entranceNo CAPTCHA reCAPTCHA Russian version. Captcha for WordPress - Protect comments from spam Google captcha for wordpress comments
Spam registrations can be a headache for open registration sites. One way to avoid this is to use a CAPTCHA, which effectively blocks spambots on both the login page and the registration page. In today's article, we will show you how to add captcha to the form of WordPress login and registration pages.
First thing you need to do is install and activate the Better WordPress reCAPTCHA plugin. Upon activation, the plugin will add a new menu item called BWP reCAPT to your admin panel. Clicking on it will take you to the plugin settings page.
You will be asked to provide public and private API keys for using google recaptcha API. In order to get these keys, you need to go to the site reCAPTCHA and click on the "Get reCAPTCHA" button.
On the next page, you need to click on the Signup or Sign in button and log in with your Google account. After you log in, you will be asked for the domain name where you plan to use reCAPTCHA.
Copy and paste the public and private API keys on the plugin settings page at admin panel WordPress. Below the API keys under the section Plugin Functionality it is necessary to check two checkboxes next to the options Registration form and Login form.
Better WordPress reCAPTCHA plugin also allows you to add reCAPTCHA to WordPress comment form.
That's all, now you can click on the button Save Changes to save your changes.
Log out of your WordPress admin to see recaptcha in action. You will notice that recaptcha is enabled on the login page. By clicking on the registration link, you will also see that the page is protected by captcha.
We hope this article helped you add CAPTCHAs to your WordPress login and registration page. Captcha will save you from streams of spam registrations, comment spam and generally protect your site from malicious bots.
For all questions and feedback, please write in the comments below.
Do not forget, if possible, rate the entries you like with the number of stars at your discretion.
Installing reCAPTCHA on a website is divided into 3 stages:
- Registering and getting API key.
- Client side integration.
- Server side integration.
In this article, we will walk you through the process of adding Google reCAPTCHA to the standard WordPress comment form. If your site is powered by another CMS, I recommend using the official guide from Google.
Registering and getting API key
After logging into Google account, go to the main page Google reCAPTCHA and click on the "Get reCAPTCHA" button.
Google reCAPTHCA - adding a new site After registration, we will receive two keys:
- Site key - used in open form as an identifier.
- Secret key - used on the server side to communicate with Google.
This completes the preparation for work.
Client side integration
Client-side Google reCAPTCHA integration consists of adding HTML code to the site template. You can do it different ways, but we will consider only the most correct one. Its essence lies in the use of specialized WordPress functions... In this case, all the code is added to the functions.php file, without affecting other files, in particular the files of the site engine.
In total, you need to perform 2 actions:
- Connect the reCAPTHCA api.js script
- Add HTML code for the reCAPTCHA block.
Connecting reCAPTCHA api.js
Connecting a new script in WordPress boils down to three operations:
- Registering a script using the wp_register_script () function.
- Initializing the script using the wp_enqueue_script () function.
- Binding functions to the wp_enqueue_scripts event using the add_action () function. For this, the wp_register_script () and wp_enqueue_script () functions are placed in another function that is called in add_action ().
function add_recaptcha_js () (
// Register reCAPTHCA api.js, version is null, in footer is false
wp_register_script ("recaptcha", "https://www.google.com/recaptcha/api.js?hl=en", array (), null, false);
// Connect reCAPTHCA api.js
wp_enqueue_script ("recaptcha");
}
Adding the HTML code of the Google reCAPTCHA block
In this example, we will add the Google reCAPTCHA block code to the end of the standard WordPress comment form, just before the submit button. To do this, we use the comment_form hook specially designed for this purpose. In this case, the block will be displayed only to unauthorized users.
Add_action ("comment_form_after_fields", "recaptchadiv");
function recaptchadiv ($ post_id) (
global $ user_ID;
if ($ user_ID) (
return $ post_id;
}
echo "
return $ post_id;
}
Don't forget to replace site_key with your own key.
Server side integration
Server-side Google reCAPTCHA integration is to use the Google server response validation feature at the preprocessing stage. This is necessary in order to abort the operation and display an error message in the event of a negative response from the server.
