Plugin Author: fastsecure
WordPress profile: fastsecure
Last updated: July 28, 2017 (2 months ago)
Tested up to (WP version): WP 4.8.2
Rating: 5 (out of 5)
Adds Secure Image CAPTCHA anti-spam to WordPress pages for comments, login, registration, lost password, BuddyPress register, bbPress register, wpForo register, bbPress New Topic and Reply to Topic Forms, Jetpack Contact Form, and WooCommerce checkout.
In order to post comments, login, or register, users will have to pass the CAPTCHA test. This prevents spam from automated bots, adds security, and is even compatible Akismet. Compatible with Multisite Network Activate.
If you don’t like image captcha and code entry, you can uninstall this plugin and try my new plugin Fast Secure reCAPTCHA
Help Keep This Plugin Free
If you find this plugin useful to you, please consider making a small donation to help contribute to my time invested and to further development. Thanks for your kind support! – Mike Challis
- Secure Image CAPTCHA.
- Optional setting to hide the Comments CAPTCHA from logged in users.
- Enable or disable the CAPTCHA on any of the pages for comments, login, registration, lost password, BuddyPress register, bbPress register, wpForo Register, Jetpack Contact Form, and WooCommerce checkout.
- Login form – WordPress, BuddyPress, bbPress, wpForo Forum, WooCommerce, WP Multisite
- Lost Password form – WordPress, BuddyPress, bbPress, wpForo Forum, WooCommerce, WP Multisite.
- Register form – WordPress, BuddyPress, bbPress, wpForo Forum, WooCommerce, WP Multisite.
- Comment form – WordPress, WP Multisite.
- Signup new site – WP Multisite.
- Checkout form – WooCommerce.
- Jetpack Contact Form.
- bbPress New Topic, Reply to Topic Forms.
- You can disable any of the forms you don’t want CAPTCHA on.
- Style however you need with CSS.
- I18n language translation support.
- Compatible with Akismet.
- Compatible with Multisite Network Activate.
- I18n language translation support. See FAQ.
Captcha Image Support:
- Open-source free PHP CAPTCHA library by www.phpcaptcha.org is included (customized version)
- Abstract background with multi colored, angled, and transparent text
- Arched lines through text
- Refresh button to reload captcha if you cannot read it.
After the plugin is activated, you can configure it by selecting the
SI Captcha options tab on the
Admin Plugins page.
Once activated, a captcha image and captcha code entry is added to the comment and register forms. The Login form captcha is not enabled by default because it might be annoying to users. Only enable it if you are having spam problems related to bots automatically logging in.
How to Install on WordPress
Install automatically through the
Add Newmenu in WordPress, find in the Plugins directory, click Install, or upload the
Activate the plugin through the
Pluginsmenu in WordPress.
Configure on the settings page, be sure to select all the forms you want to protect.
Updates are automatic. Click on “Upgrade Automatically” if prompted from the admin menu. If you ever have to manually upgrade, simply deactivate, uninstall, and repeat the installation steps with the new version.
How to install on WordPress Multisite with Network Activate and Main site control of the settings
Install the plugin from Network Admin menu then click Network Activate.
Go to the Main site dashboard and click on settings for this new plugin.
Configure on the settings page, be sure to select all the forms you want to protect. All the settings configured here will be applied to all the sites. Other site admins cannot see or change the settings.
How to install on WordPress Multisite with Network Activate and individual site control of the settings
Install the plugin from Network Admin menu then click Network Activate.
Go to the Main site dashboard and click on settings for this new plugin. Configure on the settings page, be sure to select all the forms you want to protect.
Check the setting: “Allow Multisite network activated sites to have individual SI CAPTCHA settings.” Now each site admin can configure the settings on their dashboard SI CAPTCHA settings page, and be sure to select all the forms to protect.
How does it work?
Users users will have to pass the Secure Image CAPTCHA test. They are shown an image with a code, then they have to enter the code in the form field before the click submit. If the code does not match, the form will return “Incorrect CAPTCHA”.
What are spammers doing anyway?
They actually visit your form and fill it out including the CAPTCHA.
