My Quiet Life

January 11, 2006

WordVerify

— cwage @ 11:30 pm

I have hacked up a little WordPress plugin to allow for comment submission verification based on a configurable "codeword". The plugin is called WordVerify, and it's available here.

It should work fine with WordPress 2.0 as well as 1.5.x. It has not been tested for versions of WordPress older than 1.5, so it may not work for those.

The idea is that a lot of commentspam is driven by automation, naturally, and the introduction of a human element in submitting an extra bit of verification can help kill a lot of this spam. SecureImage is an example of a great plugin that uses ImageMagick to display an image with random letters that the commenter must verify. WordVerify provides a simpler alternative to this method, by just requiring the entry of a single word. This provides a healthy compromise for smaller blogs that don't necessarily need the security of a dynamic image. The chances of any comment spammer bothering to screen-scrape my blog just to comment-spam it, much less OCR an image, are pretty low. For smaller blogs, the simple addition of a codeword is probably more than enough.

Further, WordVerify allows customization of the phrase in which the security word is presented in the form, decreasing the ability of spammers to scrape the word if the plugin gains widespread usage.

The current version is 1.4, and it's available for download here. A changelog can be found here.

The installation is simple, as with all WordPress plugins:

Download wordverify.php.txt
Rename wordverify.php.txt to wordverify.php
Copy wordverify.php to your WordPress plugins directory (wp-content/plugins).
Go to Plugins and "activate" the plugin.
You can now go to Options -> WordVerify to configure the security word and the phrase it's presented in.

Have fun! Any suggestions are welcome. Feel free to test out the plugin in the comments below. Testing is good.

Thanks to Random, whose implementation of this idea on his The Whole Truth podcast was the inspiration for this plugin.

Note: The original page with some comments/updates from when I first released this plugin can be found here.

Comments (68)

Pingback: My Quiet Life » wordverify update
Pingback: CentreSource: Blog » human spam
Pingback: jwage » Installed WordVerify..
Pingback: CentreSource: Blog » Eliminating (Most) Trackback Spam
Pingback: [ECHENG.COM] Eric Cheng - The Web Journal » Blog Archive » Wordverify plug-in for Wordpress
http://rfrancis.livejournal.com/ R. Francis Smith

So, thanks, dude. You used my idea and made a working plugin out of it. And now I finally upgraded my blog that used it (straight from 1.5 beta to 2.0.1, by the way), thus wiping out my hack, and am now using your plugin. KARMA
http://dsandler.org/ Dan Sandler

Hi! WordVerify is a great little plugin. A clever spammer could easily thwart WordVerify, but since most spammers will instead just move on to the next blog. It's kind of like The Club for WordPress blogs: it does nothing to stop a determined attacker, but it raises the level of effort just enough to make you an unattractive target (by comparison to other defenseless marks).

Aside: I'm experiencing some stripslashes oddities. In particular, single quotes (in the presentation) are being double-escaped when they go into the DB (so they appear as backslash-quote in the options table). When the presentation comes back out (either on the main page or in the <input> on the options form), the slashes remain. Thoughts? (WordPress 2.0, PHP 4.3.9.)
http://chris.quietlife.net Chris

I'll check into it.. I threw in some stripslashes() depending on whether or not magic quotes were on as an afterthought, but I didn't test it extensively..
Jer

Hello,

I try to install word verify. on WP 2.0.1
I active the plugin I go to the option and write :

Security code word: test
Presentation: write %%CODEWORD%% please

I press update options.
But I have no text field under the comment textarea.

There is something more to do ?
http://blog.ademagnaye.com ade

I have the same problem. When I use a non-kubrick template Wordverify doesn't work. is there any way to manually call the pluginwithin comments.php? thanks.
http://chris.quietlife.net Chris Wage

I'll see what I can do -- which template are you using, or did you roll your own?
http://blog.ademagnaye.com ade

I'm using Exquisite from Kaushal Sheth. Thanks in advance.
Pingback: kroetengruen.de » Blog Archive » Ausgespammt!
Pingback: neriphim.de » Blog Archive » Ausgespammt!
me

does it work?
http://suncatcherph.com duke

nifty plugin! thanks!
Pingback: Chitime Blog. » Blog Archive » Spam Karma Plug-in.
Louise

clever!
Pingback: BatzLog - Noch etwas Salz? » Spam-a-lot
ian

Ditto here - I'm using the Coppermine theme and I have no textfield for this plugin either.
ian

Disregard. It figures I would resolve the problem immediately after posting the question :\
http://chris.quietlife.net Chris

No problem -- but what was the solution? It may be helpful to others that have had trouble.
Pingback: Blog A Shot » Spambekæmpelse
Pingback: » Blog Archive » Spam ade ?
http://fragilemusings.net Robin

This is perfect! Thank you.
http://ddhr.org/ Dave

A commenter previously asked if there was a way to call the function manually from within the comments template. I was wondering if there's a way to do this because the plugin works for me, but it doesn't display where and how I want it to display. Great work otherwise.
http://www.dronamraju.com/blog Ravi d

