What is WP Hashcash?

WP Hashcash is an antispam plugin that eradicates comment spam on Wordpress blogs. It works because your visitors must use obfuscated javascript to submit a proof-of-work that indicates they opened your website in a web browser, not a robot. If the javascript check fails, WP Hashcash now gives you three options; it can either put the comment into moderation (default), put the comment in the akismet queue, or delete it.

WP Hashcash also protects the signup forms of WordPress Multi-User (WPMU) and BuddyPress (BP) blogs.

Features:

• Blocks all comment spam, but not real comments
• Also prevents most trackback / pingback spam
• Also protects signup pages for Wordpress (WP), BuddyPress (BP), and Wordpress Multi-User (WPMU)
• Widget support to display spam statistics and edit the configuration
• Works with IE, Firefox, and Safari
• 100% standards compliant XHTML 1.1, works with jQuery and Prototype
• Tested with Wordpres 2, Firefox, Safari, IE, and Chrome
• Akismet compatibility

Limitations:

• Javascript is required to submit a comment

WP Hashcash relies on the presence of two hooks in your theme, wp_head and comment_form. If your theme doesn’t include these actions, you will need to add them immediately before the </head> and </form> tags respectively.

Download:

You can download the latest version of WP Hashcash from Wordpress Extend: wp-hashcash.zip.

To install WP Hashcash, please download the plugin and unzip it, then copy the wp-hashcash.php file to wp-content/plugins. Activate the plugin and drag into your Widgetized sidebar for public statistics, or visit Options, WP Hashcash from the admin panel to configure options:

Questions & Answers:

I’m having issues with it working.
If you’re installing it over an older version, please disabled then re-enable the plugin. This will reset the preferences.

Do I need widgets to use this?
No, WP Hashcash ships with reasonable defaults, and lets you change them via the standard Wordpress options panel.

How does it prevent comment spam?
By forcing clients submitting comments to additional compute a value from javascript and submit it along with the comment.

How does it prevent trackback spam?
By comparing the IP of the trackback’s url with the senders IP, and by looking in the trackback’s url for a link back to your post.

Testimonials:

• “One of my favorites” (src)
• “this is a clever idea that I think might work well” (src)
• “I haven’t had a single comment spam in my comment moderation queue for over a week now. I’m feeling the love!” (src)
• “The least annoying one I have found” (src)
• “this thing was a trivial install” (src)
• “a fancier technique” (src)
• “Comment Spam is a thing of the past, and I owe it to Spam Stopgap Extreme. If you use WordPress, I highly recommend installing this plugin. It has completely eliminated the comment spam problem I was having. I no longer need the spammer Tarpit plugin, or anything.” (src)
• “Why am I not worried about comment spam anymore? Because of my awesome new blog plugin, Spam Stopgap Extreme. This baby blocks any bot trying to post to my blog. No blacklists, no moderation, no “spam points”, no nothing. You won’t even know that it’s working.” (src)
• “I haven’t had anything to “deal” with in several weeks. That’s a nice thing. I’ve also had a bunch of folks leave legitimate comments that have gotten through. It’s all good.” (src)

Changelog:

WP Hashcash 4.5

• Support onload via jQuery / Prototype if they happen to be loaded
• Protect BuddyPress (BP) signup pages

WP Hashcash 4.4

• Admin users can now comment from Dashboard
• Tested on WP 2.9.2 in Chrome, IE, and FF
• Fix a potential JS error

WP Hashcash 4.1

• Added a new options page under Options, Wordpress Hashcash
• Fixed XHTML standards compliance
• Added validation options for pingbacks and trackbacks (stolen from here)
• Added a logging option for moderated comments

WP Hashcash 4.0.5:

• Added an option for handling comments via moderation, the akismet queue, or deletion
• Removed database dependencies
• Removed error message for hash fail
• Added the noscript tag for users without javascript
• Corrected the widget formatting
• Changed zip file format from winrar to 7zip, hopefully it will be more compatible

WP Hashcash 4.0.4:

• Removed version checking
• Removed an unnecessary <link> element in the head section

WP Hashcash 4.0.3:

• Suppress errors on loading remote version by any method
• Fix typo-bugs everywhere affecting the widget reporting, date checking, etc
• Strip tags from remote version
• Try various methods to get remote version, ignore if we can’t open sockets
• Fix a bug with one of the javascripts

Should you encounter any issues using this widget, please leave a comment. Likewise for improvements, outcry, and other commentary you might have.