A number of folk have been starting to see some more spam comments appearing in their logged out comments section, posted by bots.
I’ve already written an Akismet plugin, which has helped with some of it, and Known core has also been extended with some countermeasures. However, I have wanted to see if I could do some more.
When I was wearing one of my other hats the other day, I had the opportunity to play with the new Recaptcha 3 code, and I thought I’d bring it to Known.
Recaptcha 3 takes a new approach to detecting bots. Rather than getting a popup and getting you to click on pictures (which is very very annoying, and hard for those with accessibility issues), Recaptcha 3 does some arcane magicks behind the scenes to determine who’s bot or not, and then gives you a score indicating the likelihood that you’re dealing with a human. 1.0 for high likelihood of a meat sack, 0.0 for a bot, and then any value in between.
Much like with spam detectors like Spam Assassin, you can then set your own threshold values and do this on a page by page basis.
Crucially, you’re never going to get a popup. Thank the Gods.
Anyway, I’ve built this out as a plugin. Out of the box, you’ll get protection for login, registration, and public comments, but you can extend it to protect your own custom forms without too much trouble.
Have a play!
Thanks! I installed it. As nothing happens if you comment, is there a way to verify it is working?
This Article was mentioned on brid-gy.appspot.com
It’s the simplest possible implementation at the moment, but you should be able to see the score and the result of the challenge by looking at the logs. Also, pages that perform the captcha checking will have the Recaptcha logo in the bottom right of the screen.
Thanks, i noticed the logo.
Works great, no spam since some days.