You are here: Home » PHP » Raz-Soft News » [ En ] » WordPress Plugin: Login and Register Anti-Spam Captcha

WordPress Plugin: Login and Register Anti-Spam Captcha

4 September |

  It is time to update my Anti-Spam robot for wordpress registration page. The hack presented here for spambots is still working for me but I’m getting a bunch of emails from peoples who can’t backup a file and insert a few lines in their register form. So, let’s cut to the chase: I’ve made a plugin that will insert the captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) image automatically in the Login and/or Register page of your wordpress installation. And that is not all, you can play around with 5 different captcha algoritms and customize them the way you want. Hence, ocr geeks have managed to automatically read the image? no problem… change your captcha fonts, color, add some random lines or dots or switch to a different captcha algorithm and you are done.

You will find 5 captcha algorithms in this plugin:

    (1) PNG-Raz MiXed Fonts : fully customizable
    (2) JPG-Tiny Mini : a mini customizable captcha
    (3) PNG-GOTCHA from Sol Toure
    (4) PNG-phpBB3 8bit Grey from phpBB Group
    (5) PNG-PNG-phpBB3 Advanced from phpBB Group

Just use the one you want or you can customize one just for your site. I’m using the PNG-GOTCHA, here is how it looks on my site : register or login. If the captcha alg will mess the image you can refresh/generate another one by clicking on it.

Requirements

 This plugin requires WordPress 2.x.x with PHP 4 (v4.3.0 or newer) and GD Library. GOTCHA alg requires the additional FreeType Library to be installed on your web host for loading the fonts. GD and FreeType Library are usually installed already on your host but if they are not just ask your web host to install them…

Installation

 The plugin can be installed in 3 easy steps:
1. Download the plugin (see below).
2. Decompress the .zip archive into your plugins directory (/wp-content/plugins/) keeping zip folder structure intact
3. Enable the plugin in the WordPress Plugins admin page -> Raz-Captcha.
* Go to Options -> Raz-Captcha, adjust the options if necessary and save.
* That’s All! check your login and register pages ;)

Download

*You can find this plugin on WordPress.org as well (thank you wordpress!)

Final words

 If you have the registration hack installed please restore wp-login.php from your backup or remove the “hacked” lines from wp-login. If you don’t, you will end up with two captcha checks on the registration page.
  This plugin is work in progress, the first beta release, and any shouts from you are welcomed. Stay safe and clean :)>-

You like this post? Be the first of my friends to give me a beer! click here. Thanks!
Filed under

PHP, Raz-Soft News, [ En ]

| Tags:

110 Comments.

  1. Thanks for Sharing.

  2. Hi!

    Your plugin is breaks WP 2.9.2 registration form. PHP reports:
    PHP Fatal error: Call to a member function get_error_code() on a non-object in /var/www/gentoolinux.hu/htdocs/wp-login.
    php on line 271, referer: http://gentoolinux.hu/wp-login.php?action=register

    Please fix it.

  3. sorry just a test please forgive me.

  4. If you are having trouble with RazCaptcha not working in IE, check to make sure you are not using an Image button (input of time ‘image’). In IE, the [email protected]=image does not send a ‘submit’ value with the HTTP request, it sends submit_x and submit_y. WordPress, when filtering the posted data changes the keys to wp_submit_x and wp_submit_y. This is easily fixed in raz-captcha.php in the check_captcha() method. Just add “isset($_POST['wp_submit_x']) to the conditions for which the method checks to see if there is any _POST data.

  5. How about updating this plugin? Does NOT work in WP 2.9

    piece

  6. the plugin (with the patch code) doesn´t work for me:
    I see the captcha code, but I can enter in my dashboard with my user/pass and with nothing in the captcha form :S

  7. Nice plugin thanks.
    Just thought i would mention for anyone also suffering from comment spam like i was askimet plugin also does a pretty good job of riding spam posts. Requires an api key from wordpress but that is easy enough to get.
    Cheers.
    WordPress Web Hosting

  8. I uploaded the folder and all files without changing any names, activated it within the Plugins tab, and now have all the Raz-Captcha options within the Options tab. But, nothing shows up on the site-side.

