Improve your Captcha anti-spam efforts

First published on November 18, 2006

My anti-spam plugin is one of many Captcha comment plugins for WordPress. In the effort of continuous improvement, I’m perpetually trying to tweak my plugin for better performance, effectiveness, and compatibility. Here are two points that are problematic for most of the Captchas and that might be helpful for other amateur developers like me.

1. Use the preprocess_comment filter to analyze comments early
Thanks to the ever-so-detailed WordPress Plugin API I discovered the filter preprocess_comment, which is the first “event” that occurs when a comment is posted. Most plugins call their functions during the action comment_post, but this “event” occurs a bit too late in the timeline. While comment_post is occuring, the comment has already been posted to the database, and your plugin is forced to go into the database to delete spam comments. This is obviously transparent to users, but is ineffecient from the processing point of view.

What you should try to do is to stop the spam before it hits the database by using preprocess_comment instead of comment_post.

2. Give users the option to allow trackbacks and pingbacks through
Captcha forces users to enter the characters seen in an image in order to ensure that the poster is not a spambot. However, trackbacks and pingbacks are other ways of posting comments, and they obviously cannot see your Captcha image. You can use other methods of stopping trackback and pingback spam, such as installing a filter-type plugin (for example, Akismet) or renaming your trackback file. But the problem remains that you have to correctly identify trackbacks and pingbacks in order to turn off the Captcha test. Otherwise, users that install your plugin are effectively blocking all trackbacks and pingbacks.

Surprisingly, the answer to this problem was a bit hard to find, but it turned out to be quite a simple solution. In the array that is sent during the preprocess_comment event, one of the fields that is submitted is comment_type. The value of this is blank for normal comments, and is otherwise equal to “pingback” and “trackback”. Therefore, use an “if” statement such as the one below (in your comment filter function), in order to identify and subsequent allow the passing through of pingbacks and trackbacks.

if ($incoming_comment['comment_type'] == "") {
// run anti-spam check }
else {
// return to normal }


Thanks to Ajay for taking the time to examine some of this stuff with me.


3 Responses to “Improve your Captcha anti-spam efforts”

  1. Marc says:

    Hi Peter,
    Thanks for following the pingback to my blog and letting me know that the problem had been rectified. Really appreciate it. You saved me having to brush up on my rusty PHP skills and trying to find the problem myself. Keep up the good work.
    - Marc

  2. Amir Hossain says:

    Hi!!! Hope you are doing well. We the leading Data processing company in Bangladesh. Presently we are processing 300000+ captcha per day by our 55 operators. We have a well set up and We can give the law rate for the captcha solving.

    Our rate $2 per 1000 captcha.

    We just wanna make the relationship for long terms. can we go forward? Thank you, (For inquiry or

    Best Regards
    Amir Hossain Dewan
    Data Home Ltd.

  3. Peter says:

    The above comment is so ironic that I just have to keep it…

Speak your mind

To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word