WP-reCAPTCHA

recaptcha marking all comments as spam? fix here

this plugin is being rewritten

What is reCAPTCHA?

reCAPTCHA is an anti-spam technology originating from Carnegie Mellon University and recently acquired by Google, which uses CAPTCHAs in a genius way. Instead of randomly generating useless characters which users grow tired of continuosly typing in, risking the possibility that spammers will eventually write sophisticated spam bots which use OCR libraries to read the characters, reCAPTCHA uses a different approach. They effectively kill two birds with one stone.

Digitizing of Literature

If you didn’t know, the world is in the process of digitizing books (Even the Library of Congress is too) so that they can last forever as well as become searchable. To digitize the books, Scanners scan the pages of the books resulting in image files. OCR technology is then used to attempt to convert the images to text. Sometimes, however, certain words are illegible to the OCR technology but the good thing is that the technology knows when this happens and can mark the words and put them into a repository. To construct a CAPTCHA, reCAPTCHA takes one of the words from these repositories and couples it with a word they do know, then distorts them some more. When a certain percentage of people type in the same spelling for the unknown word, it is assumed to be correct and sent back to help with the digitization process.

How is this any better?

This effectively means that users who fill in reCAPTCHA forms can feel good knowing they are contributing to the digitizing of books all over the world, so it gives it a purpose. Also, if Industry Standard OCR Scanners can’t read certain words, add to that the fact that they are further distorted before being added to a CAPTCHA, one can be almost certain that Spam Bots won’t be able to read the CAPTCHAs either, this makes it secure.

reCAPTCHA has many security measures including IP Address Detection to review and potentially block IPs which have solved too many CAPTCHAs in a limited amount of time and adaptive security meaning they can fix bugs if they’re found, as they are found because the CAPTCHAs are generated on their servers (Meaning less load for you as well). But what if someone hosts a reCAPTCHA on their website, collects answers from their visitors and submits the answers to your site? Well that’s why reCAPTCHA uses a key system to authenticate. The keys are domain specific meaning you will need new ones for each domain you want to use reCAPTCHA on (Though this doesn’t apply to sub-domains). There is a public key and private key which are client-side and server-side respectively.

Many popular websites such as Twitter, Facebook, and even certain Government Websites like the TV Converter Box Coupon site are using reCAPTCHA. It is definitely becoming more and more widespread, and the neat thing is that it is accessible to everyone.

Is it working?

Take a look at this page which shows just how accurate and efficient reCAPTCHA is at transcribing literature to electronic form.

If this is so good at stopping spam, why do I see spam on this website?

As was explained earlier, reCAPTCHA is the perfect and undisputed solution for stopping automated spam, which is the majority of the spam out on the Internet. Automated spam consists of scripts or programs which automatically create spam in high volumes and at high speeds. For the aforementioned reasons, automated spam has no way around reCAPTCHA. However, there are other types of spam, where for instance, people are paid (or not paid?) to go around the Internet posting spam manually. Since this spam comes from humans, humans require little effort to submit a reCAPTCHA response.

Every once in a while, such people will encounter this site and post their spam (perhaps for ironic humor). These instances are few and far between compared to the automated spam which is completely blocked by reCAPTCHA. For this reason, this spam can easily be removed by moderators/administrators of the website manually through the WordPress interface. If you would prefer a more automated solution for such spammers, you can try using a heuristics-based spam solution, such as Akismet, in conjunction with reCAPTCHA. reCAPTCHA will stop all automated spam, and Akismet will stop any human-generated spam that might make it past reCAPTCHA.

MailHide Email Protection

Another project from reCAPTCHA is email protection. They call it MailHide. MailHide takes email addresses and encrypts them so that it becomes impossible for spam bots to take and add to their spam lists. MailHide generates a link which users click on to reveal the address. Once this link is clicked, they solve a simple reCAPTCHA form and the email is revealed. Email addresses that are hidden by MailHide show up by default like so: myem…@emailserver.com. Users then click on the three dots in the middle, solve the reCAPTCHA form that appears, and the email is revealed. This is just one way of putting reCAPTCHA forms to good use. Google is already using a similar method in their Google Groups site.

WordPress Plugin Features

Some of the many features that the WordPress reCAPTCHA Plugin includes are:

• Choice of reCAPTCHA anti-spam in:
  • Comments
  • Registration Form
• Language support:
  • English
  • Dutch
  • French
  • German
  • Portuguese
  • Russian
  • Spanish
  • Turkish
• Themes:
  • Red
  • White
  • Black Glass
  • Clean
• XHTML 1.0 Strict Compliance
• Tab Index customization on the comments post form
• HTTPS / SSL Support
• MailHide integration for email address protection. For example: bla...@gmail.com
  • mcrypt module detection
  • nohide BBCode tags to bypass email address protection
• Option to have certain user roles exempt from reCAPTCHA forms and/or MailHide email obfuscation
• Separate stylesheet for additional customization (ex. styling of protected emails)
• Can now work in conjunction with Akismet

As if all this weren’t enough, WP-reCAPTCHA is also WordPress MU compatible!

Installation

You can install this plugin using WordPress’ automatic plugin installer by searching for ‘recaptcha’, or you can install this plugin manually the conventional way.

For instructions on installing on WordPress MU, please refer to the installation page, specifically, look at the Forced Activation section.

Requirements

The only requirements for this plugin are that you get the API keys for reCAPTCHA here and if you plan on using MailHide email protection, get the API keys for that here.

If you plan on using MailHide, you will need to have the mcrypt PHP module loaded (Most servers do).

If you want XHTML 1.0 Compliance you and your users will need to have Javascript enabled. If you would like to have XHTML 1.0 Compliance while having support for non-Javascript users, read this.

Issues

If you have any problems, please refer to the Frequently Asked Questions page. If your problem or question is not addressed there, you are welcome to post a comment here.

If you believe you have found a bug, please do take a minute out of your time to post about it on the issue tracker so that it can be addressed.

Download WP-reCAPTCHA from the WordPress Plugin Repository