Conditional CAPTCHA for WordPress

Akismet is great at detecting spam, but if you get lots of it then you have to trawl through the spam queue in case there are any false positives.

I’ve written a plugin that provides a user-friendly CAPTCHA complement to Akismet:

• If Akismet identifies a comment as spam, it will ask the commenter to complete a simple CAPTCHA.
• If they fail, then the comment will be automatically discarded or trashed (and won’t clutter up your spam queue).
• If they pass, it will be allowed into the spam queue (or approved, if you so choose).
• Meanwhile, genuine commenters will be able to comment on your blog hassle-free, and without CAPTCHAs.

The plugin lets you choose between the default CAPTCHA (a simple text-based test) and reCAPTCHA (this requires getting a free API key). You can style the CAPTCHA page to fit with your theme using CSS. Here is a demo of the CAPTCHA page.

This plugin requires Akismet to be installed and active in order to work.

Available translations: Belorussian (props Marcis G), Czech (props Ted), Danish (props Jesper), Dutch (props Rene), Estonian (props Itransition), Finnish (props Jani), French (props Laurent), German (props Jochen), Italian (props Gianni), Lithuanian (props Mantas), Polish (props Pawel), Romanian (props Web Hosting Geeks), Russian (props Serge), Spanish (props Reinventia), Ukranian (props Stas). More welcome!

This plugin requires PHP version 5 or greater.

If you have any problems or suggestions, you can email me. I can’t fix it if I don’t know it’s broken!

Frequently Asked Questions

• I’ve installed it, now how do I check that it works?

  You can try posting a spammy comment on your blog (make sure you’re logged out) to check that it works, and to see what it looks like. Posting a comment with viagra-test-123 in the author/name field will always get it flagged by Akismet.

• Does this plugin work with other comment form modification plugins?

  Conditional CAPTCHA relies on WordPress’ native form handling procedures. This means it will not work with plugins that generate and process their own comment forms. Such plugins include WP AJAX Edit Comments, tdo-miniforms, Backtype and Contact Form 7.

• I’m curious about how the plugin works. At what point is an unanswered CAPTCHA considered a failure, and what happens to the corresponding comment in the meantime?

  Basically the plugin will assume a flagged comment is spam unless a correctly solved CAPTCHA determines otherwise. The process depends partly on what your settings are.

  If the plugin is set to discard failed comments: When a comment is flagged as spam, it is sent (as hidden data) back to the client along with the CAPTCHA (and not stored in the database). When the user submits the CAPTCHA, they resubmit the comment along with it.

  If the plugin is set to store failed comments in the trash or spam queue: When the comment is flagged, it is added to the database as trash/spam. If the CAPTCHA is passed, then its status will be modified accordingly. You can configure what happens to passed comments.

  There is a time limit of 10 minutes for the CAPTCHA to be submitted, otherwise it will be ignored even if it is correct.

• Can I see a demo of what the CAPTCHA looks like?

  Yes.

• Didn’t you say before that the plugin works with TypePad Antispam?

  Yes, and it still does. But the TypePad Antispam plugin hasn’t been updated in over 4 years, and is not fully compatible with the latest version of WordPress, causing users to see error notices on the CAPTCHA page. I will probably drop support for it altogether in the near future.