What is reCAPTCHA?
reCAPTCHA is an anti-spam method originating from Carnegie Mellon University which uses CAPTCHAs in a genius way. Instead of randomly generating useless characters which users grow tired of continuosly typing in, risking the possibility that spammers will eventually write sophisticated spam bots which use OCR libraries to read the characters, reCAPTCHA uses a different approach. They effectively kill two birds with one stone.
Digitizing of Books
If you didn’t know, the world is in the process of digitizing books (Even the Library of Congress is too) so that they can last forever as well as become searchable. To digitize the books, Scanners scan the pages of the books resulting in image files. OCR technology is then used to attempt to convert the images to text. Sometimes, however, certain words are illegible to the OCR technology but the good thing is that they know when the technology knows when this happens and can mark the words and put them into a repository. To construct a CAPTCHA, reCAPTCHA takes one of the words from these repositories and couples it with a word they do know, then distorts them some more. When a certain percentage of people type in the same spelling for the unknown word, it is assumed to be correct and sent back to help with the digitization process.
A typical reCAPTCHA form
How is this any better?
This effectively means that users who fill in reCAPTCHA forms can feel good knowing they are contributing to the digitizing of books all over the world, so it gives it a purpose. Also, if Industry Standard OCR Scanners can’t read certain words, add to that the fact that they are further distorted before being added to a CAPTCHA, one can be almost certain that Spam Bots won’t be able to read the CAPTCHAs either, this makes it secure.
reCAPTCHA has many security measures including IP Address Detection to review and potentially block IPs which have solved too many CAPTCHAs in a limited amount of time and adaptive security meaning they can fix bugs if they’re found, as they are found because the CAPTCHAs are generated on their servers (Meaning less load for you as well). But what if someone hosts a reCAPTCHA on their website, collects answers from their visitors and submits the answers to your site? Well that’s why reCAPTCHA uses a key system to authenticate. The keys are domain specific meaning you will need new ones for each domain you want to use reCAPTCHA on (Though this doesn’t apply to sub-domains). There is a public key and private key which are client-side and server-side respectively.
Many popular websites such as Twitter, Facebook, and even certain Government Websites like the TV Converter Box Coupon site are using reCAPTCHA. It is definitely becoming more and more widespread, and the neat thing is that it is accessible to everyone.
MailHide EMail Protection
Another project from reCAPTCHA is email protection. They call it MailHide. MailHide takes email addresses and encrypts them so that it becomes impossible for spam bots to take and add to their spam lists. MailHide generates a link which users click on to reveal the address. Once this link is clicked, they solve a simple reCAPTCHA form and the email is revealed. Email addresses that are hidden by MailHide show up by default like so: myem…@emailserver.com. Users then click on the three dots in the middle, solve the reCAPTCHA form that appears, and the email is revealed. This is just one way of putting reCAPTCHA forms to good use. Google is already using a similar method in their Google Groups site.
WordPress Plugin Features
Some of the many features that the WordPress reCAPTCHA Plugin includes are:
- Choice of reCAPTCHA anti-spam in:
- Comments
- Registration Form
- Language support:
- English
- Dutch
- French
- German
- Portuguese
- Russian
- Spanish
- Turkish
- Themes:
- Red
- White
- Black Glass
- Clean
- XHTML 1.0 Strict Compliance
- Tab Index customization on the comments post form
- HTTPS / SSL Support
- MailHide integration for email address protection. For example: bla...@gmail.com
- mcrypt module detection
- nohide BBCode tags to bypass email address protection
- Option to have admins exempt from reCAPTCHA forms and/or MailHide email protection
- Separate stylesheet for styling purposes (i.e. styling of protected emails)
- Can now work while Akismet is enabled (Though there shouldn’t be a reason to have it enabled while this is)
As if all this weren’t enough, WP-reCAPTCHA is also WordPress MU compatible!
Installation
The installation of the plugin is really simple: Simply download the archive, extract it and upload the recaptcha folder to your wp-content/plugins folder. Finally, activate the plugin in the Administration interface.
First, you will want to upload the wp-recaptcha folder to the mu-plugins folder. Finally you will want to move the wp-recaptcha.php file out of the folder so that it’s directly inside the mu-plugins folder.
Requirements
The only requirements for this plugin are that you get the API keys for reCAPTCHA here and if you plan on using MailHide email protection, get the API keys for that here.
If you plan on using MailHide, you will need to have the mcrypt PHP module loaded (Most servers do).
If you want XHTML 1.0 Compliance you and your users will need to have Javascript enabled. If you would like to have XHTML 1.0 Compliance while having support for non-Javascript users, read this.
Help! I Still See Spam in my Spam Queue!
Please refer to the FAQ.