Thus, we need two functions to protect WordPress comments:
- Google server response check function.
- Comment data preprocessing function.
As with client side integration, all code is added to the functions.php file.
Google reCAPTCHA server response check function
function verify_recaptcha_response () ($ recaptcha_secret_key = "secret_key";
$ recaptcha_site_key = "site_key";
if (isset ($ _POST ["g-recaptcha-response"])) (
$ captcha_response = $ _POST ["g-recaptcha-response"];
) else (
return false;
}
// Verify the captcha response from Google
$ response = wp_remote_post (
"https://www.google.com/recaptcha/api/siteverify",
array (
"body" => array (
"secret" => $ recaptcha_secret_key,
"response" => $ captcha_response
)
);
$ success = false;
if ($ response && is_array ($ response)) (
$ decoded_response = json_decode ($ response ["body"]);
$ success = $ decoded_response-> success;
}
return $ success;
}
Do not forget to replace secret_key and site_key with the corresponding values. Since this is an example, the values are set statically. It would be more correct to save the keys in the WordPress settings, as it will be done in the plugin, but this will complicate the code a little.
Comment preprocessing function
The final step is to write a pre-validation function for the comment data and bind it to the preprocess_comment event.
Add_action ("preprocess_comment", "preprocess_comment_cb");
function preprocess_comment_cb ($ commentdata) (
global $ user_ID;
if ($ user_ID) (
return $ commentdata;
}
if (! verify_recaptcha_response ()) (
echo "
You have not passed the Google reCAPTCHA spam protection. Go back to the previous page and try again. ";
exit;
}
return $ commentdata;
}
Thus, if during the commenting process the user does not will be tested Google reCAPTHCA, then a message with a link to the previous page will be displayed. In this case, after clicking on the link, the form values will remain filled.
Plugin for protecting comments from spam
For those who love simple solutions, I wrote a plugin to protect WordPress comments from spam when Google help reCAPTCHA. To use it, you need:
- Install plugin.
- Enter keys in WordPress settings.
Keys must be entered on home page WordPress settings(Menu -> Settings). The fields will become available at the bottom of the settings page immediately after activating the plugin.
If the keys are not entered, the protection will be disabled without any errors or consequences for the operation of the site.
For padding and other styles, add a rule for the g-recaptcha class to your style.css file.
G-recaptcha (
}
Conclusion
Using Google reCAPTCHA in comments will get rid of automatically distributed spam and significantly reduce the load on the site's database. In turn, connecting the Akismet plugin will protect you from manual spam. Thus, I recommend using Google reCAPTCHA in conjunction with plugin Akismet... This guarantees almost 100% protection against spam, with the exception of rare cases of "sneaky spam".
This is an article about Google installation reCAPTHCA has come to an end. If you have any questions or wishes, you can always leave your comment on the article.
A CAPTCHA or CAPTCHA is a challenge-response computer test that is used to determine who exactly came to the site - a person or a bot.
What is captcha for?
Typically, captchas are used on pages with a login and password, as well as on forms for adding comments. This is why this is done. In the first case, such a check will protect the site login form from guessing passwords, and in the second - to exclude spam comments.
Google Captcha Plugin (reCAPTCHA) by BestWebSoft
For WordPress, there are many ready-made plugin solutions to protect your site from the aforementioned malicious influences. So, among them, a rather popular plugin should be highlighted Google Captcha (reCAPTCHA) by BestWebSoft which uses a captcha from Google. It is universal, as it allows you to install a check on most sections of the site. Among them:
- registration form,
- Login form,
- password reminder form,
- form for adding comments,
- contact form,
- custom form.
So, after installing and activating the plugin, a message will appear in the admin panel that you need to get the keys for the captcha to work.
In field Label you must enter the name of the check (any). You should also select the type of check. We will use a simple check for the user, which assumes confirmation by a simple selection of the necessary pictures ( reCAPTCHA V2).
After choosing the type of verification, you must enter the domain name of the site, and then check the box Accept the reCAPTCHA Terms of Service and press the button Register.
After saving the settings, you will be taken to a window where you will need to copy separately (for example, in Notepad) field values Site key and Secret key.
