I wanted to see how hard it would be to install a captcha with WordPress. Turns out it wasn’t too bad. I may leave it there to play with. Now, does anyone know of a simple plugin that adds an “email this comment to [textbox]” option when I’m approving comments? Reading through the plug-in documentation, it sounds like there’s not a good action/filter for that, so I’d have to muck around in the PHP..

43 Responses to Captcha (Leave a comment)

  1. So which captcha did you use Matt?

  2. hey matt. i havn’t tried this one yet but its on my ta-da list.

  3. But CAPTCHAs are an unnecessary evil for those with sight-impairment (and often a pain for others too) :-

    Why not use a text-based system like this ready-made WordPress plugin? :-

    P.S. This is my third attempot to get past an “Invalid security code. Press your browsers back button and try again.” message re your CAPTCHA.

  4. I guess your blog site is not for everyone to comment on? hmm, I wasn’t aware of that when I posted in your Gmail post…

  5. Options > Discussion

    check box > email me whenever anyone posts a comment

  6. branden, I’m trying out SecureImage (with an extra security patch). Milly, thanks for the pointer! I may try that out too if this captcha turns out to be problematic.

    graywolf, I hadn’t thought of that. I often approve stuff from a web console, so I was thinking about forwarding only certain posts on, but I guess I could procmail most and then search for the one I wanted to forward. Hmmm..

  7. I don’t think it works if you are logged in as the admin

  8. Hey I see that you have the new image security thing, pretty cool. =)

  9. Good morning Matt

    Would you be kind to write few words about the aim or what do we expect to see on the serps in stage 1, 2 and 3 of Jegger.

    GoogleGuy mentioned that stage 3 is to deal with the canonicals issue. How about stage 1 and 2 ?


    Wish you a great day and a successful weekend.

  10. Mornin to ya Matt,

    I use wordpress as well and havent been able to find a descent image verification script for it, care to point me in the right direction, like the one you got here?

    As well, I am also curious to any news in relation to the jagger update, anything new happening with it?

  11. Righto, Matt. I’m sure the engineer in you will ponder the quandary of assessing problems, when a likely problem will tend to break the feedback loop. You might try closing your eyes, using a screenreader, then trying to post a comment …

  12. Hi Matt – spent the day trying to figure the relationship between DNS and the SERPS – still scratching my head but found this page very interesting as I am sure you will too.

  13. I agree, Captcha’s break every accessibility rule there is. I had the idea of what WP-Gatekeeper does a while ago, nice to see it actually implemented 🙂

  14. I’m with Milly on this. Captcha’s are basically evil if you’re site impaired (even remotely). IMHO, anyone who is actually interested in web accessibility won’t use them. Most bloggers have experienced what you’re tackling right now, which is stopping spam bots from clogging up your comment posts. However, there must be a better solution that doesn’t leave some real humans in the dust.

  15. Matt and others,

    I am a complete lameass when it comes to this stuff and rely on wordpress with all it’s plugins to basically do everything I cant.

    One of the coolest people to make plugins for wordpress (and the nicest guy I have met online) is Skippy, you might want to check his stuff out and if he doesn’t have what you want he will either design the plugin for you, educate you on what needs to be done to accomplish the task, or point you in the right direction. This is what wordpress is all about, a community and even Google can learn a lesson from this yes? 😉

    His URL is:

    Is having a link to my site in that URI field above considered spamming, anyone?

    Skippy saved my ass with his great database backup plugin a few days ago, I thought I was toast then I remembered that his plugin emailed my gmail account the database backup a few weeks back, sweet! 🙂



  16. When will people come to understand that captchas:

    1) are access barriers to a non-trivial number of people, blind and sight impaired.
    2) were broken long ago. They afford little real protection.

    Asking a simple, easy to answer question offers a lot more protection … and will cast you in a more favorable light, as someone sensitive to accessibility. You could easily rotate a few questions, such as What is my last name, who do I work for, what color is the footer stripe, and get as much protection as you do from a captcha.

