Using reCAPTCHA to prevent spam on your WordPress blog

Recently I have been getting about one spam comment a day on my blog from robots, but today there were three, which was enough for me to take action to stop it.

I checked quickly and found that there is a reCAPTCHA plugin for WordPress that only takes a few minutes to install. If you have not heard of reCAPTCHA before, it is the image with scrambled letters and an associated text box that you have to fill in before you can submit a form on a website. In the past few years, they have added a refresh option that lets you see a new image if you can’t decipher the current image, and there is also an audio option for persons with low or no vision. Also, I discovered that you can use the plugin to generate standards compliant XHTML 1.0 Strict if your WP installation has standards compliant code (that is a project that I hope to finish this year).

The instructions for installing it are here, but they leave out a few steps so I will add them in for your benefit. Note: these instructions are for blogs hosted on your own server; on a free WordPress site, I would imagine you can search for the plugin and follow different steps to install it.

  1. Download the zip file from the plugin site.
  2. Unzip the directory and ftp it to your WP installation: $/wp-content/plugins/
  3. Log in to your WP account and go to the dashboard, then click on the Plugins link.
  4. Find the reCAPTCHA plugin and click the ‘Activate’ link
  5. You should see an error message that reads: “You enabled reCAPTCHA, but some of the reCAPTCHA API Keys seem to be missing.” followed by a link that reads “Fix this.” Click on the link.
  6. That link will open up the WP plugin settings page which contains a link to a page on the reCAPTCHA website where you can generate your public/private key pair.
  7. NOTE: You may have to sign up for a reCAPTCHA account if you don’t have a Google account, otherwise you should be able to just proceed to this step if you are signed into Gmail. Confirm your URL and generate the key pair on the reCAPTCHA site and then, paying attention to which key is public and which is private, carefully copy and paste them into the corresponding text boxes in the WP plugin settings page.
  8. Fill out the other options and, if you run a standards compliant blog, check the box to make the code generated by the reCAPTCHA plugin standards compliant. Don’t forget to click the ‘update’ button to save your settings.
  9. That’s it. Now, before an unregistered user can submit a comment, they must complete the reCAPTCHA field. If you want to see what it looks like, click on the ‘leave a reply’ link below. I chose the “clean” theme for this site, but there are three other options to choose from. Feel free to leave a comment and let people know how to set up reCAPTCHA if you use a free WP site hosted on the WordPress domain.