WP Plugins and Widgets For Wordpress 2.1+

WP Hashcash Plugin for Spam

May 28th, 2007 by Elliott Back

hashcash.png

What is WP Hashcash?

WP Hashcash is an antispam plugin that eradicates comment spam on Wordpress blogs. It works because your visitors must use obfuscated javascript to submit a proof-of-work that indicates they opened your website in a web browser, not a robot. If the javascript check fails, WP Hashcash now gives you three options; it can either put the comment into moderation (default), put the comment in the akismet queue, or delete it.

WP Hashcash also protects the signup forms of WordPress Multi-User (WPMU) and BuddyPress (BP) blogs.

Features:

  • Blocks all comment spam, but not real comments
  • Also prevents most trackback / pingback spam
  • Also protects signup pages for Wordpress (WP), BuddyPress (BP), and Wordpress Multi-User (WPMU)
  • Widget support to display spam statistics and edit the configuration
  • Works with IE, Firefox, and Safari
  • 100% standards compliant XHTML 1.1, works with jQuery and Prototype
  • Tested with Wordpres 2, Firefox, Safari, IE, and Chrome
  • Akismet compatibility

Limitations:

  • Javascript is required to submit a comment

WP Hashcash relies on the presence of two hooks in your theme, wp_head and comment_form. If your theme doesn’t include these actions, you will need to add them immediately before the </head> and </form> tags respectively.

Download:

You can download the latest version of WP Hashcash from Wordpress Extend: wp-hashcash.zip.

To install WP Hashcash, please download the plugin and unzip it, then copy the wp-hashcash.php file to wp-content/plugins. Activate the plugin and drag into your Widgetized sidebar for public statistics, or visit Options, WP Hashcash from the admin panel to configure options:

hashcash-options.png

Questions & Answers:

I’m having issues with it working.
If you’re installing it over an older version, please disabled then re-enable the plugin. This will reset the preferences.

Do I need widgets to use this?
No, WP Hashcash ships with reasonable defaults, and lets you change them via the standard Wordpress options panel.

How does it prevent comment spam?
By forcing clients submitting comments to additional compute a value from javascript and submit it along with the comment.

How does it prevent trackback spam?
By comparing the IP of the trackback’s url with the senders IP, and by looking in the trackback’s url for a link back to your post.

Testimonials:

  • “One of my favorites” (src)
  • “this is a clever idea that I think might work well” (src)
  • “I haven’t had a single comment spam in my comment moderation queue for over a week now. I’m feeling the love!” (src)
  • “The least annoying one I have found” (src)
  • “this thing was a trivial install” (src)
  • “a fancier technique” (src)
  • “Comment Spam is a thing of the past, and I owe it to Spam Stopgap Extreme. If you use WordPress, I highly recommend installing this plugin. It has completely eliminated the comment spam problem I was having. I no longer need the spammer Tarpit plugin, or anything.” (src)
  • “Why am I not worried about comment spam anymore? Because of my awesome new blog plugin, Spam Stopgap Extreme. This baby blocks any bot trying to post to my blog. No blacklists, no moderation, no “spam points”, no nothing. You won’t even know that it’s working.” (src)
  • “I haven’t had anything to “deal” with in several weeks. That’s a nice thing. I’ve also had a bunch of folks leave legitimate comments that have gotten through. It’s all good.” (src)

Changelog:

WP Hashcash 4.5

  • Support onload via jQuery / Prototype if they happen to be loaded
  • Protect BuddyPress (BP) signup pages

WP Hashcash 4.4

  • Admin users can now comment from Dashboard
  • Tested on WP 2.9.2 in Chrome, IE, and FF
  • Fix a potential JS error

WP Hashcash 4.1

  • Added a new options page under Options, Wordpress Hashcash
  • Fixed XHTML standards compliance
  • Added validation options for pingbacks and trackbacks (stolen from here)
  • Added a logging option for moderated comments

WP Hashcash 4.0.5:

  • Added an option for handling comments via moderation, the akismet queue, or deletion
  • Removed database dependencies
  • Removed error message for hash fail
  • Added the noscript tag for users without javascript
  • Corrected the widget formatting
  • Changed zip file format from winrar to 7zip, hopefully it will be more compatible

WP Hashcash 4.0.4:

  • Removed version checking
  • Removed an unnecessary <link> element in the head section

WP Hashcash 4.0.3:

  • Suppress errors on loading remote version by any method
  • Fix typo-bugs everywhere affecting the widget reporting, date checking, etc
  • Strip tags from remote version
  • Try various methods to get remote version, ignore if we can’t open sockets
  • Fix a bug with one of the javascripts

Should you encounter any issues using this widget, please leave a comment. Likewise for improvements, outcry, and other commentary you might have.

Tagged with:

107 Responses to “WP Hashcash Plugin for Spam”

  1. TulsaWeb says:

    I’ve been using hashcash for a while, but this is the first time I’ve run into an issue.

