Wordpress Plugin: Login and Register Anti-Spam Captcha
It is time to update my Anti-Spam robot for wordpress registration page. The hack presented here for spambots is still working for me but I’m getting a bunch of emails from peoples who can’t backup a file and insert a few lines in their register form. So, let’s cut to the chase: I’ve made a plugin that will insert the captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) image automatically in the Login and/or Register page of your wordpress installation. And that is not all, you can play around with 5 different captcha algoritms and customize them the way you want. Hence, ocr geeks have managed to automatically read the image? no problem… change your captcha fonts, color, add some random lines or dots or switch to a different captcha algorithm and you are done.
You will find 5 captcha algorithms in this plugin:
-
(1) PNG-Raz MiXed Fonts : fully customizable
(2) JPG-Tiny Mini : a mini customizable captcha
(3) PNG-GOTCHA from Sol Toure
(4) PNG-phpBB3 8bit Grey from phpBB Group
(5) PNG-PNG-phpBB3 Advanced from phpBB Group
Just use the one you want or you can customize one just for your site. I’m using the PNG-GOTCHA, here is how it looks on my site : register or login. If the captcha alg will mess the image you can refresh/generate another one by clicking on it.
Requirements
This plugin requires Wordpress 2.x.x with PHP 4 (v4.3.0 or newer) and GD Library. GOTCHA alg requires the additional FreeType Library to be installed on your web host for loading the fonts. GD and FreeType Library are usually installed already on your host but if they are not just ask your web host to install them…
Installation
The plugin can be installed in 3 easy steps:
1. Download the plugin (see below).
2. Decompress the .zip archive into your plugins directory (/wp-content/plugins/) keeping zip folder structure intact
3. Enable the plugin in the WordPress Plugins admin page -> Raz-Captcha.
* Go to Options -> Raz-Captcha, adjust the options if necessary and save.
* That’s All! check your login and register pages 
Download
Donate
Download
Details
Report*You can find this plugin on Wordpress.org as well (thank you wordpress!)
Final words
If you have the registration hack installed please restore wp-login.php from your backup or remove the “hacked” lines from wp-login. If you don’t, you will end up with two captcha checks on the registration page.
This plugin is work in progress, the first beta release, and any shouts from you are welcomed. Stay safe and clean 
Programmers should be trusted. If your brain surgeon told you the operation you need takes five hours, would you pressure him to do it in three?
Narcis Garcia
Will you announce the new release of Raz-Captcha in this page? Should I track this post to detect the new version?
Thanks for the work.
Ted
This is a test comment, just to see if it works
ovizii
I have the same problem, the image does not appear and once I log out, I have to delete the raz folder from the server to be able to log in again. I will activate it now, here: http://pacura.ru so you can have a look.
My server fulfills all prerequisites, aka freetype GD, etc.
using wordpress 2.3.3
ovizii
tiny mini works although I have:
Server Settings
* Operating System : Linux
* Server : Apache/2.2.3 (Debian) mod_fastcgi/2.4.2 mod_ssl/2.2.3 OpenSSL/0.9.8c
* Memory usage : 12.8 MByte
* MYSQL Version : 5.0.32-Debian_7etch5-log
* SQL Mode : Not set
* PHP Version : 4.4.4-8 etch4
* PHP Safe Mode : Off
* PHP Allow URL fopen : On
* PHP Memory Limit : 128M
* PHP Max Upload Size : 32M
* PHP Max Post Size : 32M
* PHP Max Script Execute Time : 120s
* PHP Exif support : Yes ( V1.4 )
* PHP IPTC support : Yes
* PHP XML support : Yes
GD support
* GD Version : 2.0 or higher
* FreeType Support : Yes
* FreeType Linkage : with freetype
* T1Lib Support : Yes
* GIF Read Support : Yes
* GIF Create Support : Yes
* JPG Support : Yes
* PNG Support : Yes
* WBMP Support : Yes
* XBM Support : No
* JIS-mapped Japanese Font Support : No
peter
When activated if new user registers, if using a name already registered the original name gets over writen
Raz
@Narcis Garcia: new releases will be announced on site, as a new post/thread, get the site rss feed here or register here for news. Or check this post comments for beta builds and/or quick fixes
@ovizii: are you trying the beta build? not sure what is going on
@peter: It looks like a bug, it doesn’t get overwrited on my side but you will not get the standard error “user already registered”, that is strange, thanks for your bug report, will be fixed in the next build…
Raz
Just Fixed, please re-download the latest beta build here and give it a try (just overwrite your existing files), it should now show the standard wordpress errors as usual on registration errors.