Human or Spambot probes
Sometimes contain content that does not make any sense (jibberish). Humans or Spam bots will try to target any forms that they discover. They first attempt an email header injection attack to use your web form to relay spam emails. This form is to prevent relaying email to other addresses. After failing that, they simply submit the form with a spammy URL or black hat SEO text with embedded HTML, hoping someone will be phished or click the link.
Blackhat SEO spammers
Spamming blog comment forms, contact forms, Wikis, etc. By using randomly generated unique “words”, they can then do a Google search to find websites where their content has been posted un-moderated. Then they can go back to these websites, identify if the links have been posted without the rel=”nofollow” attribute (which would prevent them contributing to Google’s algorithm), and if not they can post whatever spam links they like on those websites, in an effort to boost Google rankings for certain sites. Or worse, use it to post whatever content they want onto those websites, even embedded malware.
Human-powered CAPTCHA solvers
It is easy and cheap for someone to hire a person to enter this spam. Usually it can be done for about $0.75 for 1,000 or so form submissions. The spammer gives their employee a list of sites and what to paste in and they go at it. Not all of your spam (and other trash) will be computer generated – using CAPTCHA proxy or farm the bad guys can have real people spamming you. A CAPTCHA farm has many cheap laborers (India, far east, etc) solving them. CAPTCHA proxy is when they use a bot to fetch and serve your image to users of other sites, e.g. porn, games, etc. After the CAPTCHA is solved, they post spam to your form.
Spammers have been able to bypass my CAPTCHA, what can I do?
Make sure you have configured the settings page and enabled the CAPTCHA on all your forms.
The CAPTCHA will not show to logged in users posting comments if you have enabled this setting: ‘No comment form CAPTCHA for logged in users’. Enable this setting if a logged in user is the spammer.
Check for a plugin conflict.
A plugin conflict can break the validation test so that the CAPTCHA is never checked.
Be sure to always test all the comments, login, registration, and lost password CAPTCHA forms after installing or updating themes or plugins.
Troubleshoot plugin conflicts, see troubleshooting below.
Sometimes your site becomes targeted by a human spammer or a spam bot and human captcha solver. If the issue persists, try the following suggestions:
Try allowing only Registered users to post, and or moderating comments.
Read more about Combating Comment Spam
Filter Spam with Akismet – The Akismet plugin filters spam comments. Akismet should able to block most of or all spam that comes in.
I made another plugin with Google No CAPTCHA reCAPTCHA that has realtime bot detection. You can uninstall this plugin and try my new plugin Fast Secure reCAPTCHA
How can I change the color of the CAPTCHA input field on the comment form?
If you need to adjust the captcha input form colors, See this FAQ
Troubleshooting the CAPTCHA image or form field does not display, or it does not block the form properly
Another plugin could be causing a conflict.
Temporarily deactivate other plugins to see if the CAPTCHA starts working.
Your theme could be missing the wp_head or wp_footer PHP tag. Your theme should be considered broken if the wp_head or wp_footer PHP tag is missing.
Do this as a test:
In Admin, click on Appearance, Themes. Temporarily activate your theme to one of the default default themes.
It does not cause any harm to temporarily change the theme, test and then change back. Does it work properly with the default theme?
If it does then the theme you are using is the cause.
Missing CAPTCHA image and input field on comment form?
You may have a theme that has an improperly coded comments.php
When diagnosing missing CAPTCHA field on comment form….
Make sure your theme has
<?php comment_form(); ?>
/wp-content/themes/[your_theme]/comments.php. (look inside the Twenty Ten theme’s comments.php for proper example.
Make sure that the theme comments.php file contains at least one or more of the standard hooks:
do_action ( ‘comment_form_logged_in_after’ );
do_action ( ‘comment_form_after_fields’ );
do_action ( ‘comment_form’ );
If you didn’t find one of these hooks, then put this string in the comment form:
ID ); ?>
The CAPTCHA and input field does not display on JetPack comments form
If you have JetPack comments module enabled then captcha/recaptca/anti-spam plugins will not work on your comments form because the comments are then loaded in an iFrame from WordPress.com The solution is to disable the comments module in JetPack, then the CAPTCHA plugin will work correctly on your comments form.