All the necessary keys have been received. Now we go back to the site admin panel and go to Google Captcha -> Settings.
Into the fields Site key and The secret key you should enter the values \ u200b \ u200bof the lines you saved earlier ( Site key and Secret key respectively). Below, in the section Enable reCaptcha for, you need to select the pages on which the check will be enabled, and then press the button Save changes... After successfully saving the settings, you can test the captcha.
If the testing was successful, then the setup is completed, and now you can go to the page you marked, on which the captcha should appear.
Captcha (Captcha) - a special security code that allows you to avoid spam on the site. It is added, as a rule, in different forms on the pages - registration, comments, login, etc. This allows us to weed out most of the bots that automatically fill them. The code consists of letters and numbers, which are sometimes distorted by various effects and transformations. Once I already came across captcha plugins - it was a simple Really Simple CAPTCHA for the Contact Form 7. Today I decided to look for something for the user registration page, as one of the projects started to spam it regularly. As a result, we managed to select the 5 best plugins, each of which has its own distinctive features and pluses.
Captcha by BestWebSoft
A distinctive feature (link to a detailed review) is the use of different mathematical equations. This will protect your site not only from bots, but also save it from inadequate and unreasonable users (who come across in places). Traditionally, you can customize it for any form in the system - from registration to comments. Almost all language versions are available, including Russian. Requirements for WordPress - from version 2.9, the latest release - 02/08/2013 and more than 400 thousand downloads.
The main functions of the Captcha plugin: support for basic mathematical functions - addition, subtraction, multiplication, using both digital and verbal expressions. The installation is traditional, you can see the settings in the picture above. Personally, I really liked this variation of the captcha, and you don't need to peer into some distorted letters, guess what is shown in the picture, but just turn on the brain. Great module!
A great option for when you want to "test" the intelligence of the audience. The user will have to solve a simple equation in order to pass the defense. Read more about the solution in. Among the advantages of Math Captcha, I would name the compatibility with Contact Form 7, as well as the presence of a large number of settings: the choice of where the captcha appears, the mathematical operations used, the display of the task from numbers or in the form of text, etc.
The module is one of the simplest that I have come across. Therefore, I started with it - the installation and configuration of the captcha took, probably, 2-3 minutes. It adds a security code to various forms of the site - registration, comments and login form. The code is displayed in the form of simple blue characters (numbers and letters), crossed out with several lines. "Interference" protects the picture from being recognized by different software, and it will not be so difficult for users to see the code.
After installation, in the module settings, the administrator can choose which characters and how many to use in the captcha, as well as for which forms to display. There is a localization of the plugin, so everything is easy to understand. Definitely the biggest advantage is the simplicity and speed of setup + captcha, in principle, normal. To work, you need a version of WordPress older than 3.0, the module was downloaded about 10 thousand times, and Last update was 01/16/2013.
WP-reCAPTCHA (closed)
In general, reCAPTCHA is a public captcha, which was once acquired by Google (if I understood correctly) and is already being developed under the wing of this online giant. This is one of the most popular scripts used in many CMS and services, it is also almost the most protected from bots.
To integrate this captcha into the wordpress system, the WP-reCAPTCHA module is used. Its installation is classic, but after activation in the system, you will need to get a special key. On the same page, by the way, you will find all the necessary information for developers regarding reCAPTCHA.
In the settings of the WP-reCAPTCHA module, you can choose: activation of captcha for comments and / or registration form, appearance(subject) captcha, language, HTML standard of the displayed code, texts of error messages. The only thing that confused was support for version 2.9.2 of WordPress and the last update in early 2012, but there were almost 400 thousand downloads.
SI CAPTCHA Anti-Spam (Locked)
SI CAPTCHA Anti-Spam plugin was most often found in different collections - as I understand it, this is the most popular captcha module. It allows you to add a security code to all (or selected) forms in WordPress - registration, forgotten password, login, comments. Compatible with Akismet without any problems, and also works in WPMU and.
