Wordpress hack: a way to stop the bots from registering
This “hack” is now a fully customizable Wordpress plugin, more info here
Message to my spammers: Why can’t you just ignore my site you stupid f***! What did I ever do to you? Well I’m sure you will not read this message, at least your bots will so fu** them to! You may burn in hell with them!
After I’ve secured my web site with anti-spam plugins I’ve been assaulted by registering bots who will register an account and then spam me! I think that is a smart bot who reads the mail for the password, that is clever indeed but don’t use it on my site! Bitch! Sorry for my language I’m kind of angry right now but happy at the same time because I’ve managed to “hack” wordpress a little and put a Captcha functionality when registering. Thanks Web 1 Marketing for the QuickCaptcha script. Let’s see if spammers bots are smart enough now!
How to modify your wordpress installation and include a Captcha check? *
The easy way : *
1. Backup your wp-login.php file from your wordpress installation folder
2. Replace your wp-login.php file with the one modified by me: wp-login.zip and upload the wp-captcha.php script file in your wordpress installation folder (download wp-captcha.php)
Step by step way:*
1. Make a backup of your wp-login.php file (located in your installation folder)
2. Open wp-login.php for editing it and replace the call to nocache_headers(); with session_start(); from the top of the file:
3. Search for “case ‘register’ :†and add the image check code:
1 2 3 4 5 6 7 | // verify the image if ($_SESSION['string'] != $_POST['imgver_string']) $errors['user_email'] = __('<strong>ERROR</strong>: Invalid verification code.'); //end verify image |
4. Scroll down in the wp-login.php file until you see the register form code “registerform” and insert the Captcha check image and fields code:
1 2 3 4 5 6 7 | <!-- verify image --> <?php echo '<br><img src="wp-captcha.php?rand=' . rand(0,999999) . '" border="0" /></p> <p><label for="code"><p>Please enter the code shown above:</label> <input class="input" name="imgver_string" id="imgver_string" type="text" size="20" tabindex="10" value="" /></p>'; ?> <!-- end verify image --> |
5. Save the wp-login.php file.
6. Download the wp-Captcha.php script and upload it in the same folder as the wp-login.php file
7. That is all. Try it, here is how my Captcha hack looks like : register
* above steps apply to my wordpress version 2.1.1, it may be different for other versions.
Donate
Download
Report
Programmers should be trusted. If your brain surgeon told you the operation you need takes five hours, would you pressure him to do it in three?
javi
i like very much this hack to wp-login.php but it hasn´t captcha
Raz
javi, just follow my steps and insert the captcha check in to your script, it’s not a big difference between mine and yours . Here is your modified file
Let me know if it works I didn’t have time for a full test sorry. Don’t forget to upload wp-Captcha.php script in the same folder as the wp-login.php 
Pirahna
Well … cea mai buna metoda e sa dai rename la fisiere![:-\](http://raz-soft.com/smilies/yahoo_question.gif ":-\")
“
Richard Silverstein
One small issue bugs me a bit about the plugin & perhaps you might address it. Before installing it, I could open my blog in my browser & be automatically logged in. After installing, when I open my blog it doesn’t accept my cookies & won’t log me in unless I do so manually. Isn’t there a way that the plugin could allow people to login if they’re already registered & subscribed?
Raz
@Pirahna: da, e si asta o metoda fast&clean
@Richard Silverstein
This is not a plugin, don’t install it like one. This is just a “hack”, a way to modify your wordpress files in order to include the captcha test when registering. I didn’t experienced your reported problems on my site. Cookies are accepted and working fine here, what wordpress version are you using? Your wp-login.php maybe different from mine so try the Step by step way, you just need to find the registration form (”registerform”).
Good luck!
Peter
Great, just what I needed. Thanks for sharing.
I made just two little corrections:
1. changed the tab index of added input field from 10 to 30, so changing focus between fields with tab works correctly
tabindex=”10″ -> tabindex=”30″
2. replaced br tag before cpatcha image with p tag, so we don’t have closing p tag without opening tag after captcha image and also the form now look pretty much the same both in firefox and IE.
