Description: WP Captcha-Free blocks comment spam by using a combination of time-based hash (a.k.a. Time Based Tokens, TBT) and JavaScript (AJAX). When a comment is posted the plugin validates a hash based on time (and some other parameters). Comments posted via automated means will not have a hash or will have an expired hash and will be rejected. Unlike using a captcha, this does not place any burden on the commenter.
Additionally, WP Captcha-Free uses ajax to get the hash only when the form is submitted instead of adding it statically to the page (which is cached by caching plugins). This adds another layer of security and makes it compatible with caching plugins like WP-Cache.
Features:
- Blocks automated comment spam and ensures that your commenters are human.
- Works without inconveniencing visitors with CAPTCHAs, challenge questions, etc.
- The plugin requires no database access and adds almost zero overhead.
- The plugin works out of the box without any configuration or setup.
- Compatible with all cache plugins, including WP-Cache.
- Doesn’t require editing any .php files.
Installation:
Just download the .zip file and upload the file ‘captcha-free.php’ to your ‘/wp-content/plugins’ directory. Now login to the Wordpress administration area and activate it under the “Plugins” section. That’s it! WP Captcha-Free will start blocking comment spam behind the scenes.
Rating:
(16 votes, average: 3.75 out of 5)
Size: 2.6 KB
Downloads: 986 [Download Now]
42 Comments
Ok cool deal
Grabbed the plugin and testing it on a new site now. Using the latest version of WP. SHall give you a shout should i run across any problems.
Regards
Off-it
I wonder how you can assume a result made by computer-generated computations (using JavaScript) ensures a comment is written by a humain being. All your plugin does is to ensure one uses a browser to post a comment. Say I develop a Firefox plugin to spam your blog. Your plugin won’t be able to stop it.
Moreover, what happens if a visitor has deactivated JavaScript in his browser? What would happen if the user is behind a proxy server? I guess visitors won’t be able to comment in both cases…
You are right about the first part. Yes, someone can use a browser to spam. But do spammers do that? Won’t it considerably slow them down? No plugin is foolproof. Spam and anti-spam tech evolves constantly. For *now* this works.
Yes, it clearly does require JavaScript. But, about 94% users have JavaScript enabled as of Jan 2007 (source: http://www.w3schools.com/browsers/browsers_stats.asp). That number is likely more now if you notice the trend. For me its a choice between using a captcha and inconveniencing 100% of my visitors or <6%.
No, proxies don’t matter (unless the proxy filters out JS).
BTW, thanks for your comments. If you have any suggestions please do let me know.
It looks like you got your idea and the name of your plugin from WP-SpamFree. Also you have copied most of the text in the bullet points of your description from that plugin as well-almost word for word. You need to be careful because that is a DMCA violation. With GPL you have to give attribution for code,but you can’t copy marketing text or descriptions.
> It looks like you got your idea and the name
> of your plugin from WP-SpamFree. Also you have
> copied most of the text in the bullet points
> of your description from that plugin as
> well-almost word for word.
Not true, in fact I first saw WP-SpamFree after I had completed the plugin and was writing a description (not very good at documentation, I was looking what other similar plugins had written). After reading WP-SpamFree’s feature list I couldn’t write mine another way since both plugins essentially offer the same advantages. But you are right, that’s a terrible thing to do in the age of DMCA (though I am not a US citizen
) and I’ll reword my feature list in the next update.
The idea is not really the same either. My plugin uses time-based hash (generated on the server side) and JavaScript (AJAX) while WP-SpamFree uses JavaScript and cookies. If you look at the code I am sure you’ll find no similarities there either.
Anyways, thanks for looking at my plugin and I hope you’ll still give it a try. Criticism (constructive or otherwise) is always welcome
.
Nice plugin
Hi!
Your plugin is very promising, but it doesnt work together with Better Comments Manager.
Could do you make your plugin compatible with it? (maybe make some check about if the user is logged, and if logged no need to make hash check).
oh thx 4 plugin
Hi there, I’d love to use your plugin but unfortunately it stopped all comments from comming in. Once the user clicks “submit comment” it says “please wait…” and nothing happens. The theme we are using is wp-magazine.com
thanks!
Hi Sandra,
Thanks for letting me know. Can you enable the plugin on your blog for a little while so I can see what’s going on?
