Description: WP Captcha-Free blocks comment spam by using a combination of time-based hash (a.k.a. Time Based Tokens, TBT) and JavaScript (AJAX). When a comment is posted the plugin validates a hash based on time (and some other parameters). Comments posted via automated means will not have a hash or will have an expired hash and will be rejected. Unlike using a captcha, this does not place any burden on the commenter.
Additionally, WP Captcha-Free uses ajax to get the hash only when the form is submitted instead of adding it statically to the page (which is cached by caching plugins). This adds another layer of security and makes it compatible with caching plugins like WP-Cache.
Features:
- Blocks automated comment spam and ensures that your commenters are human.
- Works without inconveniencing visitors with CAPTCHAs, challenge questions, etc.
- The plugin requires no database access and adds almost zero overhead.
- The plugin works out of the box without any configuration or setup.
- Compatible with all cache plugins, including WP-Cache.
- Doesn’t require editing any .php files.
Installation:
Just download the .zip file and upload the file ‘captcha-free.php’ to your ‘/wp-content/plugins’ directory. Now login to the Wordpress administration area and activate it under the “Plugins” section. That’s it! WP Captcha-Free will start blocking comment spam behind the scenes.
Rating:
(57 votes, average: 4.02 out of 5)
Loading ...
Size: 2.6 KB
Downloads: 5164 [Download Now]
104 Comments
Ok cool deal
Grabbed the plugin and testing it on a new site now. Using the latest version of WP. SHall give you a shout should i run across any problems.
Regards
Off-it
I wonder how you can assume a result made by computer-generated computations (using JavaScript) ensures a comment is written by a humain being. All your plugin does is to ensure one uses a browser to post a comment. Say I develop a Firefox plugin to spam your blog. Your plugin won’t be able to stop it.
Moreover, what happens if a visitor has deactivated JavaScript in his browser? What would happen if the user is behind a proxy server? I guess visitors won’t be able to comment in both cases…
You are right about the first part. Yes, someone can use a browser to spam. But do spammers do that? Won’t it considerably slow them down? No plugin is foolproof. Spam and anti-spam tech evolves constantly. For *now* this works.
Yes, it clearly does require JavaScript. But, about 94% users have JavaScript enabled as of Jan 2007 (source: http://www.w3schools.com/browsers/browsers_stats.asp). That number is likely more now if you notice the trend. For me its a choice between using a captcha and inconveniencing 100% of my visitors or <6%.
No, proxies don’t matter (unless the proxy filters out JS).
BTW, thanks for your comments. If you have any suggestions please do let me know.
It looks like you got your idea and the name of your plugin from WP-SpamFree. Also you have copied most of the text in the bullet points of your description from that plugin as well-almost word for word. You need to be careful because that is a DMCA violation. With GPL you have to give attribution for code,but you can’t copy marketing text or descriptions.
> It looks like you got your idea and the name
> of your plugin from WP-SpamFree. Also you have
> copied most of the text in the bullet points
> of your description from that plugin as
> well-almost word for word.
Not true, in fact I first saw WP-SpamFree after I had completed the plugin and was writing a description (not very good at documentation, I was looking what other similar plugins had written). After reading WP-SpamFree’s feature list I couldn’t write mine another way since both plugins essentially offer the same advantages. But you are right, that’s a terrible thing to do in the age of DMCA (though I am not a US citizen
) and I’ll reword my feature list in the next update.
The idea is not really the same either. My plugin uses time-based hash (generated on the server side) and JavaScript (AJAX) while WP-SpamFree uses JavaScript and cookies. If you look at the code I am sure you’ll find no similarities there either.
Anyways, thanks for looking at my plugin and I hope you’ll still give it a try. Criticism (constructive or otherwise) is always welcome
.
Nice plugin
Hi!
Your plugin is very promising, but it doesnt work together with Better Comments Manager.
Could do you make your plugin compatible with it? (maybe make some check about if the user is logged, and if logged no need to make hash check).
oh thx 4 plugin
Hi there, I’d love to use your plugin but unfortunately it stopped all comments from comming in. Once the user clicks “submit comment” it says “please wait…” and nothing happens. The theme we are using is wp-magazine.com
thanks!
Hi Sandra,
Thanks for letting me know. Can you enable the plugin on your blog for a little while so I can see what’s going on?
Hi,
I had not uploaded the .php file right into the plugin directory. Ooops! IT works now and it’s a beauty! Thank you soooooo much!