Thanks
Narcis Garcia
Affects this bug to the stable version?
Raz
Yes it does, this bug is from the first release of this plugin, I encourage you to use the latest build, it also introduces captha check on comments, very good against comments bots (not useful for trackbacks tho, but a decent spam filter such as Akimset should suffice for trackbacks) .
Good luck
albertcito
Excelente plugin, era casi lo que buscaba. Me interesarÃa que la persona que se registre pueda ser author. gracias.
Raz
Hi albertcito,
Thanks for your feedback, didn’t quite understand what you’re “interesarÃa”. English please
Narcis Garcia
Albercito said: Excellent plugin, it was almost what I was looking for. I wish who registers could be author. thanks.
Max Kima
I used Akismet and this one! Like them both! Thanx for the site!
Anonymous
I sed it too! Really good
andrew
Still works with 2.5 with one bug.
For the Logon protection. If they type in the wrong code you get an error.
ljmacphee
I’m getting an error since upgrading to WP 2.5
[13-Mar-2008 17:03:01] WordPress database error Table ‘mobile.wp_options’ doesn’t exist for query SELECT option_value FROM wp_options WHERE option_name = ’siteurl’ LIMIT 1
The plugin still works, so I guess it is a warning not an error message.
Is this an easy fix for you?
Thanks for the plugin, I can’t tell you how many hours of sorting through bot registrations it saves me!
ljmacphee
Sorry - wrong error - it’s been a long day!
[01-Apr-2008 10:56:51] PHP Fatal error: Cannot use object of type WP_Error as array in /home/directory/public_html/website/wp-content/plugins/raz-captcha/raz-captcha.php on line 633
andrew
That error is the same i’m getting. It only if you type in the CAPTCHA code in wrong. But at least isn’t not fatal.
Raz
Hi all and thanks for your feedback
Things changed inside last wp version, i’ll get this plugin updated as soon as I’ll get enough time to “dig inside” the new wp version
not sure when tho…
Thanks
PNOOZ
Is it possible to have the “Captcha engine” option in the “Raz-Captcha Options” page default to PNG-Raz Mixed Fonts or one of the others besides PNG-GOTCHA? If so, please porvide document and line.
Thanks for your excellent work!
Kalina
Very nice, thank you, I can’t wait to try it out. Sorry I replied on the other post, not realizing the date.
Axel
After moving to a new server (database backup), the plugin shows the following error:
Warning: Cannot use a scalar value as an array in /var/www/web110627/html/wp-content/plugins/raz-captcha/raz-captcha.php on line 590
MarkRH
After upgrading to WordPress 2.5.1, I am getting a blank white page when trying to login. The following php error is generated:
PHP Fatal error: Cannot use object of type WP_Error as array in /home/(deleted)/public_html/blog/wp-content/plugins/raz-captcha/raz-captcha.php on line 590
Server was recently upgraded to PHP 5.2.5 as well.
I had to rename the raz-captcha directory so I could re-log into WordPress. Not sure if the new version of WordPress or PHP version is causing the problem.
MacBros
Latest version of Wordpress doesn’t like this plug in.
Get a 500 error when trying to log in now. Had to disable the plugin in order to write posts.
Please update the plugin please. Nothing I hate worse is spammers trying to create fake registrations.
MacBros
PHP 5 here BTW too.