    I’m getting spam with this phrase as the tail for each message:

    [WORDPRESS HASHCASH] The poster sent us ’0 which is not a hashcash value.

    Can you explain??

  2. jm says:

    Comment deleted by wp hashcash.

    What am I doing wrong?

  3. I think this will not work, the web evolved :)

  4. Igor says:

    The only working plugin out of about 7 I tried.

  5. Geo says:

    Hi, I’m running BuddyPress 1.5.6 and default theme.
    I’ve installed WP Hashcash Extended. How do I know that the plugin is working?
    You say:
    “WP Hashcash relies on the presence of two hooks in your theme, wp_head and comment_form. If your theme doesn’t include these actions, you will need to add them immediately before the and tags respectively.”
    In what file do I need to check for these hooks?
    Thanks.

  6. Ken says:

    Hi!
    I like Hashcash, but it’s acting incompatible with the Firewall 2 plugin…

    Any fix?

    Thanks!

  7. Stop Rampant Javascript Abuse says:

    Don’t use this. Keep the web open and accessible! This will make your comment form inoperable for many mobile users, and people with handicaps that are using Braille browsers and so on. Javascript should NEVER be a requirement to USE your web site, and the spammer will find a way around garbage methods like this anyway.

    • DesignMission says:

      I have to disagree with you here — this isn’t ‘abuse’ of JavaScript at all. People with handicaps and Braille browsers may still submit comments, and yes, they are very likely to be flagged as spam, but that shouldn’t be considered ‘abuse.’ This program simply takes the key commonalities of spammer submissions and flags these submissions as likely spam. That seems like a very intelligent thing to do.

      You have JavaScript disabled? Good luck on most websites today. This comment offers no alternative or solution either. This is not a ‘garbage method’ but a highly successful one for stopping 1,000s of spam messages on my website each year. I welcome it whole-heartedly.

      • ZinkDifferent says:

        Sadly, it breaks the ability to post comments via the Wordpress APP (on mobile devices) – yet, it *is* incredibly useful for what it does. It would be even nicer if it (particularly the Wordpress Plugin) would be more actively supported – i.e. no updates for around 3 years is kinda lame, IMO, for something as vital as this presents itself as.

        It probably wouldn’t be difficult to provide a specific case scenario for mobile apps, if the dev were to more update this more frequently. I say this with both sadness and frustration, not scorn, as this is a very useful utility, yet I fear abandonment issues will eventually resign it to the trashheap, where it shouldn’t be. (cue the usual: “It’s open source, you can update it yourself, yadda yadda, ad nauseam freetard chatter….”)

        Have there been any attempts at better mobile support?

  8. wtwei says:

    做的很好!

  9. omegle says:

    How about making a contact form plugin with Hash-Cash? I want a contact form plugin, but I don’t want spam or captchas ??

  10. Afiffuddin says:

    Great Plugin, its will block all SPAM comment, that a real point for me to download this plugin. :)

  11. Adam Brown says:

    Just trying out the comment hash system before implementing on my site.

  12. Je says:

    I’ve been using HashCash on my wordpress sites for about 6 months. Definitely has cut down on spam by probably 60%

  13. [...] Hashcash — block most spam without making users deal with a CAPTCHA. This can also be used in conjunction with a CAPTCHA or with Akismet (which should be on every WordPress site). [...]

  14. Johannes says:

    Hello,
    thanks for your great plugin!
    I get the impression that spam bots have managed to execute Javascript by now – during the last week I had around 6 spams that came through hashcash without any warning, but when I looked them up on Google they showed like 20k hits (so I would not believe that anyone is writing them manually)…
    Did you make any similar observations lately?
    Cheers from Germany

  15. Morris says:

    You seem to mention desktop browsers, but at a glance I saw no mention of compatibility with mobile phone browsers…. So posting a comment from an android (SGS with Froyo) phone.

  16. Ipstenu says:

    FYI, per http://wordpress.org/extend/plugins/about/

    There are only a few restrictions
    [...]
    The plugin must not embed external links on the public site (like a “powered by” link) without explicitly asking the user’s permission.

    The powered by slug should be removed OR moved to a checkbox in order to remain in plugin compliance.

  17. [...] なんだか、WordPressへのスパムコメントが日に50個とか届くので「WP-HashCash」(WordPressのPluginページ)なるものを導入してみた。 [...]

  18. Jenny says:

    This used to be my most beloved plugin…now it just dun work anymore. Wut happened Hashcash?

  19. Mizanger says:

    Has this plugin been updated for 3.0.1?

  20. James Hinds says:

    You mention the ‘hooks’: “WP Hashcash relies on the presence of two hooks in your theme, wp_head and comment_form. If your theme doesn’t include these actions, you will need to add them immediately before the and tags respectively.”

