Using Peter’s Custom Anti-Spam Image plugin with WordPress MU

Instructions for Peter’s Custom Anti-Spam Image 3.0.5 and WordPress MU 1.5.1
Note: For registration form protection in WordPress MU, see here

First of all, I fully recommend that you use the plugin with Plugin Commander, which gives you complete control over how your plugins are deployed across the blogs in your WPMU installation. For example, Plugin Commander enables you to:

  • activate and de-activate plugins across all MU blogs
  • set plugins to be automatically activated when new blogs are created
  • empower individual blog owners to de-activate a plugin that has been automatically activated

Plugin Commander for WordPress MU

Once you have installed Plugin Commander (extract one file to the wp-content/mu-plugins folder), simply download the anti-spam plugin and extract the custom anti-spam folder into the wp-content/plugins folder (not mu-plugins). Options are configured globally by editing custom_anti_spam.php and are the same as for the instructions for normal WordPress sites.

Activation and de-activation is handled for all blogs by the Plugin Commander or per blog.

Alternative method

If, for some reason, you must put the anti-spam plugin in the wp-content/mu-plugins folder, you will lose all of the advantages of the Plugin Commander plugin described above. All plugins installed to mu-plugins are automatically activated. There are several steps in order to install the anti-spam plugin to the mu-plugins folder:

  1. Download the anti-spam plugin. Do not upload the plugin yet. Edit the custom_anti_spam.php file in the several locations. First, remove all instances of “$wpdb->prefix . “.

    Then, find this code (removing one “../”):

    include_once '../../../wp-config.php';

    Change it to:

    include_once '../../wp-config.php';

    Finally, find these the pieces of code that mention the “wp-content/plugins” folder, such as these two examples (there are more instances):

    if ($cas_wav) echo( '<a href="' . $cas_myurl . '/wp-content/plugins/' . end($cas_thisfolder)
    echo( '<img src="' . $cas_myurl . '/wp-content/plugins/' . end($cas_thisfolder)

    Change them to (removing the “plugins/” part):

    if ($cas_wav) echo( '<a href="' . $cas_myurl . '/wp-content/' . end($cas_thisfolder)
    echo( '<img src="' . $cas_myurl . '/wp-content/' . end($cas_thisfolder)
  2. Upload the plugin to the wp-content/plugins folder (NOT the mu-plugins folder), then activate it through the WPMU admin panel. This is done so that the necessary tables are created.
  3. Without de-activating the plugin, move the plugin files to the wp-content/mu-plugins folder, but without being contained in the custom anti-spam folder. In other words, the directory structure should be:
    ----- mu-plugins
    --------- custom_anti_spam.php
    --------- fonts
    --------- sounds
    --------- translate
    --------- words

Options are configured globally by editing custom_anti_spam.php and are the same as for the instructions for normal WordPress sites. The plugin will automatically be active for all blogs.


26 Responses to “Using Peter’s Custom Anti-Spam Image plugin with WordPress MU”

  1. suleiman says:

    I'm having a bizarre problem where on some blogs the picture is not displaying at all, while on others it is.

    These blogs are using the same theme, and have the same plugins activated on their blogs.

    Any idea why this would be happening?

  2. Peter says:

    What method did you use to install and activate the plugin? Perhaps it simply isn't activated for some blogs. Did you use Plugin Commander?

  3. suleiman says:

    I installed the plugin in my mu-plugins folder. I need a system I can deploy across all the sites without my user’s having to worry about setting it up correctly.

  4. Ed says:

    Okay, so I installed all okay, then I edited the "custom_antispam.php" file to "insert anti-spam protection to the registration form". NOTHING!!!

    What am I missing???



  5. Ed says:

    Okay so maybe this line is wrong?

    $cas_folder = str_replace(‘/wp-content/plugins/custom-anti-spam’, ‘/’, dirname(__FILE__));

  6. Ed says:

    Reset back to default:
    $cas_folder = str_replace(‘\\’, ‘/’, dirname(__FILE__));

    Still not working.

  7. Peter says:

    Hi Ed,

    Unfortunately, the registration form protection only works on the regular WordPress, not on MU. As I have discovered, the “register as a user on this blog” form is completely different on MU…

    April 20, 2008 update: I have now found out how to tweak the file to suit the MU registration system (tested on MU 1.3.3). In the custom_anti_spam.php file, replace everything below and including the line “function cas_register_form() {” with the contents of this file.

  8. suleiman says:

    Peter, were you able to resolve the issue I was reporting on earlier? It’s odd that on the same theme the picture would just refuse to load. Clicking on the no picture icon also resulted in the audio file not being found, whereas on sites with the captcha showing up correctly, you do get the audio file upon clicking.

  9. Peter says:

    Can you send me some links to sites that work and sites that don’t work? Without any more information, I have no clues as to what the problem could be.

