The WordPress platform is a great way to run a blog or website, but it is under constant attack from spammers. Even if you prevent anonymous commenting, require user registration and implement the WP-reCAPTCHA plugin, you might find yourself – as I did – receiving dozens of automated, spammy registrations per day. However they’re getting past the CAPTCHA – maybe it’s OCR, maybe a proxied attack where humans are used – this spam clogs up your inbox and user list, and can be a pain.
I don’t think it’s possible to make your website completely spam-registration proof, but anything that makes your blog’s security one step harder to crack should limit the number of spammers who successfully target it. So here’s my solution: a custom captcha plugin for WordPress, as shown above.
My plugin adds one simple text question to the standard registration form. This can then be customised to match the content of the site, so that the answer is easy for any real human reader but, hopefully, too much work for any old random spammer or script. It’s a quick-and-dirty job, so has no options pages etc – you simply adjust three lines of code to choose your own question and answer.
Your blog won’t (ever) be safe from determined, human spammers who want to register, but this should cut down on automated registrations – it cut mine from about twenty a day to none.
UPDATE: I’ve updated the plugin, adding a proper options menu to make installation easy. You can get it here.