If you have any problems, you can comment here, make a post on the WordPress Forums with the tag wp-recaptcha, or use the Google Code Issue Tracker.
You can download the latest version of WP-reCAPTCHA from the WordPress Plugin Page.
Yeah I use a delegate too (Using WP-Yadis). You mean you do have your name in your OpenID profile but it’s not being picked up by this right? Do you manually type in your URL as your name? Have you tried not doing that and seeing what happens? By comment info are you referring to something like a reCAPTCHA error? Mind pasting this here? Thanks. I’m trying to help Will Norris with his WP-OpenID plugin.
Here’s the URL I get bounced to when I submit the form with my web site in the URL field.
Sorry for the trouble Chris, the developer of the OpenID is working with me to fix this problem (I’m using the latest revision from his repository). Would you mind checking one more time if OpenID works?
Looks like it worked (assuming this reply goes through as it should)
Yeah it worked. Thanks for helping me test it, I really appreciate it. I finally figured out the revision that worked for me before I updated the copy I had from subversion.
One question, did you only input your openid, or did you also type in your name. The reason I’m asking is because I’m confused as to whether or not the plugin pulls the name from your openid persona automatically.
As for your reCAPTCHA question, I will get to working on that, sorry that it’s until now but I’ve been pretty busy. Thanks for your patience and sorry for the inconvenience!
I\’m going to test without my name (if it will let me). On the previous attempts I put my name in the name box…
If the comment above is without the name, then it worked
Thanks again!
Hey Chris, I had a problem where the comments wouldn’t show up on this page but I’ve got it fixed. Anyways, I was just going to say that I’ve fixed the problem. I suggest you get the latest version (2.9.1). Thanks for your patience man! Sorry again for any inconvenience.
Thanks! I\’ll upgrade and try it out now…
When I activate the plugin, it shows up well below the “Submit” button as well as a couple of other extra options I have installed.
Is there any way to manually position where the reCaptcha box shows up?
I checked this and I see what you’re talking about. If you look at the script, it uses Javascript to place the recaptcha above the submit button, meaning you have to have the same id’s for the form fields as I do. Match the ones here with the ones on your site and make the ones on your site match the ones here, then it should work.
@Blaenk Denum: But they already match… Author | Email | URL | Comment | Submit
Hello. Thanks for creating this plugin. By any chance has anyone run into problems with the plugin when Wordpress isn’t installed in the site root? I’ve updated to the latest version but still get the “fatal error” issue in the admin.
@Janet: Where is your blog, and what exactly is the error, and how do you get it? Right after activating the plugin? After changing some settings around? Which ones? What page are you at when you see the error? Thanks!
Thanks! My whole site is powered by wordpress and the blog iself is at
http://www.janetmartin.ca/blog/
I get the error after attempting to activate the plugin in the plugins section of the admin panel (/wp-admin/plugins.php). The error I get is “Plugin could not be activated because it triggered a fatal error.
This page cannot be displayed…500 error”. The error message appears above my list of plugins. The plugin won’t activate so I haven’t changed any settings.
Not sure if this is relevant but I have wordpress installed in a folder right than in the root.
Hmmm…it shouldn’t matter, but I’ll make sure. Do you happen to has HTTPS/SSL in the administration section of your site?
Thanks for your help. I have an SSL but it’s currently off.
I think it indeed is a problem with the way that you have you blog set up. How did you make it so that it’s on a separate directory, did you simply set a setting someway in WordPress, or did you ‘hack’ it to be that way? Normally it’s through a setting in wordpress, but you said the entire site us using wordpress so it makes me wonder.
Can you open up wp-recaptcha.php for me please? On line 532, change the entire line so that it reads:
Then save it, and see what happens then, when you try to activate it.
Actually what matters seems to be line 48. Make it so that it reads as follows:
In other words, changing the get_option’s argument from siteurl to home. Then let me know how it goes.
If you’re not able to edit wp-recaptcha.php, let me know and I’ll upload one for you to download, it’s quicker if you do it yourself though, if you can that is.
Blaenk: Thanks for the link, and thanks for all your work maintaining this plugin.
MailHide works on posts, but not WP pages. Any way to get it working there?
@Mark Adams: Interesting. This page which you commented on is a page. Do you have a link I can take a look at? Also, have you set your settings the way you wanted them? After you have, clear/flush your cache and do a cold-reload of the page (SHIFT or CTRL + R). It could be that first you had it so that no one can see the emails, viewed a post, then made it so that admins can see the emails, so it looks like it’s messed up but it’s actually the cache. At least, from the information you gave me, that’s the only idea I can come up with haha.
The page is http://mountainbible.net/?p=70
This is site is run on WordPress 2.6.
how to setup for wp-signup.php page ?