Hi There,
I installed the plugin and noticed that my comment spam levels dropped to zero. This is great! However, I tried to post a comment on one of my posts, in response to some elses comment, and noticed that the form would not sumbit. When I clicked on the “Post Comment” button, it turned into a “Please wait” and then just stopped. The comment never got posted. I tried several times with the same result. When I de-activated the plugin I could post comments again.
Any idea what might be causing this? Anyone else experienced a similar issue?
Thanks,
Stephen
Stephen,
You may have uploaded the captcha-free.php file to a sub-directory of your plugins folder. Please upload captcha-free.php directly to /wp-content/plugins folder. Let me know if this works for you.
New to blogging and gutted to have spam comments – got my hopes up that I had some readers! When I found your plugin via Wordpress the hopes have gone up again. I will let you know if there are any issues. Thanks for your time and know how.
Would be cool to see this work on the user registration form.
thanks.
Stephen,
I bet you are running WP 2.5
I had captcha free running on 2.3.?
After upgrading to 2.5 i had the same as you. I gues captcha-free doesnt work on 2.5
It’s not working for me. I installed and activated the plugin, but the spam is getting right through.
Thanks for a great plug-in!
nice work
Hi,
I keep getting the error: Invalid Data: Please go back and try again.
I figure it has to do with the code below, but I can’t seem to make it work. It does work for some visitors but not others.
// Validate the hash
add_action(’preprocess_comment’, ‘cf_comment_post’);
function cf_comment_post($commentdata) {
// Ignore trackbacks
if($commentdata['comment_type']!=’trackback’) {
// Calculate the timehash that is valid now
$timehash=timehash($commentdata['comment_post_ID'],time());
// Calculate the timehash that was valid 1 hour back to give some cushion
$timehash_old=timehash($commentdata['comment_post_ID'],time()-3600);
if($_POST['captchafree']!=$timehash && $_POST['captchafree']!=$timehash_old)
wp_die(’Invalid Data: Please go back and try again.’);
}
return $commentdata;
}
Maybe you can update your entry/plugin to show if/make it wordpress 2.5 compatible.
Simple suggestion for future updates: the tag containing “Spam protection by WP Captcha-Free” should have an id attribute.
Anyway, nice plugin. Seems to be working well for me.
I’ve installed Captcha-Free on my blog, running WP 2.5.1, when a comment is posted, you just get forwarded to Google, for some reason, and the comment isn’t posted?!
http://hintofsarcasm.com is the address, any ideas?
I installed this the other day, and it’s fabulous. I’m getting more comments than I was with the often faulty, always irritating captcha software I was using before. Just one thing, though. People who use AOL’s browser are getting an error when they try to post: Invalid data. Please go back and try again. Any thoughts I can pass along to them, or are they SOL?
Thanks. This is great.
really great
hi there .thanks for plugin:
Does anybody know if tis script is compatible with Wordpress 2.5.1?
Thanks in advance for any help on this!
best regards
WP Captcha-Free is not compatible with Wordpress 2.5, yet.
Thankyou.. i will try this plugins..
@iDope, yes .. true..
i’m not read your las comment… sorry.. but i will wait your next version… 
So this doesn’t seem to work anymore.. I don’t see the captcha and it’s not asking me to confirm any image….
great idea and work! thanks
Is there any img verification for posting?
The aim of this plugin is not having to use image verification.
Mmmm…. que mal ya no funciona en Wordpress 2.5
When people try commenting on my Wordpress MU site all it does now after you click submit comment is to change that button to “Please wait”. So no new comments can be added.
100% spam free though
Work in new version WP ?
Work PERFECT !
@Thomas: Please make sure you copy the “captcha-free.php” file directly to the wordpress plugins folder and not to a subfolder.
This is a great plugin
Wordpress: 2.6
Theme: Redie 3.0 by Steve Arun
I have installed your plug-in and I get the following message after I try and comment on a post:
Invalid Data: Please go back and try again.
I have it disabled currently but would love to give it some use… spam bots are so annoying…
Thanks!
@Jason: Are you sure you copied the captcha-free.php file to /wp-content/plugins directly and not to a sub-folder?
@iDope: Thanks for the quick response. Yes I am sure that captcha-free.php is in /wp-content/plugins and not a subdirectory. I am assuming you are considering the wordpress directory the root? I deleted and just now redownloaded from this page and uploaded. Still nothing though. I get the same error.
permissions are 644 so I don’t think that is any issue. there isn’t any modifications to the template code that needs to be done, is there? (As I do not have a default template)
Great plugin, tnx.
But i have problem – it’s ok to comment without login to wp, but if i login to my wp i see “Invalid Data: Please go back and try again.”
