!
Installation
The installation of the plugin is really simple: Simply download the archive, extract it and upload the recaptcha folder to your wp-content/plugins folder. Finally, activate the plugin in the Administration interface.
First, you will want to upload the wp-recaptcha folder to the mu-plugins folder. Finally you will want to move the wp-recaptcha.php file out of the folder so that it’s directly inside the mu-plugins folder.
Requirements
The only requirements for this plugin are that you get the API keys for reCAPTCHA here and if you plan on using MailHide email protection, get the API keys for that here.
If you plan on using MailHide, you will need to have the mcrypt PHP module loaded (Most servers do).
If you want XHTML 1.0 Compliance you and your users will need to have Javascript enabled. If you would like to have XHTML 1.0 Compliance while having support for non-Javascript users, read this.
Help! I Still See Spam in my Spam Queue!
Please refer to the FAQ.
If you have any problems, you can comment here, make a post on the WordPress Forums with the tag wp-recaptcha, or use the Google Code Issue Tracker.
You can download the latest version of WP-reCAPTCHA from the WordPress Plugin Page.
when i tried re-captcha plugin on WPMU new versions i got the same very serious problem everyone using it with WPMU faced, the user is redirected to the first page of signup process.
it has been months now and the problem hasn’t been solved… please help
@Fouad Fakhreldeen: I am working on fixing that problem. There isn’t much WPMU Documentation so I’m at loss as to what is causing the problem. Rest assured though, I am working on fixing that problem and will try and do so as quickly as possible.
I have noticed though that the User Registration does work fine, it’s just the blog registration that doesn’t.
Hi my friend
I was using WP 2.6.2 and time after I visited my Fantastico Installer and He recomend me an update from wp 2.6.2 to wp 2.6.3 and how its automatic I press the button and WP update automatically.
I used to work in Firefox and there I dont see any problem with my blog, but when I checked the blog in Iexplorer 7 and 6, its crashed, its say Operation Cancelled, and return me a dnserror.html (found it in system32 and so on)
I desactivated the plug-in and its work great, can you help me?
Hi I have found in google thats sitemeter have the same problem, and its because the javascript load before charge the page, and I need to add defer=defer to the start of javascript, but how can i do thats with wp-reCaptcha to wordpress?
Alright guys, I am very sorry for the time it has taken to get the issues fixed but most of them are fixed now. There should be a new release soon if not tomorrow. The main issues fixed are the WPMU signup redirection issue and I’ve also added options for replacing the hidden emails in different ways.
As for those of you with WP 2.6.3 problems (Non-WPMU), please restate your problems as specifically as you can so that I can debug them better, as of now it can be many different things that are causing the problem.
Hi - I just installed the plugin, and it seems to be working, (i.e. I can’t post a comment unless I fill in the captcha fields), but I’m still getting spam… Most of it seems to be from web addresses that end in “/map.html” (e.g. newhelpguy.com/map.html )
Any ideas about what’s going on? The only issue I thought that might be doing this is that I have an older version of Akismet (2.1.3) rather than the latest 2.2.1.
@Mike: Alright look, no offense to you or anything but this has been asked countless times. You AREN’T getting spam, the thing is that the comment gets checked by Akismet whether or not it gets stopped by reCAPTCHA. So say a spam bot is spamming you, each comment it sends gets checked by Akismet before reCAPTCHA notices it’s spam and discards it. This means it gets stored in the spam queue of Akismet, but you aren’t getting spam.
When you have Akismet + reCAPTCHA running, think of the spam queue as a ‘what comments have been marked as spam by reCAPTCHA’ queue instead. All in all, Akismet really isn’t necessary when running reCAPTCHA. You should try it for yourself once. This will save you the confusion and you will free up some resources on your server.
The only spam that could still get through if you only have reCAPTCHA running is human spam, meaning some human manually filled out the CAPTCHA and spammed you, but this is really rare as humans must be hired to do such a task, not to mention it would be very slow. If for whatever reason you do encounter spam with reCAPTCHA running by itself then it means this is happening, then you can run Akismet to take care of the problem.
@gharbeia: It has been fixed for 2.9.2. The thing is that people registering with OpenID will still have to fill in the reCAPTCHA.
Thanks for the clarification - no offense taken. I had looked through the comments (and google), but didn’t see this explanation. Also, if so many people don’t get that this is how reCAPTCHA functions with Akismet, maybe it would be worthwhile putting it in the Faq or Other Notes description of the plugin - just an idea.
Yeah I will definitely add it to the FAQ on the WordPress Plugin page, I had thought it was already there, no wonder. It’s been at the official reCAPTCHA site but I understand that more people look at the WordPress Plugin page instead.
Glad everything is cleared up and expect to see those clarifications in the new version’s FAQ which should be coming up as soon as I clarify one last conflict with the OpenID plugin.
Blaenk wrote:
Any news?.
Thanks for your great job!.
Everything is fixed and I submitted version 2.9.2 to the WordPress Plugin Database, waiting for it to apply.
Thanks Blaenk! your work highly appreciated
@sk: You are very welcome
Muchas gracias por la ultima version del plugins de Recaptcha me soluciono y logre activar el recaptcha.
Excelente !!
Juan Carlos
@Juan: De nada, que bueno que te sirvió.