This module uses a free Open-source development (library) called PHP CAPTCHA. The image contains an abstract background, colored, distorted characters, as well as various "noise" in the form of curves over the text. There is a button "update captcha" if it is difficult to read it.
As for the features of the SI CAPTCHA Anti-Spam plugin itself, you will find there: different settings, valid HTML code, display / display of the security code for different forms or logged in or not users (relevant when commenting). Localization supported. The module works with WordPress from 2.9 to latest versions, actual update 01/06/2013 and only 1.5 million downloads.
Secure CAPTCHA (not relevant)
Finally, I saved a more or less new captcha for me, which I have not yet met - Secure CAPTCHA. The image uses handwritten text for the security code. Because of this, it is difficult for decryption programs to separate different letters to crack a captcha that only a human can understand. In addition, for the whole word, you can use some other transformation in order to further confuse the bots.
According to the developers, due to the fact that the letters stand out well from the background, you don't need to look too closely at the image. Although, to be honest, in some places it is still difficult for me to understand what is written there. To use this captcha, after installation and activation, you will need to register on the developers website and receive special keys. Next, in the settings, select which form you want to protect from spam. The module was downloaded by not so many people - only 5200, although in general the idea is quite interesting. To work, you need a version of WordPress 3.1 or higher.
Of course, these are not all plugins for captcha in WordPress, there are many more of them, and there are much more sophisticated and unusual ones - folding pictures from parts (like in puzzles), choosing a special image from those presented in the captcha, etc. I mentioned in the post only those that were most often mentioned in the collections of different modules + were immediately found when searching. The first 4 are definitely a godsend, I would easily use each of them on my own and developing sites.
Captcha or “captcha” is the most common method of protecting against spambots and guessing passwords in site forms (comment pages, authorization pages, password change, etc.). Captcha is quite effective way improving the security of the entire site as a whole.
WordPress plugins captcha
On a WordPress site, similar to sites on other platforms, there are also specified pages with forms that require protection from intruders. Note that the standard WordPress tools do not have any security features for these sections of the site. Therefore, for the "engine" dozens of plugins have been developed and are successfully used to ensure the operation of captcha. Let's consider the most popular ones among users.
Google Captcha Plugin (reCAPTCHA) by BestWebSoft
Detailed overview and plugin setup Google Captcha (reCAPTCHA) by BestWebSoft we have reviewed in our past articles. It should only be added that the plugin is one of the most popular among WordPress users. Its main advantage is the installation of captcha not only on all standard form pages, but also on manually created ones.
Spam Master plugin
Spam Master is a functional plugin that supports captcha Google (reCapcha)... His responsibilities include protecting against millions of known spam emails, domains, IP-addresses and words, blocking user registration or leaving a comment.
Captcha Bank Plugin: Anti Spam Captcha Plugin
Captcha Bank: Anti Spam Captcha Plugin has powerful tools to protect your site from spammers without clashing with additional security plugins.
Main features of the plugin:
- simple math operations;
- text codes with the ability to customize their appearance (text color, background, style, etc.);
- complex captchas with lines, distortions, sharpness and transparency;
- regulation of captcha display on login, registration, comment forms;
- support of popular WooCommerce, BuddyPress, Contact Form 7;
- the ability to disable captcha for registered users.
Captcha Code Plugin
A simple plugin Captcha Code inserts captcha on all required forms. You can select the pages on which you want to install the captcha, as well as specify the type of numbers, their external design. The plugin is fully localized into Russian.
Uber reCaptcha plugin
Uber reCaptcha is a pretty interesting plugin that has support for audio files and images. Among the capabilities of the add-on, one can single out the generation of the type of image / sound of captcha Google (reCapcha) in several preset languages. Adds protection to registration, password recovery and commenting forms.
Conditional CAPTCHA plugin
Conditional CAPTCHA is a plugin designed to install captcha exclusively in the commenting form. It works in conjunction with the plugin Akismet showing commenters a simple captcha if they don't have pre-approved comments, or if Akismet believes their comments are spam.
The plugin can work in 2 modes: basic and Akismet Enhanced... In addition, you can use duplicate captcha.
The plugin also allows you to customize the appearance of the page on which the captcha is installed.