Steph
The registration page looks fine, but the login page now throws this error:
Fatal error: Cannot use object of type WP_Error as array in /home/seethehu/public_html/wp-content/plugins/raz-captcha/raz-captcha.php on line 590
Steph
Also, the logout page throws same error (this is on different blog, same host):
Fatal error: Cannot use object of type WP_Error as array in /home/seethehu/public_html/tuscolamops/wp-content/plugins/raz-captcha/raz-captcha.php on line 590
hubevolution
sorry you can delete previous comment is a wrong post here it is full version :
I found a solution to make this plugin work under 2.5.1 WP , in file raz-captcha.php in wp-content/plugins/raz-captcha/ just do the following :
search for line :
add_action(’wp_authenticate’, ‘check_captcha_login’);
and replace with this one :
add_action(’wp_authenticate_user’, ‘check_captcha_login’);
then search for line :
function check_captcha_login()
and replace ALL the function code with this one :
function check_captcha_login($user)
{
reget_session_options();
if ($_SESSION['rca_ses_option']['rca_login'])
{
global $error;
$err=check_captcha();
$wz_err = new WP_Error();
if ($err) {
$error=$err;
$wz_err->add(’error’,__(’WRONG CODE’));
return $wz_err;
}
return $user;
}
}
I hope this helps and ofcourse RAZ you can release this patch with a new version of this great plugin
Axel
@hubevolution:
With that change I’m unable to reactivate the plugin: It produces a fatal error in line 594, an “unexpected T String”:
$wz_err->add(’error’,__(’WRONG CODE’));
hubevolution
quite strane it works fine for me are you in php4 or php5 ? I am on php5 , well actually you can try this way :
$wz_err->add(’error’,’WRONG CODE’);
or
$wz_err->add(’error’,’’);
let us know
Axel
MySQL Client 5.0.32
The first line produces the same Parse error (unexpected T String). The second one seems to work at first, but after activating the plugin, it doesn’t generate any images, neither on the config page nor when registering as a new user.
Another problem of this is that I cannot login anymore when the plugin is active now. The system shows a “wrong password” message.
OJWay
Confirming Axel - I did exactly what he did and I’m in the same place!
hubevolution
well we have to understand where is the difference between your environments and mine since I am using it on wordpress 2.5.1 without any problem.
I have uploaded my raz-captcha modded plugin here can you test it please ?
http://www.filefactory.com/file/cf4f9f/
thanks
Axel
same problem: plugin can be activated and adjusted but does not generate images.
Rain
I’m getting the same errors on line 590 with old version - line 594 error when I try hub’s mod.
Ican’t seem to get the other captcha program for WP to work so I’m hoping this one will be updated or fixed soon.
Azubi
It seems to me, that it doesn´t work with WordPress 2.7. Will there be an update soon? Otherwise I should look for an other plugin to protect against registration SPAM.
gorge
Last Wordpress doesn’t work with this plug in.i get error
keirc
The Captcha image does not show up on my Register or Login page. Please help.
I uploaded the folder and all files without changing any names, activated it within the Plugins tab, and now have all the Raz-Captcha options within the Options tab. But, nothing shows up on the site-side. What am I missing?
My WordPress is 2.0.2
Thanks,
KK
Basti
i cant login!!!!!
Wordpress 2.7
Error:
Fatal error: Cannot use object of type WP_Error as array in /var/www/html/web428/html/wordpress/wp-content/plugins/raz-captcha/raz-captcha.php on line 590
I NEED HELP PLZ !
Raz
Just delete the plugin from the wordpress plugin folder
i didn’t get it fully updated for 2.7 version of wordpress, sorry 
BB4L
Hi,
if i want registrate i become the following error:
Fatal error: Call to a member function get_error_code() on a non-object in /var/www/virtual/gekkocavemedia.net/htdocs/langnase-blog/wp-login.php on line 175
Any help?
