What is reCAPTCHA?
reCAPTCHA is an anti-spam method originating from Carnegie Mellon University which uses CAPTCHAs in a genius way. Instead of randomly generating useless characters which users grow tired of continuosly typing in, risking the possibility that spammers will eventually write sophisticated spam bots which use OCR libraries to read the characters, reCAPTCHA uses a different approach. They effectively kill two birds with one stone.
Digitizing of Books
If you didn’t know, the world is in the process of digitizing books (Even the Library of Congress is too) so that they can last forever as well as become searchable. To digitize the books, Scanners scan the pages of the books resulting in image files. OCR technology is then used to attempt to convert the images to text. Sometimes, however, certain words are illegible to the OCR technology but the good thing is that they know when the technology knows when this happens and can mark the words and put them into a repository. To construct a CAPTCHA, reCAPTCHA takes one of the words from these repositories and couples it with a word they do know, then distorts them some more. When a certain percentage of people type in the same spelling for the unknown word, it is assumed to be correct and sent back to help with the digitization process.
A typical reCAPTCHA form
How is this any better?
This effectively means that users who fill in reCAPTCHA forms can feel good knowing they are contributing to the digitizing of books all over the world, so it gives it a purpose. Also, if Industry Standard OCR Scanners can’t read certain words, add to that the fact that they are further distorted before being added to a CAPTCHA, one can be almost certain that Spam Bots won’t be able to read the CAPTCHAs either, this makes it secure.
reCAPTCHA has many security measures including IP Address Detection to review and potentially block IPs which have solved too many CAPTCHAs in a limited amount of time and adaptive security meaning they can fix bugs if they’re found, as they are found because the CAPTCHAs are generated on their servers (Meaning less load for you as well). But what if someone hosts a reCAPTCHA on their website, collects answers from their visitors and submits the answers to your site? Well that’s why reCAPTCHA uses a key system to authenticate. The keys are domain specific meaning you will need new ones for each domain you want to use reCAPTCHA on (Though this doesn’t apply to sub-domains). There is a public key and private key which are client-side and server-side respectively.
Many popular websites such as Twitter, Facebook, and even certain Government Websites like the TV Converter Box Coupon site are using reCAPTCHA. It is definitely becoming more and more widespread, and the neat thing is that it is accessible to everyone.
MailHide EMail Protection
Another project from reCAPTCHA is email protection. They call it MailHide. MailHide takes email addresses and encrypts them so that it becomes impossible for spam bots to take and add to their spam lists. MailHide generates a link which users click on to reveal the address. Once this link is clicked, they solve a simple reCAPTCHA form and the email is revealed. Email addresses that are hidden by MailHide show up by default like so: myem…@emailserver.com. Users then click on the three dots in the middle, solve the reCAPTCHA form that appears, and the email is revealed. This is just one way of putting reCAPTCHA forms to good use. Google is already using a similar method in their Google Groups site.
WordPress Plugin Features
Some of the many features that the WordPress reCAPTCHA Plugin includes are:
- Choice of reCAPTCHA anti-spam in:
- Comments
- Registration Form
- Language support:
- English
- Dutch
- French
- German
- Portuguese
- Russian
- Spanish
- Turkish
- Themes:
- Red
- White
- Black Glass
- Clean
- XHTML 1.0 Strict Compliance
- Tab Index customization on the comments post form
- HTTPS / SSL Support
- MailHide integration for email address protection. For example: bla...@gmail.com
- mcrypt module detection
- nohide BBCode tags to bypass email address protection
- Option to have admins exempt from reCAPTCHA forms and/or MailHide email protection
- Separate stylesheet for styling purposes (i.e. styling of protected emails)
- Can now work while Akismet is enabled (Though there shouldn’t be a reason to have it enabled while this is)
As if all this weren’t enough, WP-reCAPTCHA is also WordPress MU compatible!
Installation
The installation of the plugin is really simple: Simply download the archive, extract it and upload the recaptcha folder to your wp-content/plugins folder. Finally, activate the plugin in the Administration interface.
First, you will want to upload the wp-recaptcha folder to the mu-plugins folder. Finally you will want to move the wp-recaptcha.php file out of the folder so that it’s directly inside the mu-plugins folder.
Requirements
The only requirements for this plugin are that you get the API keys for reCAPTCHA here and if you plan on using MailHide email protection, get the API keys for that here.
If you plan on using MailHide, you will need to have the mcrypt PHP module loaded (Most servers do).
If you want XHTML 1.0 Compliance you and your users will need to have Javascript enabled. If you would like to have XHTML 1.0 Compliance while having support for non-Javascript users, read this.
Help! I Still See Spam in my Spam Queue!
Please refer to the FAQ.
If you have any problems, you can comment here, make a post on the WordPress Forums with the tag wp-recaptcha, or use the Google Code Issue Tracker.
You can download the latest version of WP-reCAPTCHA from the WordPress Plugin Page.
thanks for the wonderful plugin
i’m testing it now on a couple of my sites - Single WP installation -
but i really wish if you guys can make this plugin to work with registration form on WordPress MU -multi user-
it will be a wonderful add to your plugin
thanks
Yeah, that’s been requested. I’d first have to see what that involves however, I don’t really know what the differences are or anything. I’ll keep that in mind for version 2.9. Thanks for input fouad fakhr.
Hello,
Im having some trouble with a wp-recaptcha in a wordpress-mu site,
i modify the code to force the users, and the main blog can use correctly the captcha, but the users still see the message: To use reCAPTCHA you must get an API key from http://recaptcha.net/api/getkey
Do you have any idea where the problem can be?
can see in http://www.acuablogs.com and user in : http://test01.acuablogs.com/2008/06/06/hola-mundo/#comments
Thank you very much for your jobs and efforts.