    See also:

  17. I bet ya didn’t think CAPTCHAs were such a hot issue, did ya? I am assuming that you are looking to CAPTCHA solutions to cut down on moderating the comment spam. I saw a huge increase a month ago to my blog and I started checking out the comment spam plugins. I went through about 4 when I found Spam Karma 2. The thing works like a charm and it gives me spam stats. If you are looking to cut down on having to moderate all of the spam comments, I would recommend you check it out.

  18. What is that Nino guy showing us? His splog? Why dont you go somewhere else and wackoff you lamer!

  19. Great to see these comments. We run an Accessibility Working Group in Manchester UK and the very subject of stopping SPAM. Captchas aren’t accessible and strictly speaking illegal in the UK, to my mind, though the legislation is very woolly

    Thoughts and solutions would be most welcome on our Blog

  20. These images are very hard to read. For someone who is even remotely color blind, they’ll need someone else to read it so they can post to this blog.

    Red Green color blindness is fairly common, and from what I’m being told, the security code I’m looking at is all green on a green red and purple background.

    Not very friendly for promoting an open community.

  21. Hi eWhisper,

    “Red Green color blindness is fairly common, and from what I’m being told, the security code I’m looking at is all green on a green red and purple background.”

    Would you be more comfortable with the kind of image used on Google´s Add URL page?

  22. That Google Add URL page is interesting. The CAPTCHA image is “To help us distinguish between sites submitted by individuals and those automatically entered by software robots, please type the squiggly letters shown here into the box below”.

    But the ALT text says “If you can read this, you do not have images enabled. No problem; just leave the textbox below empty”.

    Presumably Google is content (if only by neglect) to consider submissions from sight-impaired individuals to be as suspect as those from spam robots?

    Gmail’s CAPTCHA is odd too: the ALT text says “If you can read this, you do not have images enabled. Please enable images in order to proceed”, which must irk those using a screenreader. But it also has a button (“accessibility.gif”) to open the CAPTCHA image in it’s own window, the accessibility benefit of which eludes me (possibly so that someone else – if available – can read out the CAPTCHA image without also seeing the login page? Whatever, it’s still sucky.).

    (Google appear to codename their Gmail CAPTCHA, “Gaia”, btw! I’m guessing they have the Asimov connection specifically in mind, but the inaccessibility of it smacks of bitter irony, in any event).

    Time for another link? :-

    “Inaccessibility of Visually-Oriented Anti-Robot Tests
    Problems and Alternatives

    A common method of limiting access to services made available over the Web is visual verification of a bitmapped image. This presents a major problem to users who are blind, have low vision, or have a learning disability such as dyslexia. This document examines a number of potential solutions that allow systems to test for human users while preserving access by users with disabilities.”

  23. Just curios!
    Is there a poll or stat that show how many people with sight-impairment actually read or comment on blog?
    How many of these people are blogger?
    How many of these people make use of the Internet?

    But this one on matt’s blog is a problem for me too, and I am not a sight-impairment person. In short this one don’t work as expected

  24. Hi

    I think this site can help you

  25. It’s a shame the demo’s currently broken, but is worth looking at if you think CAPTCHA’s are the solution to automated comment spam.

  26. Hi Matt,
    Captcha for dummies ?
    Couldn’t find any on the web so I created my own website for idiots like myself.
    A sort of: “How to use captcha for non php, html, etc programmers.”
    Please correct me if I was / am wrong, but after exhaustive reserach, each site about captcha I found presumed some minimal knowledge of php, or at least how to include php etc.
    Basically, hot water has been around for a while but some folk just don’t know how to heat it up and so this is my pinch of salt.


  27. Seems that you have just tried to copy some known service like:

    And, since you have launched (date on your counter: 22 – 08 – 2006), you went to spam blogs, introducing your “new” solution.

    There are currently 2 well known services for protecting web forms (not plugins): – is a CAPTCHA service, providing its smart technology, it becomes very elegant. – is filtering service.

  28. Jeremy,

    what has my captcha site’s launching date to do with it’s usefullness ?
    When you create a new website do you keep it under the bed for 6 months or what ?