    I do not see these “hooks” either in my theme (Thematic) nor in the html source for this very page.

    Can you give an example of the syntax and placement?

  21. miranda kerr says:

    Hi, i’ve installed the latest version with wp 2.9.2 and bp 1.2.4.1 but i don’t see any administration panel, any new version for this problem?

    thank you

  22. angela cox says:

    I do not want it to say powered by WP Hashcash at the bottom of all my blog entries. How can i take this away?

  23. fabislaine says:

    thanks for the great plug-in. i have one question i’ve installed the latest version with wp 2.9.2 and bp 1.2.4.1 but i don’t see any administration panel, any new version for this problem?
    (`´)

  24. fabislaine says:

    I was editing some plugins on my blog and when I refreshed the page I got this error message:

    Fatal error: Cannot redeclare widget_wphc() (previously declared in /home/slojoy/studentdevelopmentblog.com/wp-content/plugins/wp-hashcash/wp-hashcash.php:143) in /home/slojoy/studentdevelopmentblog.com/wp-content/plugins/wp-hashcash/wp-hashcash.php on line 143

    I cannot even log in to my admin on this account to access the plugins! HELP!!!!

  25. fatma says:

    thanks for all

    (‘_’)

  26. Edwin says:

    This looks like a good spam fighting plugin and I might install it. But will it work with wp3 in multi site mode?

  27. deprem says:

    thanks for the great plug-in. i have one question i’ve installed the latest version with wp 2.9.2 and bp 1.2.4.1 but i don’t see any administration panel, any new version for this problem?

  28. Mark says:

    Is this plugin WPMS 3.01 compatible? If yes, will it also work if activated in Site-wide mode?

    • MacRamsay says:

      I have this plugin installed in the super admin site ‘network activated’- but its not available in all the child blogs… I wonder if I am alone with this problem? Or if there are plans to make it available site-wide? Or am i just missing something?!

  29. Colton Shane says:

    Has this plugin been updated for 3.0.1?

  30. Colton Shane says:

    I know it says that this plugin is ready with Firefox, Safari, and IE, but what about Chrome? Chrome is slowly becoming a big dog in the browser business so everything should come compatible with it.

    I’m glad to see people putting up defenses against spam. I hate going to a blog and when I read the comments it is full of “Good post! I like blog of urs.” and other spam messages that were obviously automated.

    If I had a blog, I would definitely use this plugin.

  31. haber61 says:

    I want a contact form plugin, but I don’t want spam or captchas thanks.

  32. [...] avoided using them on Codexon, opting to use JavaScript based anti-spam like WP-SpamFree or WP-HashCash instead. Unfortunately, JavaScript anti-spam is defeated the moment spammers decide to add [...]

  33. Cheryl Silva says:

    What have I done to get a comment like this? How can I rectify it?

    “Your comment has been blocked because the blog owner has set their spam filter to not allow comments from users behind proxies.

    If you are a regular commenter or you feel that your comment should not have been blocked, please contact the blog owner and ask them to modify this setting.”

  34. Joy says:

    I was editing some plugins on my blog and when I refreshed the page I got this error message:

    Fatal error: Cannot redeclare widget_wphc() (previously declared in /home/slojoy/studentdevelopmentblog.com/wp-content/plugins/wp-hashcash/wp-hashcash.php:143) in /home/slojoy/studentdevelopmentblog.com/wp-content/plugins/wp-hashcash/wp-hashcash.php on line 143

    I cannot even log in to my admin on this account to access the plugins! HELP!!!!

  35. aiCasalini says:

    Hi, i’ve installed the latest version with wp 2.9.2 and bp 1.2.4.1 but i don’t see any administration panel, any new version for this problem?

    thank you

  36. [...] and switched to the new default theme. The only plugins I use are Livejournal CrossPoster and WP Hashcash (for blocking automated spam comments), and I need to write a post and get no spam on it to see if [...]

  37. [...] into a comment field. Among the plugins that are recommended is Akismet, SI Captcha Anti-Spam and WP Hashcash. Many Anti-Spam plugins available out there. You just need to choose [...]

  38. Rize Posta says:

    I want a contact form plugin, but I don’t want spam or captchas. Thanks…..

  39. pauld says:

    Thank you. Installation was great. Have used Akismet in the past and it was phenomenal. Thank you again though for a fantastic plugin.

    Paul

  40. Sosyal Beyin says:

    How about making a contact form plugin with Hash-Cash? I want a contact form plugin, but I don’t want spam or captchas

    • Travis says:

      I have been using reCAPTCHA along with my contact forms and have had some success at stopping spam on it. However, having Hash-Cash on a form generator would be very nice!

Leave a Reply

Powered by WP Hashcash

Search Posts


Categories

Blogroll

WP Hashcash

  • By Elliott Back
  • 960801 spam comments blocked out of 19380 human comments. 98.02% of your comments are spam!

Admin

Links

Feeds