  9. Sorry, the previous message got broken – can you please delete it? I’m trying again:

    I’ve patched the plugin to work with the latest WordPress 2.8 from SVN. Here is the patch required:

    — raz-captcha/raz-captcha.php 2008-02-19 23:05:24.000000000 -0500
    +++ raz-captcha/raz-captcha.php 2009-05-04 06:16:05.000000000 -0400
    @@ -580,27 +580,27 @@

    //—————————————————

    -function check_captcha_login()
    +function check_captcha_login($errors)
    {
    reget_session_options();
    if ($_SESSION['rca_ses_option']['rca_login'])
    {
    - global $errors;
    $err=check_captcha();
    - if ($err) $errors['error']=$err;
    - //return $errors['error'];
    + if ($err) $errors->add(‘raz-captcha’, $err);
    }
    -
    + return $errors;
    }

    //—————————————————————-

    -function check_captcha_register()
    +function check_captcha_register($errors)
    {
    reget_session_options();
    - if ($_SESSION['rca_ses_option']['rca_register'])
    - return check_captcha();
    -
    + if ($_SESSION['rca_ses_option']['rca_register']) {
    + $err=check_captcha();
    + if ($err) $errors->add(‘raz-captcha’, $err);
    + }
    + return $errors;
    }

    //—————————————————————

    I have only tested this with the registration process, as I don’t have it enabled for logins (I think its kind of useless – I’m not trying to protect against dictionary attacks on known user names).

    • Thanks for posting this patch, it works for me for registration. But not login. But I don’t really care about the login part either

      Cheers
      Joe

    • Nice patch!
      It works perfectly for registration, but not for regstration (same as Joe).

      error message:
      Fatal error: Call to a member function add() on a non-object in …

      Do you have any idea for resolving this problem?

      Thanks,
      Cai

    • This patch does not work on WP 2.8.1 or later…

  10. I’ve patched the plugin to work with the latest WordPress 2.8 from SVN. Here is the patch required:
    —8add(‘raz-captcha’, $err);
    }
    -
    + return $errors;
    }

    //—————————————————————-

    -function check_captcha_register()
    +function check_captcha_register($errors)
    {
    reget_session_options();
    - if ($_SESSION['rca_ses_option']['rca_register'])
    - return check_captcha();
    -
    + if ($_SESSION['rca_ses_option']['rca_register']) {
    + $err=check_captcha();
    + if ($err) $errors->add(‘raz-captcha’, $err);
    + }
    + return $errors;
    }

    //—————————————————————
    —8<—

    I have only tested this with the registration process, as I don’t have it enabled for logins (I think its kind of useless – I’m not trying to protect against dictionary attacks on known user names).

  11. Hi,
    if i want registrate i become the following error:

    Fatal error: Call to a member function get_error_code() on a non-object in /var/www/virtual/gekkocavemedia.net/htdocs/langnase-blog/wp-login.php on line 175

    Any help?

    Greets BB4L

  12. i cant login!!!!!
    Wordpress 2.7

    Error:
    Fatal error: Cannot use object of type WP_Error as array in /var/www/html/web428/html/wordpress/wp-content/plugins/raz-captcha/raz-captcha.php on line 590

    I NEED HELP PLZ !

    • Just delete the plugin from the wordpress plugin folder :) i didn’t get it fully updated for 2.7 version of wordpress, sorry :(

  13. The Captcha image does not show up on my Register or Login page. Please help.

    I uploaded the folder and all files without changing any names, activated it within the Plugins tab, and now have all the Raz-Captcha options within the Options tab. But, nothing shows up on the site-side. What am I missing?

    My WordPress is 2.0.2

    Thanks,
    KK

  14. Last WordPress doesn’t work with this plug in.i get error

  15. It seems to me, that it doesn´t work with WordPress 2.7. Will there be an update soon? Otherwise I should look for an other plugin to protect against registration SPAM.

  16. I’m getting the same errors on line 590 with old version – line 594 error when I try hub’s mod.

    Ican’t seem to get the other captcha program for WP to work so I’m hoping this one will be updated or fixed soon.

