Description: WP Captcha-Free blocks comment spam by using a combination of time-based hash (a.k.a. Time Based Tokens, TBT) and JavaScript (AJAX). When a comment is posted the plugin validates a hash based on time (and some other parameters). Comments posted via automated means will not have a hash or will have an expired hash and will be rejected. Unlike using a captcha, this does not place any burden on the commenter.
Additionally, WP Captcha-Free uses ajax to get the hash only when the form is submitted instead of adding it statically to the page (which is cached by caching plugins). This adds another layer of security and makes it compatible with caching plugins like WP-Cache.
Features:
- Blocks automated comment spam and ensures that your commenters are human.
- Works without inconveniencing visitors with CAPTCHAs, challenge questions, etc.
- The plugin requires no database access and adds almost zero overhead.
- The plugin works out of the box without any configuration or setup.
- Compatible with all cache plugins, including WP-Cache.
- Doesn’t require editing any .php files.
Installation:
Just download the .zip file and upload the file ‘captcha-free.php’ to your ‘/wp-content/plugins’ directory. Now login to the Wordpress administration area and activate it under the “Plugins” section. That’s it! WP Captcha-Free will start blocking comment spam behind the scenes.
Rating:
Size: 2.6 KB
Downloads: 1816 [Download Now]

(33 votes, average: 4.06 out of 5)
78 Comments
Ok cool deal
Grabbed the plugin and testing it on a new site now. Using the latest version of WP. SHall give you a shout should i run across any problems.
Regards
Off-it
I wonder how you can assume a result made by computer-generated computations (using JavaScript) ensures a comment is written by a humain being. All your plugin does is to ensure one uses a browser to post a comment. Say I develop a Firefox plugin to spam your blog. Your plugin won’t be able to stop it.
Moreover, what happens if a visitor has deactivated JavaScript in his browser? What would happen if the user is behind a proxy server? I guess visitors won’t be able to comment in both cases…
You are right about the first part. Yes, someone can use a browser to spam. But do spammers do that? Won’t it considerably slow them down? No plugin is foolproof. Spam and anti-spam tech evolves constantly. For *now* this works.
Yes, it clearly does require JavaScript. But, about 94% users have JavaScript enabled as of Jan 2007 (source: http://www.w3schools.com/browsers/browsers_stats.asp). That number is likely more now if you notice the trend. For me its a choice between using a captcha and inconveniencing 100% of my visitors or <6%.
No, proxies don’t matter (unless the proxy filters out JS).
BTW, thanks for your comments. If you have any suggestions please do let me know.
It looks like you got your idea and the name of your plugin from WP-SpamFree. Also you have copied most of the text in the bullet points of your description from that plugin as well-almost word for word. You need to be careful because that is a DMCA violation. With GPL you have to give attribution for code,but you can’t copy marketing text or descriptions.
> It looks like you got your idea and the name
> of your plugin from WP-SpamFree. Also you have
> copied most of the text in the bullet points
> of your description from that plugin as
> well-almost word for word.
Not true, in fact I first saw WP-SpamFree after I had completed the plugin and was writing a description (not very good at documentation, I was looking what other similar plugins had written). After reading WP-SpamFree’s feature list I couldn’t write mine another way since both plugins essentially offer the same advantages. But you are right, that’s a terrible thing to do in the age of DMCA (though I am not a US citizen
) and I’ll reword my feature list in the next update.
The idea is not really the same either. My plugin uses time-based hash (generated on the server side) and JavaScript (AJAX) while WP-SpamFree uses JavaScript and cookies. If you look at the code I am sure you’ll find no similarities there either.
Anyways, thanks for looking at my plugin and I hope you’ll still give it a try. Criticism (constructive or otherwise) is always welcome
.
Nice plugin
Hi!
Your plugin is very promising, but it doesnt work together with Better Comments Manager.
Could do you make your plugin compatible with it? (maybe make some check about if the user is logged, and if logged no need to make hash check).
oh thx 4 plugin
Hi there, I’d love to use your plugin but unfortunately it stopped all comments from comming in. Once the user clicks “submit comment” it says “please wait…” and nothing happens. The theme we are using is wp-magazine.com
thanks!
Hi Sandra,
Thanks for letting me know. Can you enable the plugin on your blog for a little while so I can see what’s going on?
Hi,
I had not uploaded the .php file right into the plugin directory. Ooops! IT works now and it’s a beauty! Thank you soooooo much!
Hi There,
I installed the plugin and noticed that my comment spam levels dropped to zero. This is great! However, I tried to post a comment on one of my posts, in response to some elses comment, and noticed that the form would not sumbit. When I clicked on the “Post Comment” button, it turned into a “Please wait” and then just stopped. The comment never got posted. I tried several times with the same result. When I de-activated the plugin I could post comments again.
