You are here: Home » PHP » [ En ] » WordPress hack: a way to stop the bots from registering

WordPress hack: a way to stop the bots from registering

1 April |

This “hack” is now a fully customizable WordPress plugin, more info here

Message to my spammers: Why can’t you just ignore my site you stupid f***! What did I ever do to you? Well I’m sure you will not read this message, at least your bots will so fu** them to! You may burn in hell with them!

  After I’ve secured my web site with anti-spam plugins I’ve been assaulted by registering bots who will register an account and then spam me! I think that is a smart bot who reads the mail for the password, that is clever indeed but don’t use it on my site! Bitch! Sorry for my language I’m kind of angry right now but happy at the same time because I’ve managed to “hack” wordpress a little and put a Captcha functionality when registering. Thanks Web 1 Marketing for the QuickCaptcha script. Let’s see if spammers bots are smart enough now!

How to modify your wordpress installation and include a Captcha check? *
The easy way : *
1. Backup your wp-login.php file from your wordpress installation folder
2. Replace your wp-login.php file with the one modified by me: and upload the wp-captcha.php script file in your wordpress installation folder (download wp-captcha.php)

Step by step way:*
1. Make a backup of your wp-login.php file (located in your installation folder)
2. Open wp-login.php for editing it and replace the call to nocache_headers(); with session_start(); from the top of the file:

3. Search for “case ‘register’ :” and add the image check code:

// verify the image
         if ($_SESSION['string'] != $_POST['imgver_string'])
          $errors['user_email'] = __('<strong>ERROR</strong>: Invalid verification code.');

         //end verify image

4. Scroll down in the wp-login.php file until you see the register form code “registerform” and insert the Captcha check image and fields code:

Free Image Hosting at

<!-- verify image -->
    echo '<br><img src="wp-captcha.php?rand=' . rand(0,999999) . '" border="0" /></p>
        <p><label for="code"><p>Please enter the code shown above:</label>
        <input class="input" name="imgver_string" id="imgver_string" type="text" size="20" tabindex="10" value="" /></p>'
 <!-- end verify image -->

5. Save the wp-login.php file.
6. Download the wp-Captcha.php script and upload it in the same folder as the wp-login.php file
7. That is all. Try it, here is how my Captcha hack looks like : register

* above steps apply to my wordpress version 2.1.1, it may be different for other versions.

My modified wp-login.php [36 downloads]
Donate      Download    Report
You like this post? Be the first of my friends to give me a beer! click here. Thanks!
Filed under

PHP, [ En ]

| Tags:


  1. Raz – I’m running over 50 wordpress sites for myself and others. Generally I have found that Akismet catches 99.9% of SPAM. Can I ask how they are circumventing Akismet on your site? Or are you not running it?

  2. Tacoma Seattle SEO & Web Design

    Great article and awesome tips. I’m glad people still offer valuable information for free. It’s one of the things that keep people coming back!

  3. Aşk Büyüleri

    Hi names hakan .. Great work …. Thanks for your sharing…

  4. Thanks for an elegant solution to a real problem….

  5. Thank you very good for article

  6. ataşehir evden eve nakliyat

    I really apriciate you about your working and sharing
    Great work …. Thanks for your sharing.

  7. hi h r u?

  8. You may also download the plugin here . In my case there were no problems with installation.

  9. thank you very much !!!
    nice share :)

  10. Hey Dear
    Help me for hack Bank.

  11. I hate the stupid little things too so I feel your pain, thank you for creating this captcha for WordPress!

  12. good

    but how i add that to mu 1.2.5 ?

    i try it but i stop in

    3. Search for “case ‘register’ :” and add the image check code:

    i can’t find it ?

    help please ?

  13. Get the plugin from here, more advanced and easy to use/install ;)

  14. Hi Richard,
    I’m on my way with a wordpress plugin for this captcha, more advanced and easy to use. I will release it soon ;)

  15. I’ll recheck things. I know I have yr wp captcha file installed in the right directory & thought I’d installed yr version of WP login as well.