  17. same problem: plugin can be activated and adjusted but does not generate images.

  18. hubevolution

    well we have to understand where is the difference between your environments and mine since I am using it on wordpress 2.5.1 without any problem.

    I have uploaded my raz-captcha modded plugin here can you test it please ?

    http://www.filefactory.com/file/cf4f9f/

    thanks

  19. Confirming Axel – I did exactly what he did and I’m in the same place!

  20. MySQL Client 5.0.32

    The first line produces the same Parse error (unexpected T String). The second one seems to work at first, but after activating the plugin, it doesn’t generate any images, neither on the config page nor when registering as a new user.
    Another problem of this is that I cannot login anymore when the plugin is active now. The system shows a “wrong password” message.

  21. hubevolution

    quite strane it works fine for me are you in php4 or php5 ? I am on php5 , well actually you can try this way :

    $wz_err->add(’error’,’WRONG CODE’);

    or

    $wz_err->add(’error’,’’);

    let us know :)

  22. @hubevolution:
    With that change I’m unable to reactivate the plugin: It produces a fatal error in line 594, an “unexpected T String”:
    $wz_err->add(‘error’,__(‘WRONG CODE’));

  23. hubevolution

    sorry you can delete previous comment is a wrong post here it is full version :

    I found a solution to make this plugin work under 2.5.1 WP , in file raz-captcha.php in wp-content/plugins/raz-captcha/ just do the following :

    search for line :

    add_action(‘wp_authenticate’, ‘check_captcha_login’);

    and replace with this one :

    add_action(‘wp_authenticate_user’, ‘check_captcha_login’);

    then search for line :

    function check_captcha_login()

    and replace ALL the function code with this one :

    function check_captcha_login($user)
    {
    reget_session_options();
    if ($_SESSION['rca_ses_option']['rca_login'])
    {
    global $error;
    $err=check_captcha();
    $wz_err = new WP_Error();

    if ($err) {
    $error=$err;
    $wz_err->add(‘error’,__(‘WRONG CODE’));
    return $wz_err;
    }

    return $user;
    }

    }

    I hope this helps and ofcourse RAZ you can release this patch with a new version of this great plugin :)

  24. Also, the logout page throws same error (this is on different blog, same host):
    Fatal error: Cannot use object of type WP_Error as array in /home/seethehu/public_html/tuscolamops/wp-content/plugins/raz-captcha/raz-captcha.php on line 590

  25. The registration page looks fine, but the login page now throws this error:
    Fatal error: Cannot use object of type WP_Error as array in /home/seethehu/public_html/wp-content/plugins/raz-captcha/raz-captcha.php on line 590

  26. PHP 5 here BTW too.

  27. Latest version of WordPress doesn’t like this plug in.

    Get a 500 error when trying to log in now. Had to disable the plugin in order to write posts.

    Please update the plugin please. Nothing I hate worse is spammers trying to create fake registrations.

  28. After upgrading to WordPress 2.5.1, I am getting a blank white page when trying to login. The following php error is generated:

    PHP Fatal error: Cannot use object of type WP_Error as array in /home/(deleted)/public_html/blog/wp-content/plugins/raz-captcha/raz-captcha.php on line 590

    Server was recently upgraded to PHP 5.2.5 as well.

    I had to rename the raz-captcha directory so I could re-log into WordPress. Not sure if the new version of WordPress or PHP version is causing the problem.

  29. After moving to a new server (database backup), the plugin shows the following error:

    Warning: Cannot use a scalar value as an array in /var/www/web110627/html/wp-content/plugins/raz-captcha/raz-captcha.php on line 590

  30. Very nice, thank you, I can’t wait to try it out. Sorry I replied on the other post, not realizing the date.

  31. Is it possible to have the “Captcha engine” option in the “Raz-Captcha Options” page default to PNG-Raz Mixed Fonts or one of the others besides PNG-GOTCHA? If so, please porvide document and line.

    Thanks for your excellent work!