Troubleshooting if the CAPTCHA image itself is not being shown on the comment form:
By default, a logged in user not see the CAPTCHA on the comment form. If you click “log out”, go look and it should be there. Make sure you have configured the settings page and enabled the CAPTCHA on the comment form.
If the image is broken and you have the CAPTCHA entry box:
This can happen if a server has folder permission problem, or the WordPress address (URL)
or Blog address (URL) are set incorrectly in WP settings: Admin, Settings, General
See FAQ page on fixing this problem
The CAPTCHA refresh button does not work
Your theme could be missing the wp_footer PHP tag. Your theme should be considered broken if the wp_footer PHP tag is missing.
All WordPress themes should always have
<?php wp_footer(); ?> PHP tag just before the closing
The CAPTCHA is not working and I cannot login at my login page
This failure could have been caused by another plugin conflict with this one.
If you use CAPTCHA on the login form and ever get locked out due to CAPTCHA is broken, here is how to get back in:
FTP to your WordPress directory
Delete this folder:
This manually removes the plugin so you should be able to login again.
Is this plugin available in other languages?
Yes. To use a translated version, you need to obtain or make the language file for it.
At this point it would be useful to read Installing WordPress in Your Language from the Codex.
You will need an .mo file for this plugin that corresponds with the “WPLANG” setting in your wp-config.php file.
Translations are listed below — if a translation for your language is available, all you need to do is place it in the
/wp-content/plugins/si-captcha-for-wordpress/languages directory of your WordPress installation.
If one is not available, and you also speak good English, please consider doing a translation yourself (see the next question).
The following translations are included:
- Albanian (sq_AL) – Romeo Shuka
- Arabic (ar) – Amine Roukh
- Belorussian (by_BY) – Marcis Gasuns
- Chinese (zh_CN) – Awu
- Czech (cs_CZ) – Radovan
- Danish (da_DK) – Parry
- Dutch (nl_NL) – Robert Jan Lamers
- French (fr_FR) – BONALDI
- German (de_DE) – Sebastian Kreideweiss
- Greek (el) – Ioannis
- Hungarian (hu_HU) – Vil
- Indonesian (id_ID) – Masino Sinaga
- Italian (it_IT) – Gianni Diurno
- Japanese (ja) – Chestnut
- Lithuanian (lt_LT) – Vincent G
- Norwegian (nb_NO) – Roger Sylte
- Polish (pl_PL) – Tomasz
- Portuguese Brazil (pt_BR) – Newton Dan Faoro
- Portuguese Portugal (pt_PT) – PL Monteiro
- Romanian (ro_RO) – Laszlo SZOKE
- Russian (ru_RU) – Urvanov
- Serbian (sr_SR) – Milan Dinic
- Slovakian (sk_SK) – Marek Chochol
- Spanish (en_ES) – zinedine
- Swedish (sv_SE) – Benct
- Traditional Chinese, Taiwan Language (zh_TW) – Cjh
- Turkish (tr_TR) – Burak Yavuz
- More are needed… Please help translate.
Can I provide a new translation?
Please read How to translate SI Captcha Anti-Spam for WordPress
Can I update a translation?
Please read How to update a translation of SI Captcha Anti-Spam for WordPress
screenshot-1.png is the captcha on the comment form.
screenshot-2.png is the captcha on the registration form.
screenshot-3.png is the
Captcha optionstab on the
Latest Change log entry:
- I’m starting to update all the language files to reflect the new strings. Please submite your localization to let this plugin speak even more languages!
- Fixed a regression bug introduced as a typo during the first round of code clean-up.
bbPress, buddypress, captcha, recaptcha, woocommerce
+ Jason's Comments
Warning: this plugin has been removed from the WordPress repository. (see note)
Update to version 3.0.3 for safe version.
I have now replaced this plugin with WP ReCaptcha Integration, which is an anti bot tick box, an easier alternative for users than to decode a captcha image.