I have hacked up a little WordPress plugin to allow for comment submission verification based on a configurable "codeword". The plugin is called WordVerify, and it's available here.

I've only tested it for WordPress 1.5, and it should be considered super duper mega quadruple beta. But, it works for me on two different WordPress blogs.

The idea is that a lot of commentspam is driven by automation, naturally, and the introduction of a human element in submitting an extra bit of verification can help kill a lot of this spam. SecureImage is an example of a great plugin that uses ImageMagick to display an image with random letters that the commenter must verify. WordVerify provides a simpler alternative to this method, by just requiring the entry of a single word. This provides a healthy compromise for smaller blogs that don't necessarily need the security of a dynamic image. The chances of any comment spammer bothering to screen-scrape my blog just to comment-spam it, much less OCR an image, are pretty low. For smaller blogs, the simple addition of a codeword is probably more than enough.

Further, WordVerify allows customization of the phrase in which the security word is presented in the form, decreasing the ability of spammers to scrape the word if the plugin gains widespread usage.

The installation is simple, as with all WordPress plugins:

  1. Download wordverify.php.txt
  2. Rename wordverify.php.txt to wordverify.php
  3. Copy wordverify.php to your WordPress plugins directory (wp-content/plugins).
  4. Go to Plugins and "activate" the plugin.
  5. You can now go to Options -> WordVerify to configure the security word and the phrase it's presented in.

Have fun! Any suggestions are welcome. Feel free to test out the plugin in the comments below. Testing is good.

Thanks to Random, whose implementation of this idea on his The Whole Truth podcast was the inspiration for this plugin.

Update: I have verified that this plugin appears to work fine with WordPress 2.0

1/5/2006 UPDATE: There was a documentation error in the instructions that inadvertently instructed you to use "%%SECURITYWORD%%" rather than what the plugin uses for substitution, which is "%%CODEWORD%%". A new version (1.1) of the plugin has been posted that resolves this confusion.

1/8/2006 UPDATE: Released a new version, 1.2, that fixes a problem with comment counts. When codeword verification fails, the comment was deleted in a terrible (non-API) way, and hence the comment count was not being updated for the post. This has been fixed.

« »
  • http://blog.markwill.com/ Mark

    Testing this thing.

  • http://www.roberlan.com.br/blog Roberlan Borges

    This plugins works in WordPress 2.0?

  • http://chris.quietlife.net Chris

    As far as I know — are you having trouble with it?

  • http://www.knoizki.com/ KnOizKi

    Off topic: what sort of plugin do you use for the threaded comments? It looks cool. Thanks.

  • http://www.knoizki.com/ KnOizKi

    .. and of btw, I have downloaded this wordverify plugin to my wp2.0 and it works great!

  • http://chris.quietlife.net Chris

    I’m using Brian’s threaded comments plugin.

  • http://chris.quietlife.net Chris

    Glad to hear it!

  • http://www.roberlan.com.br/blog Roberlan Borges

    This plugin is not working for me, i´m using WP 2.0…

  • http://bingu.net/blog bingu

    nice plugin

  • http://chris.quietlife.net Chris

    What trouble are you having? Feel free to e-mail me details at cwage@quietlife.net.

  • http://lukaret.com Beng

    Hi. I followed the instruction how to use it but still it’s not working I got this %%SECURITYWORD%% instead of what I wrote as presentation. What shall I do? I am using WordPress 2

  • http://chris.quietlife.net Chris

    This is because the code actually uses %%CODEWORD%%, not %%SECURITYWORD%% — there was a mistake in the instructions which I have corrected.. If you re-download the plugin here, it should be fixed.

  • http://lukaret.com Beng

    Hello Chris,
    Sorry to bother you again. I downloaded your latest plugin version 1.2. The code shows on IE but not on Mozilla. Do you have any idea why?

  • http://lukaret.com Beng

    uppps, i am so sorry. too dumb of me, i forgot i’m logged in :( that is the reason why i can’t see it.

  • http://chris.quietlife.net Chris

    Yep, that’d do it! Glad to hear you got it working..

  • bc

    testing 123

  • http://blog.mytraxx.de moonchild

    Hy there, I get the following error when NOT typing the correct codeword:

    Fatal error: Call to undefined function: wp_delete_comment() in /var/www/web183/html/wordpress/wp-content/plugins/verify.php on line 155

    However, the comment is still postet although I’ve entered the wrong code.
    When typing the correct codeword everything is fine…
    Does anyone have an idea? Thanks in advance.

  • http://chris.quietlife.net Chris

    This may be due to something I assumed was in all versions of wordpress, butmaybe that’s specific to WP 2.0.. I will look into it.

  • http://blog.mytraxx.de moonchild

    I’m currently using WP 1.5 :)

  • http://chris.quietlife.net Chris

    Hm, okay, then I guess that wp_delete_comment() function didn’t exist in 1.5 — I will have to figure out if there was equivalent functionality in 1.5 and add that back for older versions

    For now, it probably won’t work for 1.5

  • http://chris.quietlife.net Chris

    Okay, this problem should be resolved. The new version of WordVerify (1.3) checks for versions of WordPress older than 2.0 and uses a different method to delete the comment.. I can’t say for sure if this will work with versions older than 1.5.x because I am not sure how things were done back then, but it should at least work for 1.5.x as well as 2.x

  • http://blog.mytraxx.de moonchild

    Thanks a lot, Chris! Installed, tested and… taadaa: it works!

  • http://blog.mytraxx.de moonchild

    Urm Chris, I’ve just wondered if it’s possible randomize the codewords, so that there is always a different word instead of a static on.

  • http://chris.quietlife.net Chris

    Not currently, though I am considering this for the next version.. I figure it would be nice to set multiple codewords and multiple phrases, and then randomize them both.

  • Pingback: chitime blog » Blog Archive » Jippieh!

  • http://soodz.com/blog chelle

    I just started using this plugin, it is good, however I am still getting slammed by spam. I began searching for something like this because the spam was forcing my traffic numbers above my quota for the month!!! Thanks for the plugin I am so hoping it helps a little!!

  • http://soodz.com/blog chelle

    Nevermind my last comment, today I had 0 spam…I am in awe!!1 Thanks again (I am using 2.0 as well so it totally works!!!)

  • http://blog.sugarbytes.de Cola

    Hi Chris, I love your WordVerify plugin! I only have the problem that the IE shows it w-e-i-r-d, not in the comment form area, where I can see it with Firefox, no, it is in my lower sidebar. I cannot see anything in my sidebar.php file though. Can you help me get it working also in IE? It causes that people comment, but they didn’t see the WF field (of course not), so their comments aren’t published :sad:

  • http://testeamaisoumenos.com.br teste@amaisoumenos.com.br
  • http://www.phoneconfirm.com phone verification man

    works on WP 2.0!

  • http://vbvb gffg


  • http://zina.hu zina

    It doesn’t work on my site – no error, but the comments are nowhere :(

  • Anonymous


  • Related Content by Tag