I had to get on the CAPTCHA bandwagon
Blog spamming was never something that a blogger can ignore, but the problem of comment spam had mostly been taken care of by Akismet which works incredibly well – lately it have let through only a few false negatives a month.
Registration spamming on the other hand is rather new – I’ve been getting a lot of these (several hits a day) only in the last half a year or so. I’m still not sure what they are trying to do – its not like registered user are exposed to less strict spam checking and even Akismet false negatives do not show up on the site: I have to approve 1st time commenters by hand, so comment spamming basically just spams the administrator.
User registration spamming I guess has the same effect – it spams the administrator with “new user” notifications. And lately it became really annoying and I had to do something.
My solution was to add a CAPTCHA to the registration page. This should have no effect on almost any actual use of this blog: People can still comment without the need for registration – I do not believe it putting road blocks on free speech, and if I have issues with what you say (rarely) or if its spam (more commonly) then I have administrative privileges.
I’m using the Raz-Captcha plugin for WordPress, which is intended specifically for handling registration and login (apparently the author also don’t like to encumber commenters) and allows you to enable CAPTCHAs for either registration or login or both. There was some hacking involved as I’m using the latest WordPress from SVN where the processing of filters have changed and current Raz-Captcha implementation breaks when used with WordPress later then 2.2 (and breaks WordPress). But it was straightforward to fix this after I figured out what went wrong and how the filter API should be handled – not through the WordPress documentation which is virtual silent on the subject, but by looking through code examples of other plugins.
I was never sure what use are “subscriber” accounts on WordPress – it looks to be only relevant if you require registration for commenting, which I believe it bad practice.
Hopefully no one will actually get hurt by the change, except spam bots, but do let me know if there are any regressions.
Weird. I got almost nothing of it. I get them once in a while and I delete them when I think there’s too much. But my last mass deletion was several months ago and I haven’t heard a pip since. Maybe you’re more popular. 🙂
meh. Popular with spam bots. I can live without.