Hi,
I had not uploaded the .php file right into the plugin directory. Ooops! IT works now and it’s a beauty! Thank you soooooo much!
Hi There,
I installed the plugin and noticed that my comment spam levels dropped to zero. This is great! However, I tried to post a comment on one of my posts, in response to some elses comment, and noticed that the form would not sumbit. When I clicked on the “Post Comment” button, it turned into a “Please wait” and then just stopped. The comment never got posted. I tried several times with the same result. When I de-activated the plugin I could post comments again.
Any idea what might be causing this? Anyone else experienced a similar issue?
Thanks,
Stephen
Stephen,
You may have uploaded the captcha-free.php file to a sub-directory of your plugins folder. Please upload captcha-free.php directly to /wp-content/plugins folder. Let me know if this works for you.
New to blogging and gutted to have spam comments - got my hopes up that I had some readers! When I found your plugin via Wordpress the hopes have gone up again. I will let you know if there are any issues. Thanks for your time and know how.
Would be cool to see this work on the user registration form.
thanks.
Stephen,
I bet you are running WP 2.5
I had captcha free running on 2.3.?
After upgrading to 2.5 i had the same as you. I gues captcha-free doesnt work on 2.5
Thanks for a great plug-in!
nice work
Hi,
I keep getting the error: Invalid Data: Please go back and try again.
I figure it has to do with the code below, but I can’t seem to make it work. It does work for some visitors but not others.
// Validate the hash
add_action(’preprocess_comment’, ‘cf_comment_post’);
function cf_comment_post($commentdata) {
// Ignore trackbacks
if($commentdata[’comment_type’]!=’trackback’) {
// Calculate the timehash that is valid now
$timehash=timehash($commentdata[’comment_post_ID’],time());
// Calculate the timehash that was valid 1 hour back to give some cushion
$timehash_old=timehash($commentdata[’comment_post_ID’],time()-3600);
if($_POST[’captchafree’]!=$timehash && $_POST[’captchafree’]!=$timehash_old)
wp_die(’Invalid Data: Please go back and try again.’);
}
return $commentdata;
}
Maybe you can update your entry/plugin to show if/make it wordpress 2.5 compatible.
Simple suggestion for future updates: the tag containing “Spam protection by WP Captcha-Free” should have an id attribute.
Anyway, nice plugin. Seems to be working well for me.
I installed this the other day, and it’s fabulous. I’m getting more comments than I was with the often faulty, always irritating captcha software I was using before. Just one thing, though. People who use AOL’s browser are getting an error when they try to post: Invalid data. Please go back and try again. Any thoughts I can pass along to them, or are they SOL?
Thanks. This is great.
really great
hi there .thanks for plugin:
Does anybody know if tis script is compatible with Wordpress 2.5.1?
Thanks in advance for any help on this!
best regards
WP Captcha-Free is not compatible with Wordpress 2.5, yet.
Thankyou.. i will try this plugins..
@iDope, yes .. true..
i’m not read your las comment… sorry.. but i will wait your next version… 
So this doesn’t seem to work anymore.. I don’t see the captcha and it’s not asking me to confirm any image….
great idea and work! thanks
Is there any img verification for posting?
The aim of this plugin is not having to use image verification.
Mmmm…. que mal ya no funciona en Wordpress 2.5
When people try commenting on my Wordpress MU site all it does now after you click submit comment is to change that button to “Please wait”. So no new comments can be added.
100% spam free though
Work in new version WP ?
Work PERFECT !
@Thomas: Please make sure you copy the “captcha-free.php” file directly to the wordpress plugins folder and not to a subfolder.
This is a great plugin
Wordpress: 2.6
Theme: Redie 3.0 by Steve Arun
I have installed your plug-in and I get the following message after I try and comment on a post:
Invalid Data: Please go back and try again.
I have it disabled currently but would love to give it some use… spam bots are so annoying…
Thanks!
@Jason: Are you sure you copied the captcha-free.php file to /wp-content/plugins directly and not to a sub-folder?
@iDope: Thanks for the quick response. Yes I am sure that captcha-free.php is in /wp-content/plugins and not a subdirectory. I am assuming you are considering the wordpress directory the root? I deleted and just now redownloaded from this page and uploaded. Still nothing though. I get the same error.
permissions are 644 so I don’t think that is any issue. there isn’t any modifications to the template code that needs to be done, is there? (As I do not have a default template)