  16. Hi Richard,
    I don’t see the captcha quiz on your registration page, i think it should be there to work :)>- . I will update it if necessary I just need some time… Thanks

  17. I have the wp captcha hack installed, but I’m still getting spam registrations (one ea. in the past two days). It’s still better than not having any protection. But it’s not shutting out all the bots. Perhaps you’d consider upgrading this to combat those bots who can get around the current captcha?

  18. @Sean:You’re welcome :)
    @Peter: I’m glad it helped. For donations see Donations page here, Thank you!
    @Kruma: The math anti-spam protection can be broken you’re right here, but it will stop those lazy bots who can’t pass it . The smarter bots will have to get past my spam dog and trust me no spammer has bypass it ,yet! (the dog = Spam Karma 2 ). The captcha I’ve presented here is not so simple ;)

  19. This math anti spam protection can be broken very easy, trust me.
    With a simple preg_match in php or explode you can have a blog spamer in couple of minutes for the math protection also simple captchas can be broken very easy. Scripts are getting smarter and smarter. It doesn’t matter if you rename the posting script, the bot will extract it directly from the page “wp-comments-post.php” . The best protection is to add an advanced captcha that sometimes you can’t give it right lol. But that won’t be too cool for your users. :d

  20. Works great! Zero spammers registering on 10 WP sites.
    Saved me LOTS of headache.
    Where’s your PayPal link?

  21. :) Thanks for an elegant solution to a real problem. Also, thanks for the detailed write-up and installation procedures.

  22. Hi Will, working fine here so far, bots are not registering anymore and the registrants are receiving their mail as far as i know. The captcha approach will not stop maybe the smart bots who will manage to read the simple numbers/letters in the image challenge-response test but as you can see the characters generated in this captha are deformed in a way that a standard bitmap font letter shouldn’t be matched by a bot… if it will match then a change in the captha algorithm like a different font or deforming the characters more, adding extra colors lines etc will be another challenge for the bot…
    Good luck! and let me know if this hack will work on you…

  23. Has this been working for you? I know the spam protection questions, like the one in this comment form, work, but many in the WP forums say the captcha approach does not stop the bots.

    Also, I see in your registration that you have the new user’s password sent to them rather than letting them choose their own. You don’t have the very common WP problem of new registrants not receiving their email with password? I had to modify my registration to allow users to manually choose their password. New users were not receiving their password emails and there is not yet any fix other than allowing users to choose.

    I actually turned off registration on my site as the only way to stop the spam bots. I allow comments without registering. If someone really wants to register, they just contact me with their info and I do it manually. Works for now as my site is small and fairly new, but it would be a pain on a big, busy site!

  24. Thanks for your corrections Peter.

  25. Great, just what I needed. Thanks for sharing. :)

    I made just two little corrections:

    1. changed the tab index of added input field from 10 to 30, so changing focus between fields with tab works correctly

    tabindex=”10″ -> tabindex=”30″

    2. replaced br tag before cpatcha image with p tag, so we don’t have closing p tag without opening tag after captcha image and also the form now look pretty much the same both in firefox and IE.

  26. @Pirahna: da, e si asta o metoda fast&clean :)

    @Richard Silverstein
    This is not a plugin, don’t install it like one. This is just a “hack”, a way to modify your wordpress files in order to include the captcha test when registering. I didn’t experienced your reported problems on my site. Cookies are accepted and working fine here, what wordpress version are you using? Your wp-login.php maybe different from mine so try the Step by step way, you just need to find the registration form (“registerform”).
    Good luck!

  27. One small issue bugs me a bit about the plugin & perhaps you might address it. Before installing it, I could open my blog in my browser & be automatically logged in. After installing, when I open my blog it doesn’t accept my cookies & won’t log me in unless I do so manually. Isn’t there a way that the plugin could allow people to login if they’re already registered & subscribed?

  28. Well … cea mai buna metoda e sa dai rename la fisiere :-\

  29. javi, just follow my steps and insert the captcha check in to your script, it’s not a big difference between mine and yours . Here is your modified file ;) Let me know if it works I didn’t have time for a full test sorry. Don’t forget to upload wp-Captcha.php script in the same folder as the wp-login.php :)>-

  30. i like very much this hack to wp-login.php but it hasn´t captcha :(