What is reCAPTCHA?
reCAPTCHA is an anti-spam method originating from Carnegie Mellon University which uses CAPTCHAs in a genius way. Instead of randomly generating useless characters which users grow tired of continuosly typing in, risking the possibility that spammers will eventually write sophisticated spam bots which use OCR libraries to read the characters, reCAPTCHA uses a different approach. They effectively kill two birds with one stone.
Digitizing of Books
If you didn’t know, the world is in the process of digitizing books (Even the Library of Congress is too) so that they can last forever as well as become searchable. To digitize the books, Scanners scan the pages of the books resulting in image files. OCR technology is then used to attempt to convert the images to text. Sometimes, however, certain words are illegible to the OCR technology but the good thing is that they know when the technology knows when this happens and can mark the words and put them into a repository. To construct a CAPTCHA, reCAPTCHA takes one of the words from these repositories and couples it with a word they do know, then distorts them some more. When a certain percentage of people type in the same spelling for the unknown word, it is assumed to be correct and sent back to help with the digitization process.
A typical reCAPTCHA form
How is this any better?
This effectively means that users who fill in reCAPTCHA forms can feel good knowing they are contributing to the digitizing of books all over the world, so it gives it a purpose. Also, if Industry Standard OCR Scanners can’t read certain words, add to that the fact that they are further distorted before being added to a CAPTCHA, one can be almost certain that Spam Bots won’t be able to read the CAPTCHAs either, this makes it secure.
reCAPTCHA has many security measures including IP Address Detection to review and potentially block IPs which have solved too many CAPTCHAs in a limited amount of time and adaptive security meaning they can fix bugs if they’re found, as they are found because the CAPTCHAs are generated on their servers (Meaning less load for you as well). But what if someone hosts a reCAPTCHA on their website, collects answers from their visitors and submits the answers to your site? Well that’s why reCAPTCHA uses a key system to authenticate. The keys are domain specific meaning you will need new ones for each domain you want to use reCAPTCHA on (Though this doesn’t apply to sub-domains). There is a public key and private key which are client-side and server-side respectively.
Many popular websites such as Twitter, Facebook, and even certain Government Websites like the TV Converter Box Coupon site are using reCAPTCHA. It is definitely becoming more and more widespread, and the neat thing is that it is accessible to everyone.
MailHide EMail Protection
Another project from reCAPTCHA is email protection. They call it MailHide. MailHide takes email addresses and encrypts them so that it becomes impossible for spam bots to take and add to their spam lists. MailHide generates a link which users click on to reveal the address. Once this link is clicked, they solve a simple reCAPTCHA form and the email is revealed. Email addresses that are hidden by MailHide show up by default like so: myem…@emailserver.com. Users then click on the three dots in the middle, solve the reCAPTCHA form that appears, and the email is revealed. This is just one way of putting reCAPTCHA forms to good use. Google is already using a similar method in their Google Groups site.
WordPress Plugin Features
Some of the many features that the WordPress reCAPTCHA Plugin includes are:
- Choice of reCAPTCHA anti-spam in:
- Comments
- Registration Form
- Language support:
- English
- Dutch
- French
- German
- Portuguese
- Russian
- Spanish
- Turkish
- Themes:
- Red
- White
- Black Glass
- Clean
- XHTML 1.0 Strict Compliance
- Tab Index customization on the comments post form
- HTTPS / SSL Support
- MailHide integration for email address protection. For example: bla...@gmail.com
- mcrypt module detection
- nohide BBCode tags to bypass email address protection
- Option to have admins exempt from reCAPTCHA forms and/or MailHide email protection
- Separate stylesheet for styling purposes (i.e. styling of protected emails)
- Can now work while Akismet is enabled (Though there shouldn’t be a reason to have it enabled while this is)
As if all this weren’t enough, WP-reCAPTCHA is also WordPress MU compatible!
Installation
The installation of the plugin is really simple: Simply download the archive, extract it and upload the recaptcha folder to your wp-content/plugins folder. Finally, activate the plugin in the Administration interface.
First, you will want to upload the wp-recaptcha folder to the mu-plugins folder. Finally you will want to move the wp-recaptcha.php file out of the folder so that it’s directly inside the mu-plugins folder.
Requirements
The only requirements for this plugin are that you get the API keys for reCAPTCHA here and if you plan on using MailHide email protection, get the API keys for that here.
If you plan on using MailHide, you will need to have the mcrypt PHP module loaded (Most servers do).