Raz
Thanks for your corrections Peter.
Will
Has this been working for you? I know the spam protection questions, like the one in this comment form, work, but many in the WP forums say the captcha approach does not stop the bots.
Also, I see in your registration that you have the new user’s password sent to them rather than letting them choose their own. You don’t have the very common WP problem of new registrants not receiving their email with password? I had to modify my registration to allow users to manually choose their password. New users were not receiving their password emails and there is not yet any fix other than allowing users to choose.
I actually turned off registration on my site as the only way to stop the spam bots. I allow comments without registering. If someone really wants to register, they just contact me with their info and I do it manually. Works for now as my site is small and fairly new, but it would be a pain on a big, busy site!
Raz
Hi Will, working fine here so far, bots are not registering anymore and the registrants are receiving their mail as far as i know. The captcha approach will not stop maybe the smart bots who will manage to read the simple numbers/letters in the image challenge-response test but as you can see the characters generated in this captha are deformed in a way that a standard bitmap font letter shouldn’t be matched by a bot… if it will match then a change in the captha algorithm like a different font or deforming the characters more, adding extra colors lines etc will be another challenge for the bot…
Good luck! and let me know if this hack will work on you…
Sean
Peter
Works great! Zero spammers registering on 10 WP sites.
Saved me LOTS of headache.
Where’s your PayPal link?
Kruma
This math anti spam protection can be broken very easy, trust me.
With a simple preg_match in php or explode you can have a blog spamer in couple of minutes for the math protection also simple captchas can be broken very easy. Scripts are getting smarter and smarter. It doesn’t matter if you rename the posting script, the bot will extract it directly from the page “wp-comments-post.php” . The best protection is to add an advanced captcha that sometimes you can’t give it right lol. But that won’t be too cool for your users.
Raz
@Sean:You’re welcome
@Peter: I’m glad it helped. For donations see Donations page here, Thank you!
@Kruma: The math anti-spam protection can be broken you’re right here, but it will stop those lazy bots who can’t pass it . The smarter bots will have to get past my spam dog and trust me no spammer has bypass it ,yet! (the dog = Spam Karma 2 ). The captcha I’ve presented here is not so simple
Richard Silverstein
I have the wp captcha hack installed, but I’m still getting spam registrations (one ea. in the past two days). It’s still better than not having any protection. But it’s not shutting out all the bots. Perhaps you’d consider upgrading this to combat those bots who can get around the current captcha?
Raz
Hi Richard,
. I will update it if necessary I just need some time… Thanks
I don’t see the captcha quiz on your registration page, i think it should be there to work
Richard Silverstein
I’ll recheck things. I know I have yr wp captcha file installed in the right directory & thought I’d installed yr version of WP login as well.
Raz
Hi Richard,
I’m on my way with a wordpress plugin for this captcha, more advanced and easy to use. I will release it soon
Raz
Get the plugin from here, more advanced and easy to use/install
qwe
good
but how i add that to mu 1.2.5 ?
i try it but i stop in
3. Search for “case ‘register’ :†and add the image check code:
i can’t find it ?
help please ?
qwe
this magnificent
http://raz-soft.com/wp-content/plugins/easy-ip2country/flags/sa.png
Where I can find it
Kalina
I hate the stupid little things too so I feel your pain, thank you for creating this captcha for Wordpress!
Prince
Hey Dear
Help me for hack Bank.
ershad
thank you very much !!!
nice share
martin
You may also download the plugin here . In my case there were no problems with installation.
alian
hi h r u?
ataşehir evden eve nakliyat
I really apriciate you about your working and sharing
Great work …. Thanks for your sharing.
Okey Oyna
Thank you very good for article
Evden Eve Nakliyat
Thanks for an elegant solution to a real problem….
Aşk Büyüleri
Hi ..my names hakan .. Great work …. Thanks for your sharing…