  10. NeiL says:

    Hi Peter,
    I’m using wpmu with this plugin on my site. I’ve replaced the code from "function cas_register_form() {" to the end with the code in the txt you link. I can’t get it work, it works just for comments not in wp-signup neither in wp-login, no errors but no working.
    sorry for my english :P

  11. NeiL says:

    don’t mind about it. I’m so stupid, i forgot to edit custom_antispam.php to enable it…
    Sorry :P

  12. NeiL says:

    ok, i have it working. Just one little thing, if i try to register (it’s a 2 step thing) it only works on the first stage, when i go through the second stage the anti-spam is not shown, and if you click the "next" button it returns to the first stage as if you write an incorrect antispam word.
    You can check it at
    Thanks in advance

  13. Peter says:

    Hi NeiL, you are correct. Thanks for pointing that out. I had only tested it out for people getting a username only. I’ve tweaked the code to be compatible with the two-step process and updated it here.

  14. NeiL says:

    thanks a lot , it’s working right now ! :)

  15. NeiL says:

    Hi Peter,
    The new stable version on WordPress MU is 1.5.1, i’m testing your plugin with it but it’s working just for the first stage on registration. The antispam word is not showing when i try to register a blog. Can you write a patch?
    Thank you

  16. Peter says:

    Hi NeiL, are you using the latest version of my plugin? I just tested it with MU 1.5.1 and the activation and registration (with the updated code from before) functionality works.

  17. NeiL says:

    Hi, firefox’s cache was making me go nuts. Now is working ok. Sorry :P
    Thanks again.

  18. Konstantin says:

    EDIT: problem solved by using version 3.0.5 of the plugin and following the updated instructions.

    Hello, I’ve been using your plugin for over a year now. I was using version 2.82 because it worked flawlessly for me and it was enough, but after upgrading to wpmu 1.5.1 I started getting errors so I decided to upgrade.

    Now I am using version 3.0.4 but I am getting new errors:

    [Fri May 23 20:05:42 2008] [error] [client] PHP Notice: Undefined variable: cas_displaytext in /xxx/wp-content/mu-plugins/custom_anti_spam.php on line 113, referer: some search engine

    [Fri May 23 20:05:42 2008] [error] [client] PHP Notice: Trying to get property of non-object in /xxx/wp-content/mu-plugins/custom_anti_spam.php on line 136, referer: some search engine

    [Fri May 23 20:05:42 2008] [error] [client] PHP Fatal error: Call to a member function get_var() on a non-object in /xxx/wp-content/mu-plugins/custom_anti_spam.php on line 278, referer: some search engine

    I did the setup using the alternative method because first I tried with plugin commander but then I noticed that the script was creating 2 extra tables per blog, and at 3000 blogs thats a lot of tables I didnt want, plus all the different word files in /words/.

    Anyway, I followed the instructions and the plugin works fine except when I click on Custom Anti Spam link I get the "no words file found, deactivate and activate the plugin again" error. The /words/ folder is writable and is in /plugins/custom-anti-spam, while the rest of the files are at /mu-plugins/, just like your instructions say. I’ve checked the file and I noticed that there are other instances where $wpdb->prefix is used. Since that was removed from part 1), maybe I should remove all instances of it? I dont know my way around php so I dont know if I should.

    Any suggestions? Thanks. You can mail me if you’d like.

  19. Konstantin says:

    Hello again, I just created a new blog and noticed that users can access the custom anti-spam page, and its supposed to be seen only bu the site admin (me).

    Is there anyway to hide the plugin page from users?

  20. Peter says:

    Hi, try changing the number "7" to "8" or higher (corresponding to the admin user level):

    add_management_page(‘Custom anti-spam’, ‘Custom anti-spam’, 7, ‘custom_anti_spam.php’, ‘cas_manage’);

    (See here and here for more information.)

  21. Lafty says:

    Hi, I’m using your plugin with plugin commander with the latest version of WPMU. Some times, when a new blog is created, the wp_#_cas_count and wp_#_cas_image tables are not created. The user has to deactivate and activate the plugin in order for those tables to get created. Any ideas?

  22. Peter says:

    Hi Lafty, the fact that you say "sometimes" makes it more mysterious. Is there some sort of common thread between those users that you can identify?

  23. Lafty says:

    It looks like just new blogs.. I checked on a blog that was created after I mass activated the plug-in and the anti spam plugin was activated, but the image read * * * INVALID * * * Also, the database tables were not created. I use plugin commander to automatically activate the antispam plugin. I had to turn this off because of the invalid message. I can turn it back on for testing if you have any ideas.

  24. Peter says:

    Hi Lafty,

    It’s fine for blogs created from the back-end, but not for when people register through the front-end, right? I believe that the problem stems from the fact that a few versions ago, I made the install and uninstall functions in the plugin available only through the back-end of the site (for efficient loading of code). To solve this problem, find this line:

    } // Close the back-end check

    And move it to be above this line:

    // Install the anti-spam word database table upon plugin activation

  25. Cryonic says:


    There is a problem with the MU instructions using the alternate method. Following the instructions, I still get this as path, which is wrong.

    We need to replace all instances of "wp-content/plugins" with "wp-contents/", not just the two lines mentioned in the instructions.

    Reply from Peter: Thanks for pointing that out. I have revised the text accordingly :)

  26. Tom says:

    I had a problem with MU 2.7.1 and the registration form protection option.

    Even after installing the latest code from Peter’s link here, it kept trying to validate again on the second sign up page. I inserted the following code as the first two lines in the function cas_register_post in custom_anti_spam.php and it fixed the problem.

    if ($_POST['stage'] == ‘validate-blog-signup’)
    return $result;

Speak your mind

To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word