  32. Hi all and thanks for your feedback

    Things changed inside last wp version, i’ll get this plugin updated as soon as I’ll get enough time to “dig inside” the new wp version :-) not sure when tho…

    Thanks

  33. That error is the same i’m getting. It only if you type in the CAPTCHA code in wrong. But at least isn’t not fatal.

  34. Sorry – wrong error – it’s been a long day!

    [01-Apr-2008 10:56:51] PHP Fatal error: Cannot use object of type WP_Error as array in /home/directory/public_html/website/wp-content/plugins/raz-captcha/raz-captcha.php on line 633

  35. I’m getting an error since upgrading to WP 2.5

    [13-Mar-2008 17:03:01] WordPress database error Table ‘mobile.wp_options’ doesn’t exist for query SELECT option_value FROM wp_options WHERE option_name = ‘siteurl’ LIMIT 1

    The plugin still works, so I guess it is a warning not an error message.

    Is this an easy fix for you?

    Thanks for the plugin, I can’t tell you how many hours of sorting through bot registrations it saves me!

  36. Still works with 2.5 with one bug.

    For the Logon protection. If they type in the wrong code you get an error.

  37. I sed it too! Really good

  38. I used Akismet and this one! Like them both! Thanx for the site!

  39. Albercito said: Excellent plugin, it was almost what I was looking for. I wish who registers could be author. thanks.

  40. Hi albertcito,
    Thanks for your feedback, didn’t quite understand what you’re “interesaría”. English please :-)

  41. Excelente plugin, era casi lo que buscaba. Me interesaría que la persona que se registre pueda ser author. gracias.

  42. Yes it does, this bug is from the first release of this plugin, I encourage you to use the latest build, it also introduces captha check on comments, very good against comments bots (not useful for trackbacks tho, but a decent spam filter such as Akimset should suffice for trackbacks) .
    Good luck :)

  43. Affects this bug to the stable version?

  44. When activated if new user registers, if using a name already registered the original name gets over writen

    Just Fixed, please re-download the latest beta build here and give it a try (just overwrite your existing files), it should now show the standard wordpress errors as usual on registration errors.
    Thanks :)>-

  45. @Narcis Garcia: new releases will be announced on site, as a new post/thread, get the site rss feed here or register here for news. Or check this post comments for beta builds and/or quick fixes ;)

    @ovizii: are you trying the beta build? not sure what is going on :-?

    @peter: It looks like a bug, it doesn’t get overwrited on my side but you will not get the standard error “user already registered”, that is strange, thanks for your bug report, will be fixed in the next build…

  46. When activated if new user registers, if using a name already registered the original name gets over writen

  47. tiny mini works although I have:
    Server Settings

    * Operating System : Linux
    * Server : Apache/2.2.3 (Debian) mod_fastcgi/2.4.2 mod_ssl/2.2.3 OpenSSL/0.9.8c
    * Memory usage : 12.8 MByte
    * MYSQL Version : 5.0.32-Debian_7etch5-log
    * SQL Mode : Not set
    * PHP Version : 4.4.4-8 etch4
    * PHP Safe Mode : Off
    * PHP Allow URL fopen : On
    * PHP Memory Limit : 128M
    * PHP Max Upload Size : 32M
    * PHP Max Post Size : 32M
    * PHP Max Script Execute Time : 120s
    * PHP Exif support : Yes ( V1.4 )
    * PHP IPTC support : Yes
    * PHP XML support : Yes

    GD support

    * GD Version : 2.0 or higher
    * FreeType Support : Yes
    * FreeType Linkage : with freetype
    * T1Lib Support : Yes
    * GIF Read Support : Yes
    * GIF Create Support : Yes
    * JPG Support : Yes
    * PNG Support : Yes
    * WBMP Support : Yes
    * XBM Support : No
    * JIS-mapped Japanese Font Support : No

  48. I have the same problem, the image does not appear and once I log out, I have to delete the raz folder from the server to be able to log in again. I will activate it now, here: http://pacura.ru so you can have a look.

    My server fulfills all prerequisites, aka freetype GD, etc.

    using wordpress 2.3.3

  49. Will you announce the new release of Raz-Captcha in this page? Should I track this post to detect the new version?

    Thanks for the work.