PS plugin is in root of wp-content/plugins/
Hi
We are also going to start a blog soon and were wondering how to takle comment spam.
Thanks for the info!
It works in a very simple way, great work!
Would be cool to see this work on the user registration form.
thanks.
same error as the other guy
Invalid Data: Please go back and try again.
Works perfect in my WP 2.7 !
@kitich: I think your theme is not calling the ‘comment_form’ action when you are logged in.
“The article is very informative as well as so creative. You have very great knowledge having this subject. So nice! It’s a great to see you here.
Thanks!
“
Grabbed the plugin and testing it on a new site now. Using the latest version of WP. easy installed and easy in use! this plugin helped alot and I did noticed that my comment spam levels dropped well. Thank alot!))
HI I cant seem to work it out
Everytime i try to post a comment i keep getting this mesage: Invalid Data: Please go back and try again
I have the plugin in the plugins folder (_root)
What can i do?
Cheers!
MAC
http://wordpresssupplies.com/wordpress-plugins/captcha-free/
This plugin doesn’t works. It shows only link to this page and no picture.
@smart maxx: I think you missed the point of this plugin. It stops spam *without* captcha.
@MAC: Send me a link to your blog and I’ll check it out.
nice plugin
Plugin does not seems to work fine with wp 2.7. Any ideas?
Is this working on my blog? I thought that I would get a enter code below the captcha numbers/letters. ON mine nothing is happening. My blog is at http://blog.meleana.info it is a blog about flash, but I get all these porn comments, I don’t see the connection. Wordpress is too hard, and am not sure if I want to continue blogging as I spend way too long delete spam, yikes!
Thanks so much for all your hard work on creating some files to help prevent spam, I appreciate all your work.
Johnny
Nice. I like it!
Excellent, thanks for the plugin!
Added this cool plugin and my spam went from over 40 a day to zero, nice ! WP 2.7.1 by the way.
@Irfan Faruki: What error are you getting?
@John Barrett: The purpose of this plugin is *not* have the commenter to type a CAPTCHA answer.
BTW, I have released a new CAPTCHA plugin, more secure but still does not require commentors to type a CAPTCHA. Just requires a click to solve.
http://wordpresssupplies.com/wordpress-plugins/clickcha/
Thanks for this great plugin, spam influx went down to zero. But somehow I get an error (http 500) on my site, when I am using MS Internet Explorer 7 to leave a comment. Firefox works fine.
The very best
I absolutely LOVE this plugin-there has been NO spam since I started using it.
However, the last few days, I’ve noticed it will sometimes throw an “invalid data” error when a legitimate comment is submitted. It *seems* to be related to the use of ellipses (… at the end of a statement) but I’m not 100% sure.
Using Wordpress 2.7.1, with the latest version of Captcha Free.
Any ideas?
Promising plugin, but, 2 errors:
1. Stops responses in the admin forms.
2. Stops pingbacks, and the “trackback” test is commented out!
nice plugin, but there seems to be a bug in the code whereby if there are more 2 or more forms on a page, and if multiple forms have a ’submit’ element id for the submit button, then the 1st form will get submitted instead.
so, if the 1st form is a search box, it will submit a search query instead of the comment form.
to solve it, change: document.getElementById(’submit’).click();
to: document.getElementById(’commentform’).elements['submit'].click();
Hello!
Nice plug-in but I can’t make it work! I always have the “invalid-data” error…
php file is in the plugin directory.
Can you help me?
Plugin not working, get the following message when submitting a comment:
“Invalid Data: Please go back and try again.”
Using 2.7.1 WP version and tested on Firefox and Safari. The plugin is in the plugins root folder. The idea is great but it seems only a few here manage to make it work.
“Invalid Data: Please go back and try again.” This error appears when visitors posting comments from any version of IE (for now I have IE8 and testing whith it).
WP 2.7.1 php file in /content/ directory.
The problem appeared after upgrade to WP 2.7 and makes plugin useless. Deactivating solve the problem.
* wp-content/plugins/ directory sorry
@ibrahim: Your theme may be at fault here. As per HTML specs element IDs should be unique:
http://www.w3.org/TR/REC-html40/struct/global.html#h-7.5.2
I appreciate all your work for creating the files to help prevent from spam. This type of button is helpful for the commenter to post their comment without any error.Thanks for the post.
Running WP 2.7 and the most recent version of WP Captcha Free and it is apparently working nicely.
Hello, I’ve been using your plugin for a few days and I have both a question and a comment.