    Obviously you have not read through my web site since if you had then it must be obvious that I copied no one especially the captcha service you mention which … by the by … requires people to sign up with their e-mail.

    My ‘new’ solution ? Do your homework please.
    My site is plasterd all over with the fact that what I am proposing is not a new captcha solution as you imply that I state, and neither did my previous post here imply anything of the sort.
    Feel freee to re-read my previous post here above just to double check.

    Sorry for breathing matey – but here is what I did.

    1) had a problem with form spamming
    2) needed a solution
    3) searched the web and found almost no information for NON programmers on how to implement captcha
    4) with some help from a few friends managed to get together some captcha
    5) implemented this on my websites
    6) solved my form spamming problem
    7) thought others might be interested – since if I could do it so could other PHP dummies
    8) created a captcha information website with intent to help others
    9) posted news of this website on this blog which seemed appropriate
    10) thought I had done my little bit to contribute to fighting spam and helping other web idiots like myself implement captcha without going nuts

    If posting what I deem to be useful information about captcha on a blog is considered blog spamming then please send me the rules where it states how many days between creating an informative website must pass before I am allowed to post about it on one single blog.

    Besides this, if wikkipedia allows my site to be listed in their external links section :
    (see external links / captcha tutorial ), then I presume that my site must have some more value than just peeving off someone like yourself.

    Last but not least, in the last 10 days I have received many e-mails from web masters who had been in my same predicament of having problems in understanding and implementing captcha on their websites – all of whom have expressed their thanks for my free, without advertising of any kind, banner free informative captcha website.
    One even wrote to thank me that his programmer quoted him 360 dollars to implement captcha and via my website he had it up in 1 hour for free.
    That’s me happy and my mission accomplished.

    Sheesh and I daren’t even mention the name of my website in this reply for dread of being accused of who knows what else.


  29. Pete, that guys a turd. You did the web community a favor and sharing is one of the whole points out here eh?

  30. Pete,
    sorry, I didn’t want to offend you in any way.
    These two sites are not mine and I have no relation to them.

  31. I run a lot of web and article directories. Captcha is a necessary evil…it cuts down about 90% of spam on my sites.

  32. i agree with you

  33. Since the early days of the Internet, users have wanted to make text illegible to computers. The first such people were hackers, posting about sensitive topics to online forums they thought were being automatically monitored for keywords.

  34. I may have to see if I can get CAPTCHA working with mine when I get around to it.

  35. Captcha is a godsend. Some of my sites were literally hijacked by spammers before I installed captcha on them.

  36. color blindness is fairly common, and from what I’m being told, the security code I’m looking at is all green Red Green color blindness is fairly common, and from what I’m being told, the security code I’m looking at is all green on a green red and purple background.”

  37. The point about colour blindness is a valid one and it raises the general issue of how a Captcha solution can impact accessibility. There are too many instances of the security code being included in graphical images that are very difficult to read even with perfect eyesight let alone any form of disability. A text based question will do the job just as well, it is accessible and appealing to your real human audience.

  38. Captcha is a must, on my sites it reduses almost 90% of the carbage.

  39. Lets see if it works here.
    On the other post (the smart phone cam one) it keeps asking me “what is the sum of 2 + 3?” and won’t accept anything (5, 05, 0x5…)

  40. Doesn’t using a token system make captcha systems redundent and forms totally accessable?

  41. We implement CAPTCHA on all customer sites as we are a large UK based ecommerce provider (B2C). However we as a company do not use CAPTCHA on our own websites. We are B2B and therefore want to put people off as little as possible when it comes to data collection, (volumes in B2B aren’t as high) so we prefer to sift through the SPAM in the interest of maximising genuine enquiries. Obviously this is only manageable up to a point.

    My heart breaks for big B2C operators, as they are inevitably putting off genuine enquiries with onerous CAPTCHA images due to the issues of SPAM.

    Has anybody else found that CAPTCHA has reduced enquiries as well as SPAM?

  42. Captcha is a godsend. Some of my sites were literally hijacked by spammers before I installed captcha on them.