January 11, 2006


— cwage @ 11:30 pm

I have hacked up a little WordPress plugin to allow for comment submission verification based on a configurable "codeword". The plugin is called WordVerify, and it's available here.

It should work fine with WordPress 2.0 as well as 1.5.x. It has not been tested for versions of WordPress older than 1.5, so it may not work for those.

The idea is that a lot of commentspam is driven by automation, naturally, and the introduction of a human element in submitting an extra bit of verification can help kill a lot of this spam. SecureImage is an example of a great plugin that uses ImageMagick to display an image with random letters that the commenter must verify. WordVerify provides a simpler alternative to this method, by just requiring the entry of a single word. This provides a healthy compromise for smaller blogs that don't necessarily need the security of a dynamic image. The chances of any comment spammer bothering to screen-scrape my blog just to comment-spam it, much less OCR an image, are pretty low. For smaller blogs, the simple addition of a codeword is probably more than enough.

Further, WordVerify allows customization of the phrase in which the security word is presented in the form, decreasing the ability of spammers to scrape the word if the plugin gains widespread usage.

The current version is 1.4, and it's available for download here. A changelog can be found here.

The installation is simple, as with all WordPress plugins:

  1. Download wordverify.php.txt
  2. Rename wordverify.php.txt to wordverify.php
  3. Copy wordverify.php to your WordPress plugins directory (wp-content/plugins).
  4. Go to Plugins and "activate" the plugin.
  5. You can now go to Options -> WordVerify to configure the security word and the phrase it's presented in.

Have fun! Any suggestions are welcome. Feel free to test out the plugin in the comments below. Testing is good.

Thanks to Random, whose implementation of this idea on his The Whole Truth podcast was the inspiration for this plugin.

Note: The original page with some comments/updates from when I first released this plugin can be found here.

  • Pingback: My Quiet Life » wordverify update

  • Pingback: CentreSource: Blog » human spam

  • Pingback: jwage » Installed WordVerify..

  • Pingback: CentreSource: Blog » Eliminating (Most) Trackback Spam

  • Pingback: [ECHENG.COM] Eric Cheng - The Web Journal » Blog Archive » Wordverify plug-in for Wordpress

  • http://rfrancis.livejournal.com/ R. Francis Smith

    So, thanks, dude. You used my idea and made a working plugin out of it. And now I finally upgraded my blog that used it (straight from 1.5 beta to 2.0.1, by the way), thus wiping out my hack, and am now using your plugin. KARMA

  • http://dsandler.org/ Dan Sandler

    Hi! WordVerify is a great little plugin. A clever spammer could easily thwart WordVerify, but since most spammers will instead just move on to the next blog. It's kind of like The Club for WordPress blogs: it does nothing to stop a determined attacker, but it raises the level of effort just enough to make you an unattractive target (by comparison to other defenseless marks).

    Aside: I'm experiencing some stripslashes oddities. In particular, single quotes (in the presentation) are being double-escaped when they go into the DB (so they appear as backslash-quote in the options table). When the presentation comes back out (either on the main page or in the <input> on the options form), the slashes remain. Thoughts? (WordPress 2.0, PHP 4.3.9.)

  • http://chris.quietlife.net Chris

    I'll check into it.. I threw in some stripslashes() depending on whether or not magic quotes were on as an afterthought, but I didn't test it extensively..

  • Jer


    I try to install word verify. on WP 2.0.1
    I active the plugin I go to the option and write :

    Security code word: test
    Presentation: write %%CODEWORD%% please

    I press update options.
    But I have no text field under the comment textarea.

    There is something more to do ?

  • http://blog.ademagnaye.com ade

    I have the same problem. When I use a non-kubrick template Wordverify doesn't work. is there any way to manually call the pluginwithin comments.php? thanks.

  • http://chris.quietlife.net Chris Wage

    I'll see what I can do -- which template are you using, or did you roll your own?

  • http://blog.ademagnaye.com ade

    I'm using Exquisite from Kaushal Sheth. Thanks in advance.

  • Pingback: kroetengruen.de » Blog Archive » Ausgespammt!

  • Pingback: neriphim.de » Blog Archive » Ausgespammt!

  • me

    does it work?

  • http://suncatcherph.com duke

    nifty plugin! thanks!

  • Pingback: Chitime Blog. » Blog Archive » Spam Karma Plug-in.

  • Louise


  • Pingback: BatzLog - Noch etwas Salz? » Spam-a-lot

  • ian

    Ditto here - I'm using the Coppermine theme and I have no textfield for this plugin either.

  • ian

    Disregard. It figures I would resolve the problem immediately after posting the question :\

  • http://chris.quietlife.net Chris

    No problem -- but what was the solution? It may be helpful to others that have had trouble.

  • Pingback: Blog A Shot » Spambekæmpelse

  • Pingback: » Blog Archive » Spam ade ?

  • http://fragilemusings.net Robin

    This is perfect! Thank you.

  • http://ddhr.org/ Dave

    A commenter previously asked if there was a way to call the function manually from within the comments template. I was wondering if there's a way to do this because the plugin works for me, but it doesn't display where and how I want it to display. Great work otherwise.

  • http://www.dronamraju.com/blog Ravi d

    Here is the error i get. What do i need to do?
    Fatal error: Cannot redeclare class in /var/www/html/dronamraju/blog/wp-admin/admin.php on line 63

  • http://www.thepiratescove.us William Teach

    Interesting plugin, but I am getting these errors:

    Warning: Unexpected character in input: '\' (ASCII=92) state=1 in /home/.aska/ncdevilc/thepiratescove.us/wp-content/plugins/wordverify.php on line 2

    Parse error: syntax error, unexpected T_STRING in /home/.aska/ncdevilc/thepiratescove.us/wp-content/plugins/wordverify.php on line 2

    Any ideas?

  • http://www.thepiratescove.us William Teach

    never mind. Got it.

  • http://www.thepiratescove.us William Teach

    Have I mentioned that this is an EXCELLENT plugin, Chris? No? Well, it is. Kudos!

  • http://atourworst.org Jordan

    I was wondering if it would be possible to know how to call up the plugin manually? The theme I'm currently using (Blix) that's had it's comments.php edited (from what it was originally) does not show the verification automatically. Not sure if this is an issue with my coding, or just because it doesn't like the theme. Any input is appreciate :) THanks!

  • http://www.thepiratescove.us William Teach

    Hey, Chris, ran into a wee problem. I went to change the password, and now nothing shows nothing for the password after "Please enter.

    I tried reinstalling the plugin, but get the same thing, and the previous data was not erased.

    Do you know where the data for this is cached? And how to fix?

  • Pingback: Slow MySQL For Wordpress? Use WP-Cache » EZ Turnkey Business Idea

  • http://www.lunchofchampions.info T-Dawgggg

    Thanks for designing a great plugin!! It is AMAZING!!!

    I tested two wordpress blogs - one with Wordverify, and the other without - and Wordverify has kept ALL spammers away!

  • Anonymous


  • Pingback: CentreSource: Blog » ACS SEO

  • http://d d


  • Brenda Kempf

    not sure where I'm supposed to put the code on my page...


  • Pingback: Neto Cury Blog » Blog Archive » SÓ BURRO E BOT NÃO COMENTAM

  • http://mvbk.nl/blog Neighbrs

    What a GREAT (and very simple) plugin!
    What a relief to have an empty spambox again. Very cool and handy plugin, thank you so much!

  • Pingback: Skriverier » Blog Archive » Vi prøver igen

  • http://www.aharen.net aharen

    simply perfect :) and very handy..
    good job mate

  • Pingback: My Quiet Life » comment verification

  • http://karenblundell.com Karen

    this plugin may be just what I need

  • Pingback: Cybersakkie - Etienne de Heus se cybertuiste » WP comment plug-in

  • Pingback: [ECHENG.COM] Eric Cheng’s Journal » WordPress 2.0.6 is out

  • Pingback: I’m So Blogging That!! » Blog Archive » Spam Free Plugin Heaven

  • Pingback: [Zina][Lemmikki][Blog] » Blog Archive » Wordverify

  • http://www.itinfusion.ca Casey Woods

    I've decided to remove the "nofollow" tags for comments and trackbacks on my blog. Its my way of thanking my community for being involved in my site. That means I need to make extra sure that I don't let the blog spam through! Akismet does a great job, but this additional layer of defense is great! Thanks for your work.

  • Pingback: onmeco Blog » Nerviger Kommentar-Spam

  • Pingback: Ventilen » Blog Archive » Hej og velkommen…

  • http://eg gr


  • Anonymous


  • Pingback: WP Plugins DB » Blog Archive » WordVerify

  • Pingback: Ventilen » Blog Archive » Nyt spamfilter

  • Pingback: Comments and Spam : Im Blogging That! My Life. My Way.

  • Louis

    I was going to ask you to send this to me, but I see you've posted it here for everyone. Thanks!

  • Pingback: 30 Spam Fighting WordPress Plugins at WordPress Themes, Plugins, Blog Tips, Make Money Online >> WPthemesplugin.com

  • diuternity

    Hello but I'm wondering does this plugin enter the settings in the database once setup? Can the codeword/setttings be hand coded instead of having to set it up? I ask because i'm musing MU and tossing this in the MU plugin folder doesn't work. Thanks for any advice.

  • http://chris.quietlife.net Chris

    Hi.. I'm not 100% sure I understand your question, but you should be able to set the codeword, yes. What is MU?

  • Pingback: Bram.us » My 100,000 Spam - Akismet FTW

  • Pingback: Ultimate Plugins For WordPress | I'm Blogging That!



  • http://danilohq.ad.art.br danilo

    thankyou, excelent clue

  • Pingback: Ich Tarzan, Du Spam! - Alter Falter!

  • http://www.bettiemonkey.com Cat

    wanted to let you know that i love this plugin the best of all the plugins. it helps greatly with spam, but its not intrusive and complicated. and i have not had a problem with it working on any newer version of WordPress. awesome!

  • Pingback: useful wordpress plugins | thinkoholic.com