If you want XHTML 1.0 Compliance you and your users will need to have Javascript enabled. If you would like to have XHTML 1.0 Compliance while having support for non-Javascript users, read this.
Help! I Still See Spam in my Spam Queue!
Please refer to the FAQ.
If you have any problems, you can comment here, make a post on the WordPress Forums with the tag wp-recaptcha, or use the Google Code Issue Tracker.
You can download the latest version of WP-reCAPTCHA from the WordPress Plugin Page.
on my website with wordpress 2.6 the recaptcha isn’t showing on the post pages…
can you help me?! thank you…
Can you please post a screenshot of your settings for reCAPTCHA?
Great plugin. One thing is it always sends its admin CSS via HTTP giving mixed content warnings via WP 2.6 with admin SSL.
@Blaenk Denum: I have the same problem as roby. here’s a screenshot: http://farm4.static.flickr.com/3179/2755280592_976c6378f7_o.png
@Richard: Update - sorry about that! The problem was that I thought I could use the same API key for multiple sites, but got it working now! Thanks for the plugin! Robbi =)
Is the plugin working for WPMU 2.6? It was working for WPMU 1.51. But after to upgrading to 2.6. The user cannot sign up.
After clicking the “Sign up” button at step2 of blog registration. It will redirect back to the first step.
However the plugin is working for the comments. Any idea how its not working?
Thanks
the plugin works for my comments, but isn’t displayed on registrations, even though it is enabled for the registration page.
Using WP 2.6 and wp-captcha 2.9.1. Thoughts?
any plans to extend your recaptcha plugin to bbpress, so that you can’t post comments without recaptcha completion?
Ah, i think my prob is that i’m using the Themed Login and Register plugin, which hijacks wp-register.php. Any idea how I can make the recaptcha plugin work there?
http://www.jameskelly.org/wordpress-plugins/custom-login-and-registration-forms-plugin/
Thanks
I take it back, after disabling that plugin and using the standard wp-register.php hook, it still didn’t display the recaptcha form.
I’m stumped.
@Edward:
I have modified the plugin and now works for WPMU 2.6
http://yisheng.wordpress.com/2008/08/14/wp-recaptcha-for-wpmu-26/
I have the same problem as Edward. New users couldnt register and get the message: That reCAPTCHA was incorrect. I have downloaded the modified file but it gives the same result. Can anyone help?
@Martien:
Are you sure its not working? Because the modified one is working in my WPMU 2.6…
@Edward: Yes i am sure. I have deleted and uploaded the plugin and changed the modified file. Again the same message as i pointed before.
I think i am deleting the stuff and find another solution because this isn’t working
Is anybody else having problems with WPMU 2.6? I will investigate.
@Blaenk…yeah, I’m having the same problem. I uploaded and enabled the plugin, but the captcha widget isn’t showing up on my commments entry. However, it is preventing the commments from going through. I’m using WordPress 2.6.1.
Thanks for all the work you’ve put into this!
@Daniel: This is for WPMU 2.6.1? I will make a test install and try and figure out the problem.
This is just for WP. I’m not sure of the difference between WordPress and WordPress MU. I’m just using the default WordPress install on Dreamhost, with a template I customized.
Oh, well in that case do you have a screenshot of your settings? Because I have the exact same set up (Dreamhost, etc.) and it’s working fine apparently. Also could you list any comment related plugins that you have activated?
If that’s the case, then perhaps my customizations to my template have somehow broken the plugin. Let me do some testing with a generic template before I waste your time!
Thanks again for making this available to the public.
No worries. If you still encounter problems, please let me know what your version of your blog, any other plugins that may conflict (Not that necessarily do, but have to do with comments and other anti-spam measures possibly), and a screenshot of your settings for the plugin (With the keys censored if you like).
I installed the plugin but I am still getting spam. I tested it and if you don’t enter the recaptcha and press the submit comment it says no comment but the comment still shows up as spam in the blog. Do I need to change my templates or something?
@Ian Butterworth: You mean in the spam queue in the blog? Like with Akismet? This is normal and is detailed in the FAQ. Hopefully this addresses your issue.
This looks like the very plugin we’ve been looking for, but just installed 2.9.1 on a WP 2.1.2 installation and cannot seem to get the registration filter function to work. That’s to say, the recaptcha box shows up fine (no obvious errors), but I can fill in the reg form and submit successfully without filling in any recaptcha code (new user is created). Any idea what I may have missed? Thank you.