Here is the error i get. What do i need to do?
Fatal error: Cannot redeclare class in /var/www/html/dronamraju/blog/wp-admin/admin.php on line 63
http://www.thepiratescove.us William Teach

Interesting plugin, but I am getting these errors:

Warning: Unexpected character in input: '\' (ASCII=92) state=1 in /home/.aska/ncdevilc/thepiratescove.us/wp-content/plugins/wordverify.php on line 2

Parse error: syntax error, unexpected T_STRING in /home/.aska/ncdevilc/thepiratescove.us/wp-content/plugins/wordverify.php on line 2

Any ideas?
http://www.thepiratescove.us William Teach

never mind. Got it.
http://www.thepiratescove.us William Teach

Have I mentioned that this is an EXCELLENT plugin, Chris? No? Well, it is. Kudos!
http://atourworst.org Jordan

I was wondering if it would be possible to know how to call up the plugin manually? The theme I'm currently using (Blix) that's had it's comments.php edited (from what it was originally) does not show the verification automatically. Not sure if this is an issue with my coding, or just because it doesn't like the theme. Any input is appreciate THanks!
http://www.thepiratescove.us William Teach

Hey, Chris, ran into a wee problem. I went to change the password, and now nothing shows nothing for the password after "Please enter.

I tried reinstalling the plugin, but get the same thing, and the previous data was not erased.

Do you know where the data for this is cached? And how to fix?
Pingback: Slow MySQL For Wordpress? Use WP-Cache » EZ Turnkey Business Idea
http://www.lunchofchampions.info T-Dawgggg

Thanks for designing a great plugin!! It is AMAZING!!!

I tested two wordpress blogs - one with Wordverify, and the other without - and Wordverify has kept ALL spammers away!
Anonymous

Testing1
Pingback: CentreSource: Blog » ACS SEO
http://d d

fdasfdasfdasfdasfa[b]dsa[/b]fdsafdas
Brenda Kempf

not sure where I'm supposed to put the code on my page...
Pingback: Portal WordPress » CONFIRMAÇÃO HUMANA NOS COMENTÁRIOS
Pingback: Neto Cury Blog » Blog Archive » SÓ BURRO E BOT NÃO COMENTAM
http://mvbk.nl/blog Neighbrs

What a GREAT (and very simple) plugin!
What a relief to have an empty spambox again. Very cool and handy plugin, thank you so much!
Pingback: Skriverier » Blog Archive » Vi prøver igen
http://www.aharen.net aharen

simply perfect and very handy..
good job mate
Pingback: My Quiet Life » comment verification
http://karenblundell.com Karen

this plugin may be just what I need
Pingback: Cybersakkie - Etienne de Heus se cybertuiste » WP comment plug-in
Pingback: [ECHENG.COM] Eric Cheng’s Journal » WordPress 2.0.6 is out
Pingback: I’m So Blogging That!! » Blog Archive » Spam Free Plugin Heaven
Pingback: [Zina][Lemmikki][Blog] » Blog Archive » Wordverify
http://www.itinfusion.ca Casey Woods

I've decided to remove the "nofollow" tags for comments and trackbacks on my blog. Its my way of thanking my community for being involved in my site. That means I need to make extra sure that I don't let the blog spam through! Akismet does a great job, but this additional layer of defense is great! Thanks for your work.
Pingback: onmeco Blog » Nerviger Kommentar-Spam
Pingback: Ventilen » Blog Archive » Hej og velkommen…
http://eg gr

eqg
Anonymous

test
Pingback: WP Plugins DB » Blog Archive » WordVerify
Pingback: Ventilen » Blog Archive » Nyt spamfilter
Pingback: Comments and Spam : Im Blogging That! My Life. My Way.
Louis

I was going to ask you to send this to me, but I see you've posted it here for everyone. Thanks!
Pingback: 30 Spam Fighting WordPress Plugins at WordPress Themes, Plugins, Blog Tips, Make Money Online >> WPthemesplugin.com
diuternity

Hello but I'm wondering does this plugin enter the settings in the database once setup? Can the codeword/setttings be hand coded instead of having to set it up? I ask because i'm musing MU and tossing this in the MU plugin folder doesn't work. Thanks for any advice.
http://chris.quietlife.net Chris

Hi.. I'm not 100% sure I understand your question, but you should be able to set the codeword, yes. What is MU?
Pingback: Bram.us » My 100,000 Spam - Akismet FTW
Pingback: Ultimate Plugins For WordPress | I'm Blogging That!
JERRY

something
http://danilohq.ad.art.br danilo

thankyou, excelent clue
Pingback: Ich Tarzan, Du Spam! - Alter Falter!
http://www.bettiemonkey.com Cat

wanted to let you know that i love this plugin the best of all the plugins. it helps greatly with spam, but its not intrusive and complicated. and i have not had a problem with it working on any newer version of WordPress. awesome!
Pingback: useful wordpress plugins | thinkoholic.com

January 11, 2006

WordVerify

Recent Comments

Local Links