A CAPTCHA (“Completely Automated Public Turing test to tell Computers and Humans Apart”) is a type of challenge-response test that I needed to introduce on my website. Without this test my articles accumulated hundreds of comments per day. All those comments were unrelated to the articles and were posted by automation scripts written by spammers.

Having software engineering experience I come up with a simplest way to implement an easy to use CAPTCHA to deal with the spam comments. This CAPTCHA is just another text fields that a commenter must fill. Here how it looks:

WordPress — the application that I use to run the readNtry.com website — is a PHP application. It supports some plugins out of the box including one for managing comment spam. Unfortunately I am reluctant enabling plugins that rely on the infrastructure running outside of my server.

I know, this text base test is extremely easy to workaround in the spamming scripts, but this CAPTCHA is effective so far. I guess spammers don’t really care about my website.

So here is how it works: I modified two PHP files to enable the CAPTCHA functionality: wp-includes/comment-template.php and wp-comments-post.php. There are only about 10 lines of code. I reapply the commit every time WordPress is upgraded to the new version as it overrides my changes. In a rare case when my commit conflicts with the WordPress changes I do quick refactoring to resolve the conflicts. You may download the commit if you are interested to see the changes.

Interesting thing I found about the question. It may take a few tries to pick a good question. When I used this string as a question “2 + 3 = ?” the spamming scripts were able to pass through. I found that the scripts can’t pass the “2 + 3 plus two = ?” test at this time.

With the current progress in artificial intelligence (AI) I guess my captcha is a very short term solution but, well, it works well so far.