A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of challenge-response test that I needed to introduce on my website. Without this test, my articles accumulated hundreds of comments per day. All those comments were unrelated to the articles and were posted by automation scripts written by spammers.
Having software engineering experience I come up with the simplest way to implement an easy-to-use CAPTCHA to deal with spam comments. This CAPTCHA is just another text field that a commenter must fill. Here is how it looks:
WordPress — the application that I use to run the readNtry.com website — is a PHP application. It supports some plugins out of the box including one for managing comment spam. Unfortunately, I am reluctant to enable plugins that rely on the infrastructure running outside of my server.
I know, this text-based test is very easy to work around in the spamming scripts, but this CAPTCHA is effective so far. I guess spammers don’t care much about my website.
So here is how it works: I modified two PHP files to enable the CAPTCHA functionality: wp-includes/comment-template.php and wp-comments-post.php. There are only about 10 lines of code. I reapply the commit every time WordPress is upgraded to the new version as it overrides my changes. In a rare case when my commit conflicts with the WordPress changes I do quick refactoring to resolve the conflicts.
You may download the commit if you are interested to see the changes.
Interesting thing I found about the question. It may take a few tries to pick a good question. When I used this string as a question “2 + 3 = ?” the spamming scripts were able to pass through. I found that the scripts can’t pass the “2 + 3 plus two = ?” test at this time.
With the current progress in artificial intelligence (AI) I guess my captcha is a very short term solution but, well, it works well so far.
Leave a Reply to Roman Chernikov Cancel reply