Any idea what might be causing this? Anyone else experienced a similar issue?
Thanks,
Stephen
Stephen,
You may have uploaded the captcha-free.php file to a sub-directory of your plugins folder. Please upload captcha-free.php directly to /wp-content/plugins folder. Let me know if this works for you.
New to blogging and gutted to have spam comments - got my hopes up that I had some readers! When I found your plugin via Wordpress the hopes have gone up again. I will let you know if there are any issues. Thanks for your time and know how.
Would be cool to see this work on the user registration form.
thanks.
Stephen,
I bet you are running WP 2.5
I had captcha free running on 2.3.?
After upgrading to 2.5 i had the same as you. I gues captcha-free doesnt work on 2.5
It’s not working for me. I installed and activated the plugin, but the spam is getting right through.
Thanks for a great plug-in!
nice work
Hi,
I keep getting the error: Invalid Data: Please go back and try again.
I figure it has to do with the code below, but I can’t seem to make it work. It does work for some visitors but not others.
// Validate the hash
add_action(’preprocess_comment’, ‘cf_comment_post’);
function cf_comment_post($commentdata) {
// Ignore trackbacks
if($commentdata[’comment_type’]!=’trackback’) {
// Calculate the timehash that is valid now
$timehash=timehash($commentdata[’comment_post_ID’],time());
// Calculate the timehash that was valid 1 hour back to give some cushion
$timehash_old=timehash($commentdata[’comment_post_ID’],time()-3600);
if($_POST[’captchafree’]!=$timehash && $_POST[’captchafree’]!=$timehash_old)
wp_die(’Invalid Data: Please go back and try again.’);
}
return $commentdata;
}
Maybe you can update your entry/plugin to show if/make it wordpress 2.5 compatible.
Simple suggestion for future updates: the tag containing “Spam protection by WP Captcha-Free” should have an id attribute.
Anyway, nice plugin. Seems to be working well for me.
I’ve installed Captcha-Free on my blog, running WP 2.5.1, when a comment is posted, you just get forwarded to Google, for some reason, and the comment isn’t posted?!
http://hintofsarcasm.com is the address, any ideas?
I installed this the other day, and it’s fabulous. I’m getting more comments than I was with the often faulty, always irritating captcha software I was using before. Just one thing, though. People who use AOL’s browser are getting an error when they try to post: Invalid data. Please go back and try again. Any thoughts I can pass along to them, or are they SOL?
Thanks. This is great.
really great
hi there .thanks for plugin:
Does anybody know if tis script is compatible with Wordpress 2.5.1?
Thanks in advance for any help on this!
best regards
WP Captcha-Free is not compatible with Wordpress 2.5, yet.
Thankyou.. i will try this plugins..
@iDope, yes .. true..
i’m not read your las comment… sorry.. but i will wait your next version… 
So this doesn’t seem to work anymore.. I don’t see the captcha and it’s not asking me to confirm any image….
great idea and work! thanks
Is there any img verification for posting?
The aim of this plugin is not having to use image verification.
Mmmm…. que mal ya no funciona en Wordpress 2.5
When people try commenting on my Wordpress MU site all it does now after you click submit comment is to change that button to “Please wait”. So no new comments can be added.
100% spam free though
Work in new version WP ?
Work PERFECT !
@Thomas: Please make sure you copy the “captcha-free.php” file directly to the wordpress plugins folder and not to a subfolder.
This is a great plugin
Wordpress: 2.6
Theme: Redie 3.0 by Steve Arun
I have installed your plug-in and I get the following message after I try and comment on a post:
Invalid Data: Please go back and try again.
I have it disabled currently but would love to give it some use… spam bots are so annoying…
Thanks!
@Jason: Are you sure you copied the captcha-free.php file to /wp-content/plugins directly and not to a sub-folder?
@iDope: Thanks for the quick response. Yes I am sure that captcha-free.php is in /wp-content/plugins and not a subdirectory. I am assuming you are considering the wordpress directory the root? I deleted and just now redownloaded from this page and uploaded. Still nothing though. I get the same error.
permissions are 644 so I don’t think that is any issue. there isn’t any modifications to the template code that needs to be done, is there? (As I do not have a default template)
Great plugin, tnx.
But i have problem - it’s ok to comment without login to wp, but if i login to my wp i see “Invalid Data: Please go back and try again.”
PS plugin is in root of wp-content/plugins/
Hi
We are also going to start a blog soon and were wondering how to takle comment spam.
Thanks for the info!
It works in a very simple way, great work!