Greets BB4L
Oded
I’ve patched the plugin to work with the latest Wordpress 2.8 from SVN. Here is the patch required:
—8add(’raz-captcha’, $err);
}
-
+ return $errors;
}
//—————————————————————-
-function check_captcha_register()
+function check_captcha_register($errors)
{
reget_session_options();
- if ($_SESSION['rca_ses_option']['rca_register'])
- return check_captcha();
-
+ if ($_SESSION['rca_ses_option']['rca_register']) {
+ $err=check_captcha();
+ if ($err) $errors->add(’raz-captcha’, $err);
+ }
+ return $errors;
}
//—————————————————————
—8<—
I have only tested this with the registration process, as I don’t have it enabled for logins (I think its kind of useless - I’m not trying to protect against dictionary attacks on known user names).
Oded
Sorry, the previous message got broken - can you please delete it? I’m trying again:
I’ve patched the plugin to work with the latest Wordpress 2.8 from SVN. Here is the patch required:
— raz-captcha/raz-captcha.php 2008-02-19 23:05:24.000000000 -0500
+++ raz-captcha/raz-captcha.php 2009-05-04 06:16:05.000000000 -0400
@@ -580,27 +580,27 @@
//—————————————————
-function check_captcha_login()
+function check_captcha_login($errors)
{
reget_session_options();
if ($_SESSION['rca_ses_option']['rca_login'])
{
- global $errors;
$err=check_captcha();
- if ($err) $errors['error']=$err;
- //return $errors['error'];
+ if ($err) $errors->add(’raz-captcha’, $err);
}
-
+ return $errors;
}
//—————————————————————-
-function check_captcha_register()
+function check_captcha_register($errors)
{
reget_session_options();
- if ($_SESSION['rca_ses_option']['rca_register'])
- return check_captcha();
-
+ if ($_SESSION['rca_ses_option']['rca_register']) {
+ $err=check_captcha();
+ if ($err) $errors->add(’raz-captcha’, $err);
+ }
+ return $errors;
}
//—————————————————————
I have only tested this with the registration process, as I don’t have it enabled for logins (I think its kind of useless - I’m not trying to protect against dictionary attacks on known user names).
Joe
Thanks for posting this patch, it works for me for registration. But not login. But I don’t really care about the login part either
Cheers
Joe
Cai
Nice patch!
It works perfectly for registration, but not for regstration (same as Joe).
error message:
Fatal error: Call to a member function add() on a non-object in …
Do you have any idea for resolving this problem?
Thanks,
Cai
Cai
This patch does not work on WP 2.8.1 or later…
scaner
I uploaded the folder and all files without changing any names, activated it within the Plugins tab, and now have all the Raz-Captcha options within the Options tab. But, nothing shows up on the site-side.
Evan
Nice plugin thanks.
Just thought i would mention for anyone also suffering from comment spam like i was askimet plugin also does a pretty good job of riding spam posts. Requires an api key from wordpress but that is easy enough to get.
Cheers.
Wordpress Web Hosting
myname
the plugin (with the patch code) doesn´t work for me:
I see the captcha code, but I can enter in my dashboard with my user/pass and with nothing in the captcha form :S
Victor
Great
MArk
How about updating this plugin? Does NOT work in WP 2.9
piece
Scott
If you are having trouble with RazCaptcha not working in IE, check to make sure you are not using an Image button (input of time ‘image’). In IE, the input@type=image does not send a ’submit’ value with the HTTP request, it sends submit_x and submit_y. WordPress, when filtering the posted data changes the keys to wp_submit_x and wp_submit_y. This is easily fixed in raz-captcha.php in the check_captcha() method. Just add “isset($_POST['wp_submit_x']) to the conditions for which the method checks to see if there is any _POST data.
gdfg
sorry just a test please forgive me.
hron84
Hi!
Your plugin is breaks WP 2.9.2 registration form. PHP reports:
PHP Fatal error: Call to a member function get_error_code() on a non-object in /var/www/gentoolinux.hu/htdocs/wp-login.
php on line 271, referer: http://gentoolinux.hu/wp-login.php?action=register
Please fix it.
dreamgsm
Thanks for Sharing.