I see what you mean, I believe it has to do with the fact that options are blog-specific so even though the keys are already in the options, they can’t get accessed by the child blogs…hmmm…I’ll have to figure this one out. Thanks for letting me know, I’ll keep you updated.
@stephenchow: I’ve fixed that problem. You should get the latest version 2.8.4 and follow the new installation instructions. Everything should work now, let me know if you have any other questions, problems, suggestions, whatever.
thanks Blaenk for your help and time to make your awesome wp-recaptcha plugin a wpmu compatible
you saved alot of our time and effort fighting sblogs
thanks again
So I’m assuming it works now? Can you please reply in wmudev.org and in mu.wordpress.org forums so that people know that it works now? Thanks!
Hmmm… I just saw your blog at http://egmedicine.com/wp-signup.php and the recaptcha still shows up above the form, and it shouldn’t. As you can see on mine ( http://test.blaenkdenum.com/wp-signup.php , if the site is down, try again later ), it shows up where it should go. Are you sure you’ve deleted everything and started over? I suggest you delete any wp-recaptcha things you have on your server (any folders, files, whatever) and then re-download and re-install 2.8.4, that should fix any problems.
Sweet, it looks like it’s working perfectly now. Thanks for helping me perfect the plugin!
Dear BlaenkDenum. I’ve installed reCaptcha plugin at http://www.waroeng.org. The comment was ok, but the reCptcha was not showup for registration. What’s wrong with that.
semplon wrote:
Where did you install, /plugins or /mu-plugins? Did you enable the CAPTCHA on the registration page in the settings? Have you flushed the Super Cache and seen if the changes take effect?
Dear Denum, i’ve install it at /plugins and /mu-plugins, but both of it cannot display RC at registration page. and i’ve delete the super cache too. the resukt is the same. i’ve enable the captcha on the registration page too.
You can’t install it in both places, you have to choose either one (As far as I know). Are you using a custom theme for WordPress MU? What version of WP-reCAPTCHA are you using? Also, you mentioned having it installed in both mu-plugins as well as plugins/, for it to appear on the registration form, it has to be in mu-plugins and you have to change the settings at Site Admin > reCAPTCHA. Would you mind taking a screenshot of the settings page for me to look at as well? I hope to help solve your problem.
@Blaenk Denum: Thank you very much, now it s working under users blogs perfectly.
@stephenchow: You’re welcome.
Hi,
It’s a cool plugin. I was wondering if I could apply this to a contact form. What needs to be done in order to achieve this?
Eddy
Eddy De Clercq wrote:
You can do that easily. Given that your contact form is handled with a server side language, you can use one of many reCAPTCHA Libraries to add reCAPTCHA Anti-Spam support to the form. If you need any help, I suggest you ask in the reCAPTCHA Mailing List.
Blaenk Denum wrote:
I was looking for a solution in WP and I never wrote a plugin
Well it’s besides the fact that it’s WP, since WP is just PHP anyways, and considering that no plugin that I can think of can adapt reCAPTCHA to any custom form that you have, then you will have to do it the way described above, manually.
the admin screen isn’t centered, ad the two tables are moved on the left. i’m using wp 2.5.1. the rest is ok, even if I can’t get mailhide to work with my hosting…
I\’ve tried this on two different WP 2.5.1 (up to date with SVN) blogs and encountered the same fatal error when trying to activate:
Parse error: syntax error, unexpected $end in /users/home/chrisl/web/public/wp-content/plugins/wp-recaptcha/wp-recaptcha.php on line 793
I tried the 2.8.4 version just to test and got the same error on a different line. Any advice?
Also, what plugin(s) are you using for your comment replies/quotes/threads? I like it…
Chris Lott wrote:
I’ve heard about that problem before, I will investigate, sorry for the inconvenience. I know that you downloaded it from wordpress.org/extend/plugins right? But can you please somehow supply me with the entire wp-recaptcha.php file? You can either paste the entire contents into my pastebin or upload it to somewhere that’s accessible by me. Thank you!
Chris Lott wrote:
Thanks! Glad you did. I don’t have any threaded comments, my reply is self-made (Took me a while to get it right) and the quoting is done thanks to the wonderful Quoter plugin.
Infinite Project wrote:
So everything else is fine? The styling on registration form is fine too? If you have it enabled on the registration form that is. How about when you get the CAPTCHA wrong, does the notification display correctly? (It should be above the reCAPTCHA form when the page reloads). Where do you have the plugin installed, plugins/wp-recaptcha? Are you on WPMU?
Not sure if that last post went through– I put the code for wp-recaptcha.php (downloaded from here in your pastebin
[for some reason I couldn't post my reply using the OpenID, even though it remembered me!]
Oh, it might be because I updated the wp-openid plugin to a newer revision, in hopes that it would fix the unnecessary escaping of apostrophes that OpenID posters have been having. I’m also going to have to add in a check to see when people put a URL as their name because it’s annoying.
Thanks, I’ll look into it. It seems like it’s a problem with scopes or something, as if it think that the end shouldn’t be there or something. It’s probably your PHP settings, I will investigate further and keep you updated.
@Blaenk Denum:
I’m pretty new to OpenID and am using the steps recommended by Sam Ruby to use my own domain as a delegate… what’s irritating is that I do have my name and such in my profile, but it is only picked up properly by some apps.
Also, I noticed that it reached my OpenID server and then bounced me back to your front page with the comment info (I can test and show you specifically what I got) rather than to this post…