WP Hashcash Plugin for Spam
What is WP Hashcash?
WP Hashcash is an antispam plugin that eradicates comment spam on Wordpress blogs. It works because your visitors must use obfuscated javascript to submit a proof-of-work that indicates they opened your website in a web browser, not a robot. If the javascript check fails, WP Hashcash now gives you three options; it can either put the comment into moderation (default), put the comment in the akismet queue, or delete it.
Features:
- Blocks all comment spam, but not real comments
- Also prevents most trackback / pingback spam
- Widget support to display spam statistics and edit the configuration
- Works with IE, Firefox, and Safari
- 100% standards compliant XHTML 1.1
- Tested with Wordpres 2.3, Firefox 2, Safari 3, and IE 7
- Akismet compatibility
Limitations:
- Javascript is required to submit a comment
WP Hashcash relies on the presence of two hooks in your theme, wp_head and comment_form. If your theme doesn’t include these actions, you will need to add them immediately before the </head> and </form> tags respectively.
Download:
You can download the latest version of WP Hashcash from Wordpress Extend: wp-hashcash.zip.
To install WP Hashcash, please download the plugin and unzip it, then copy the wp-hashcash.php file to wp-content/plugins. Activate the plugin and drag into your Widgetized sidebar for public statistics, or visit Options, WP Hashcash from the admin panel to configure options:
Questions & Answers:
I’m having issues with it working.
If you’re installing it over an older version, please disabled then re-enable the plugin. This will reset the preferences.
Do I need widgets to use this?
No, WP Hashcash ships with reasonable defaults, and lets you change them via the standard Wordpress options panel.
How does it prevent comment spam?
By forcing clients submitting comments to additional compute a value from javascript and submit it along with the comment.
How does it prevent trackback spam?
By comparing the IP of the trackback’s url with the senders IP, and by looking in the trackback’s url for a link back to your post.
Testimonials:
- “One of my favorites” (src)
- “this is a clever idea that I think might work well” (src)
- “I haven’t had a single comment spam in my comment moderation queue for over a week now. I’m feeling the love!” (src)
- “The least annoying one I have found” (src)
- “this thing was a trivial install” (src)
- “a fancier technique” (src)
- “Comment Spam is a thing of the past, and I owe it to Spam Stopgap Extreme. If you use WordPress, I highly recommend installing this plugin. It has completely eliminated the comment spam problem I was having. I no longer need the spammer Tarpit plugin, or anything.” (src)
- “Why am I not worried about comment spam anymore? Because of my awesome new blog plugin, Spam Stopgap Extreme. This baby blocks any bot trying to post to my blog. No blacklists, no moderation, no “spam points”, no nothing. You won’t even know that it’s working.” (src)
- “I haven’t had anything to “deal” with in several weeks. That’s a nice thing. I’ve also had a bunch of folks leave legitimate comments that have gotten through. It’s all good.” (src)
Changelog:
WP Hashcash 4.1
- Added a new options page under Options, Wordpress Hashcash
- Fixed XHTML standards compliance
- Added validation options for pingbacks and trackbacks (stolen from here)
- Added a logging option for moderated comments
WP Hashcash 4.0.5:
- Added an option for handling comments via moderation, the akismet queue, or deletion
- Removed database dependencies
- Removed error message for hash fail
- Added the noscript tag for users without javascript
- Corrected the widget formatting
- Changed zip file format from winrar to 7zip, hopefully it will be more compatible
WP Hashcash 4.0.4:
- Removed version checking
- Removed an unnecessary <link> element in the head section
WP Hashcash 4.0.3:
- Suppress errors on loading remote version by any method
- Fix typo-bugs everywhere affecting the widget reporting, date checking, etc
- Strip tags from remote version
- Try various methods to get remote version, ignore if we can’t open sockets
- Fix a bug with one of the javascripts
Should you encounter any issues using this widget, please leave a comment. Likewise for improvements, outcry, and other commentary you might have.
Tagged with: widget support, spam statistics, public statistics, options panel, javascript check, admin panel, widgets, hashcash, moderation, ie 7, hooks, queue, firefox, safari, robot, sidebar, lt, amp, wp, compatibility
Hi have I to paid any thing ?
a better way to anti spam.
me parese muy bueno este blog porque aprendemos mucho de este curso, vemosfotos y muchas cosas mas
oh my.. I must use this plugin! Thanks Elliott. This is what I’m looking for, to stop spam for good. Akismet can’t handle all the spams anymore. ~_~
Hi Elliot, can you email me on how to turn off the notice at the bottom that says “Powered by WP Hashcash” - I know it’s totally not the point, but still..