Firstly, the comment: on line 86 of captcha-free.php you open a <small> tag but never close it. Just thought I’d point that out.
Secondly, why don’t you use your own plugin on your comment forms here?
@Mythender: Thanks for the feedback. But I do close the <small> tag. Maybe you have an older version?
I also wrote the Clickcha plugin I use here and it got the space since its the newer one
ahh I see about Clickcha
as for the tag, I downloaded and installed version 0.5 of the plugin automatically through the wordpress plugin directory and everything below my comment form became… well… small….
reading the document source I found the missing tag and looking into the code of your plugin led me to line 87:
Please note: JavaScript is required to post comments.
HI
Nice plug-in but I can’t make it work! I always have the “invalid-data” error…
php file is in the plugin directory.
help me
I have released a new version in which the check is bypassed for logged-in users. Replying to comments from Wordpress admin should work now.
I did an automatic upgrade through my 2.8 WP site and got this message:
Fatal error: Call to undefined function wp_get_current_user() in /home/nispiros/public_html/wordpress/wp-includes/capabilities.php on line 920
Afterwards I couldn’t get to the site until I deleted the plugin through FTP .
I get the same exact error as rolando.
AHHH. Any chance of getting the old version up or the new one fixed? I really like this plugin. But as rolando I had to delete it via FTP to get my blog running again
Result of late night coding
This has been fixed now, please get the latest version.
this plugin have been installed on my web
Thank you! Working again
Thanks for the fix!
Getting the “Invalid data” error when submitting. I’ve left it up for now at my site above. I made sure I copied it to the root of my wp-content/plugins directory and activated it. Thanks for any help you can provide.
Ok, here’s what I see. $_POST['captchafree'] seems to not be being populated. It looks like my theme (Fusion) is calling comment_form:
ID); ?>
Not sure if that’s correct or not, but maybe that helps. Thanks again.
@Cory: Looks like your theme doesn’t have the ‘comment_form’ hook. Enter the following code right before the closing tag in the comments.php file of the theme.
<?php do_action(’comment_form’, $post->ID); ?>
Hello iDope,
thanks a lot for the beautiful plugin…. Its working fine for me….
I came across this page searching for “Invalid Data: go back and try again” error…
I am not getting the error in ur plugin but in “Wordpress Threads Comment” plugin…
In that plugin I had enabled AJAX support. I tried to debug and found that it works fine till displaying the messsage “submitting comment……..” But after that the xmlhttprequest.status = 500 instead of 200. Do you have any idea about where it is failing ?
As soon as i deactivate the plugin , all works fine and visitors and post comment.
Also point is that if I am logged in as Admin and try to post the comment, it works fine. !!!
Most of the comments on that plugin with the :Invalid data…..” problem are unsolved and unanswered
It would be very kind of you if u could just guide me….
thanks a lot….
Hello iDope,
wasn’t expecting that u wudn’t approve my comment….
btw, it wasn’t the problem of the WP Thread Comments Plugin but now I think it was the problem of this plugin…
As soon as I disabled the WP Captcha Free Plugin, the ajax comment started working !!!
btw, I even tried to use other ajax comment plugin but same problem with all….
So can u guide me what should i do ??
I hope u won’t unapprove this comment as it is pertaining to YOUR plugin problem…
thanks for the help…
Hello idope,
I m really sorry… when i made the previous comment, the last comment that i was able to see was urs i.e. of July 10.. so i felt that u unapproved it
but after i submitted the above one, the previous one was also visible…
thanks….
Really nice n cool plugin..
thanks for sharing..
This plugin is GREAT, it works so smoothly! Thank you so much!
Hi there, any chance you can ajax your clickcha plugin so a new page is NOT shown when there is an error? just an error message?
Thanks, ps great plugin!
@Sapan: I don’t think this plugin can coexist with “Wordpress Threads Comment” as they both control how the comment gets posted using ajax.
@Gyro: The plugin does use ajax and most of your genuine commenters (the ones that have Javascript enabled) will not see that page.
wow, cool deal and nice n cool plugin
thanks for sharing !
This is one of the most useful plugins I have come across. It is great to be able to eliminate spam while not inconveniencing your blog visitors. Great job,
Thanks a lot. Such a nice plugin.
Really nice n cool plugin..
thanks for sharing
The omy.sg linked me here now.
I have problems submitting blog reply to chimkang’s blog in omy.sg
Please help me as i like to go to his blog and i share with friends there…..pls don’t disregard me ! Please !
@LEONG: I was able to post a comment just fine on your blog. Are you getting an error?