Would be cool to see this work on the user registration form.
thanks.
same error as the other guy
Invalid Data: Please go back and try again.
Works perfect in my WP 2.7 !
@kitich: I think your theme is not calling the ‘comment_form’ action when you are logged in.
“The article is very informative as well as so creative. You have very great knowledge having this subject. So nice! It’s a great to see you here.
Thanks!
“
Grabbed the plugin and testing it on a new site now. Using the latest version of WP. easy installed and easy in use! this plugin helped alot and I did noticed that my comment spam levels dropped well. Thank alot!))
HI I cant seem to work it out
Everytime i try to post a comment i keep getting this mesage: Invalid Data: Please go back and try again
I have the plugin in the plugins folder (_root)
What can i do?
Cheers!
MAC
http://wordpresssupplies.com/wordpress-plugins/captcha-free/
This plugin doesn’t works. It shows only link to this page and no picture.
@smart maxx: I think you missed the point of this plugin. It stops spam *without* captcha.
@MAC: Send me a link to your blog and I’ll check it out.
nice plugin
Plugin does not seems to work fine with wp 2.7. Any ideas?
Is this working on my blog? I thought that I would get a enter code below the captcha numbers/letters. ON mine nothing is happening. My blog is at http://blog.meleana.info it is a blog about flash, but I get all these porn comments, I don’t see the connection. Wordpress is too hard, and am not sure if I want to continue blogging as I spend way too long delete spam, yikes!
Thanks so much for all your hard work on creating some files to help prevent spam, I appreciate all your work.
Johnny
Nice. I like it!
Excellent, thanks for the plugin!
Added this cool plugin and my spam went from over 40 a day to zero, nice ! WP 2.7.1 by the way.
@Irfan Faruki: What error are you getting?
@John Barrett: The purpose of this plugin is *not* have the commenter to type a CAPTCHA answer.
BTW, I have released a new CAPTCHA plugin, more secure but still does not require commentors to type a CAPTCHA. Just requires a click to solve.
http://wordpresssupplies.com/wordpress-plugins/clickcha/
Thanks for this great plugin, spam influx went down to zero. But somehow I get an error (http 500) on my site, when I am using MS Internet Explorer 7 to leave a comment. Firefox works fine.
The very best
I absolutely LOVE this plugin-there has been NO spam since I started using it.
However, the last few days, I’ve noticed it will sometimes throw an “invalid data” error when a legitimate comment is submitted. It *seems* to be related to the use of ellipses (… at the end of a statement) but I’m not 100% sure.
Using Wordpress 2.7.1, with the latest version of Captcha Free.
Any ideas?
nice plugin, but there seems to be a bug in the code whereby if there are more 2 or more forms on a page, and if multiple forms have a ’submit’ element id for the submit button, then the 1st form will get submitted instead.
so, if the 1st form is a search box, it will submit a search query instead of the comment form.
to solve it, change: document.getElementById(’submit’).click();
to: document.getElementById(’commentform’).elements[’submit’].click();
Hello!
Nice plug-in but I can’t make it work! I always have the “invalid-data” error…
php file is in the plugin directory.
Can you help me?
Plugin not working, get the following message when submitting a comment:
“Invalid Data: Please go back and try again.”
Using 2.7.1 WP version and tested on Firefox and Safari. The plugin is in the plugins root folder. The idea is great but it seems only a few here manage to make it work.
“Invalid Data: Please go back and try again.” This error appears when visitors posting comments from any version of IE (for now I have IE8 and testing whith it).
WP 2.7.1 php file in /content/ directory.
The problem appeared after upgrade to WP 2.7 and makes plugin useless. Deactivating solve the problem.
* wp-content/plugins/ directory sorry
@ibrahim: Your theme may be at fault here. As per HTML specs element IDs should be unique:
http://www.w3.org/TR/REC-html40/struct/global.html#h-7.5.2
Running WP 2.7 and the most recent version of WP Captcha Free and it is apparently working nicely.
Hello, I’ve been using your plugin for a few days and I have both a question and a comment.
Firstly, the comment: on line 86 of captcha-free.php you open a <small> tag but never close it. Just thought I’d point that out.
Secondly, why don’t you use your own plugin on your comment forms here?
@Mythender: Thanks for the feedback. But I do close the <small> tag. Maybe you have an older version?
I also wrote the Clickcha plugin I use here and it got the space since its the newer one
ahh I see about Clickcha
as for the tag, I downloaded and installed version 0.5 of the plugin automatically through the wordpress plugin directory and everything below my comment form became… well… small….
reading the document source I found the missing tag and looking into the code of your plugin led me to line 87:
Please note: JavaScript is required to post comments.