Code

Conditional CAPTCHA for Wordpress

• Download
• Screenshots
• Changelog
• Demo

Services like Akismet and TypePad AntiSpam are great at detecting spam, but if you get lots of it then you have to trawl through the spam queue in case there are any false positives.

I've written a plugin that provides a user-friendly CAPTCHA complement to these spam detection plugins:

• If a spam detection plugin identifies a comment as spam, it will ask the commenter to complete a simple CAPTCHA.
• If they fail, then the comment will be automatically discarded or trashed (and won't clutter up your spam queue).
• If they pass, it will be allowed into the spam queue (or approved, if you so choose).
• Meanwhile, genuine commenters (i.e., those not flagged by Akismet) will be able to comment on your blog hassle-free, and without CAPTCHAs.

The plugin lets you choose between the default CAPTCHA (a simple text-based test) and reCAPTCHA (this requires getting a free API key). You can style the CAPTCHA page to fit with your theme using CSS. Here is a demo of the CAPTCHA page.

This plugin requires either Akismet or TypePad AntiSpam to be installed and active in order to work. It also requires PHP version 5 or greater.

Available translations: Belorussian, Danish, Dutch, Finnish, French, German, Polish, Russian. More welcome!

If you have any problems or suggestions, you can email me.

Frequently Asked Questions

• I've installed it, now how do I check that it works?

  You can try posting a spammy comment on your blog (make sure you're logged out) to check that it works, and to see what it looks like. Posting a comment with something like [url]somethingsilly[/url] in the body will usually get it flagged by Akismet.

• Does this plugin work with PHP 4?

  No. See the requirements above. Please use it only with PHP 5.0 and above. Please don't email me about PHP errors like this one when you try to install the plugin on a PHP 4 platform:

  Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or 
  T_FUNCTION or T_VAR or '}' in wp-conditional-captcha.php

• Does this plugin work with other comment form modification plugins?

  Conditional CAPTCHA relies on Wordpress' native form handling procedures. This means it will not work with plugins that generate and process their own comment forms. Such plugins include WP AJAX Edit Comments, tdo-miniforms, Backtype and Contact Form 7.

• I'm curious about how the plugin works. At what point is an unanswered CAPTCHA considered a failure, and what happens to the corresponding comment in the meantime?

  Basically the plugin will assume a flagged comment is spam unless a correctly solved CAPTCHA determines otherwise. The process depends partly on what your settings are.

  If the plugin is set to discard failed comments:
  When Akismet flags a comment, the comment is sent (as hidden data) back to the client along with the CAPTCHA (and not stored in the database). When the user submits the CAPTCHA, they resubmit the comment along with it. If the the CAPTCHA is passed, then the comment is added to the database.

  If the plugin is set to trash failed comments:
  When the comment is submitted, it is added to the database and put in the trash. If the CAPTCHA is passed, then the comment is moved to the spam queue (or approved, if your settings are such). If it is not passed (or not submitted at all — as is the case with most spambots), then the comment remains in the trash.

  Incidentally, there is a time limit of 10 minutes for the CAPTCHA to be submitted, otherwise it will be ignored even if it is correct.