Just edit the PHP…
Couldn’t this be worked around by using a webBrowser object then figuring out how to reach the form using tabs etc. then using sendKeys to
Yes, theoretically.
[...] over the other. Two I use from time to time that are still being maintained are… WP-SpamFree WP-HashCash There are some others, such as SpamKarma, that were good but are no longer being maintained so I [...]
[...] plugin has a settings page which you can set to filter spam. HashCash can be downloaded from here, make sure it is compatible with your wordpress version [...]
[...] just installed WP Hashcash on my blog to try to get rid of all the spam I’ve been getting. Hopefully no-one will notice it [...]
[...] developed Safe Signup Form using some key functions from Elliot Back’s WP Hashcash. WP Hashcash is an elegant anti-spam plugin for blocking automated submissions to Wordpress [...]
A contact form would be very useful. Any progress/movement on this?
[...] is great news for WPMU user that facing splog signup’s problem. Donncha has modified WP Hashcash plugin for WPMU user to stop splog signup. This is first releases and need to testing whether it’s work [...]
I’ll support this product just because I LOVE the name and message of Hash Cash!
Party On DUDES!
I just installed this plugin alongwith akismet and i must say that now i dont need to keep the comments moderated anymore
Having the same problem as Frank; whenever I submit a comment from admin onto the admin page, it’s held for moderation.
I’m also seeing the following message appear beneath any comments left by any of our registered users;
“[WORDPRESS HASHCASH] The poster sent us ‘0 which is not a hashcash value.”
I’m guessing that’s the ‘logging’ option?
I’d love a way to be able to completely turn off comments protection, as I only need this plugin for the signup protection to prevent spammers from registering. I checked the box next to the ‘comment protection’ option but comments are still going into the moderation queue.
Great plugin, thanks a lot!
There’s just one feature I’m missing at the moment: Comments from the admin shouldn’t be validated thru the tool.
With WP2.7x and the ajax comment plugin Hashcash means that comments from the admin which are created in the wp-admin section are spam because there’s no java running.
[...] WP Hashcash [...]
[...] Hashcash is an antispam plugin that eradicates comment spam on Wordpress blogs… …..read more Download Plugin! Version 4.3 Last Updated: July 30, 2008 Plugin Owner: Authors: ecb29, [...]
After trying different plugins with little success, finally one worth keeping!
Seems to fail for all friends and family members using Firefox on Mac. Works great for Firefox on IE. Any ideas on how to debug?
I get: [WORDPRESS HASHCASH] The poster sent us ‘0 which is not a hashcash value.
I’d love to debug this, but I don’t have a mac. You can test it out with Firebug and see if the WPHC callback gets hit?
it’s working just fine on my site, thank you - caught 2 comments within hours of install on a new site - also using with “cookies for comments” and it is awesome!
if folks want to ‘test it out’ please feel free to hit my site, though only if you’re gonna leave real comments! don’t try ‘manual spam’ to disprove it (what i mean is that you can see a real comment float through just fine, contrary to what others above are saying)
site is at badzit.com, your daily dose of ugly
I was looking for a plugin that prevents spam. And I found this. Better give it a try.
This is inherently broken if a person has NoScript extension in Firefox. I just had a pretty big comment eaten by your WP Plugin because I had no warning about this. If you would be so kind, please people to make sure javascript is enabled so that our posts don’t get eaten up by your plugin. Thanks!
Maybe I’m being pedantic, but claiming that it “Blocks all comment spam, but not real comments” seems to be stretching the truth a bit. A hashcash solution won’t block manually submitted spam (and yes, I’ve seen it!), just the automated types. And just a few lines later, you mention that it does block real comments by people who have JavaScript turned off.
Elliott, thanks for the WP plugin!
Do you by know of a way to do this in straight PHP without Wordpress? I have some contact forms I’d like to Hashcashify, but can’t find a solution.
Couldn’t this be worked around by using a webBrowser object then figuring out how to reach the form using tabs etc. then using sendKeys to send it anyway? This way the user would technically be using a webBrowser
Looks like Hashcash thinks comments with an OpenId enabled website are spam (using the WP-OpenID plugin). Disabling the WP-OpenID plugin or not entering an OpenID website during comment submission seems to be OK with WP-Hashcash.
How about making a contact form plugin with Hash-Cash? I want a contact form plugin, but I don’t want spam or captchas.