Fighting Spam with CAPTCHA

Some WordPress administrators find that a traditional spam-analysis tool like Akismet
isn’t enough to stop the inevitable avalanche of spam. Others find that Akismet
consistently flags good comments as spam, creating a different sort of commentmoderation
headache. If you’re in the first camp, you might want to supplement
Akismet with something else. If you’re in the second camp, you might want to try
switching Akismet off and plugging the hole with a different tool.
Either way, one good candidate is a Captcha (which computer nerds translate into
the phrase “Completely Automated Public Turing test to tell Computers and Humans
Apart”). The idea behind Captcha technology is to force commenters to do something
that automated spam-bots can’t, at least not easily. If you’ve ever registered with
a site that asks you to retype a set of fuzzy letters or distorted words, you’ve seen
Captcha in action. Facebook, Hotmail, and Gmail all use it, for example.
The problem with Captchas is twofold. First, there’s no Captcha that’s too hard for
some spambot to crack. Second, there’s no Captcha that’s so easy that it won’t annoy
your readers, at least a little. But if you use an easy, unobtrusive Captcha, you just
might be able to reduce spam to more manageable proportions, without annoying
your visitors too much. (Hint: You don’t want to use the fuzzy letter system.)
To add a Captcha, you need to be running a self-hosted WordPress site, and you
need to add a plug-in. If you search the WordPress plug-in repository, you’ll find
dozens. Here are three worth considering:
• Growmap Anti-Spambot ( This is almost
the simplest Captcha you can use. It simply asks the commenter to check a
checkbox. Thus, it annoys almost no one but still trips up the majority of automated
• CAPTCHA ( This generically named plug-in lets
you use simple math questions, like “seven + 1.” Yes, shockingly enough, some
would-be commenters will still manage to get these questions wrong. However,
it won’t drive visitors away as quickly as a fuzzy-word-reading test.
• Anti-CAPTCHA ( This plug-in performs
an invisible test. Essentially, it asks a guest’s web browser to run a snippet of
JavaScript. That snippet then sets a hidden value in the web page. Automated
spam-bots usually ignore JavaScript code, so they won’t be able to set the hidden
value that Anti-CAPTCHA looks for, and thus they’ll fail the test. Overall,
this plug-in catches the least amount of spam, but it presents no inconvenience
to your readers.
Remember, CAPTCHA isn’t foolproof. It won’t stop human spammers (who typically
account for less than 10 percent of all spam), and it won’t stop the sneakiest spambots.
However, it can reduce the total amount of spam enough to improve your life.

Fighting Spam with CAPTCHA

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s