22 Comments

  1. Peter Cralen

    Good news, previous captcha was nightmare for me. So many times I did it after few fails :D
    This new looks much better.

    Report

  2. Andy Wilkerson

    Having something as simple as a honeypot field or something like it does the job 99% of the time, just as David Walsh (http://davidwalsh.name/wordpress-comment-spam). What’s with all this Advanced Risk Analysis engine business.

    Report

  3. Piet

    Entirely and utterly agree with Andy! On all sites (my own and those of clients) I use honeypot fields and I hardly have any problems. Instead of analysing the risk they should analyse how much online revenue is lost by letting potential buyers jump through all kinds of hoops!

    Report

  4. Samuel "Otto" Wood

    Andy, Piet, David Walsh’s solution works for him because it is a “club” solution. This article from 2002 is worth a read:
    http://web.archive.org/web/20110607161529/http://diveintomark.org/archives/2002/10/29/club_vs_lojack_solutions

    Basically, such a honeypot concept only works because not everybody has it, and it’s not worth the spammers time to work around your “fix”. Quite simply, they’re trying to spam thousands of sites, not just yours. If such a solution was to become commonplace, then it would become worth their time to work around it (and working around it is trivial), and suddenly it would not work anymore.

    Any solution to “spam” has to account for everybody. You can solve it for yourself, but that does not scale. Scaling a spam prevention mechanism requires a lot more work than something quite as simple as that.

    Report

    • Piet

      Thanks for your explanation, Samuel. Happy that the honeypot is not mainstream yet then and here’s hoping it never will :)

      Report

  5. Dan C. Sharp (@thinkvitamin)

    Is a service like Cloudflare helpful for filtering out most robots and comment spammers?

    Report

  6. Ryan Hellyer

    I don’t think they’re explaining everything they’re doing in that post. I’m assuming they’re doing a combination of what I suggested here, http://geek.ryanhellyer.net/2014/06/04/spam-epiphany/. With the addition of a non text-based CAPTCHA as a fallback. But they’re still using text-based CAPTCHA’s too sometimes, since those are still more powerful than those image based ones since you can’t just take a potshot guess at the answer since there are too many combinations to choose from.

    I’m sure this is an improved implementation for them, but it is not revolutionary. In fact I’m running a test version of this exact type of setup (not identical of course) on my own site right now, with the exception that I haven’t implemented a non-text based CAPTCHA fallback. This will eventually be rolled into my Spam Destroyer plugin once I’ve ironed out the bugs and added a few more features to it.

    Report

  7. AmandaAmanda Rush

    At this time, the new Google spamcheck is flagging screen reader users as spammers, forcing us to use the absolutely horrible garbled audio challenge instead, which creates a lot of frustration. I sincerely hope they fix this.

    Report

  8. Karla

    I still think there are better solutions for this. Weeks ago somebody recommended goodbyecaptcha which really protects you without any image, click or something else. Since then, no spam in my web sites. https://wordpress.org/plugins/goodbye-captcha/
    Karla

    Report

  9. folkhack

    Hi all!

    I have done a quick implementation for Gravity Forms utilizing the new reCAPTCHA API. I would VERY MUCH appreciate any help in reviewing the source and the testing of this plugin!

    https://github.com/folkhack/Gravity-Forms-No-CAPTCHA-reCAPTCHA

    Lemme know if you have any questions!

    – folkhack

    Report

    • Tony Zeoli

      I just installed your plugin on one of my client sites, but I noticed you did not add the conditional under the Advanced tab as with Gravity Forms current reCaptcha implementation, such that No Captcha Re Captcha displays when the user enters a value into the form field.

      My client loved the conditional, but it’s now not avail in your implementation, so if you can add that to your plugin, that would be great.

      Other than that, it def solves the problem until Gravity Forms updates.

      Report

  10. Kevin Provance

    A checkbox? I don;t have to tell you that anyone who understand how to manipulate a DOM can simulate one of those without much effort, yeah? That said, we have a nifty captcha tool that requires one to slider a slider.. :P

    Report

    • Ryan Hellyer

      You seem to be assuming that it is an HTML checkbox. It could be a fancy JavaScript generated pseudo check-box, in which case it’ll require a quite a bit of effort for someone to work around it.

      Report

  11. Ryan Wagner

    I am trying to implement this because I love the simplicity of it but I can’t get it to validate. So another words if it is not checked the form will submit still. Does anyone have any idea to how to make this work? I have read probably ever doc in google about the new recaptcha and still can’t get it to work. Thanks in advance.

    Report

  12. ThisIsBad

    Tried this today and it’s pretty bad. It ads up to 5 seconds processing on that page, and during that processing time it prevents you from logging in, since the captcha is still working in the background. Pressing the login button does nothing thanks to this behavior.

    Honeypots are still the better way to go.

    Report

  13. Pol

    We recently created an addon for GeoDirectory using the new No CAPTCHA reCAPTCHA API. It killed 100% of bot’s activities in all of our test websites. We are very happy with it so far and so are our users!

    Report

  14. Vinoth Kumar

    You can also use this WordPress plugin to avoid Captcha https://wordpress.org/plugins/no-captcha-in-comments/

    Report

Comments are closed.

%d bloggers like this: