Using Captcha to block spam and bots on your website
Have you seen any issues with spam on your website, such as comments from non-related blogs or entries to your web forms that are obviously not from a real person? This is a common problem on the web, and one solution I have used which seems to have helped my issue is a simple little feature called “CAPTCHA”.
What is CAPTCHA?
CAPTCHA is an acronym for “Complete Automated Public Turing test to tell Computers and Humans Apart”.
CAPTCHA is a program that can generate tests that humans can pass but current computer programs cannot. For example, humans can read distorted text as the one shown below, but current computers can’t. (Or can they?)
CAPTCHA is used to restrict automated form submissions from unwanted programs, reducing spam and the possibility of uploading viruses or other malicious files. It ensures that the submission is being done by a human being. In a standard CAPTCHA process, an image is created for verification of a character code. This verification code contains alpha or alpha and numeric characters, but it can be changed to meet the requirements of each individual site.
The CAPTCHA project has also developed a version called reCAPTCHA, which will ask users to do simple math problems, answer simple questions such as their favorite color, or check a box.
This new version of CAPTCHA may seem simple, but there is a lot going on behind the scenes. As Google has noted, traditional CAPTCHA methods are based on the inability of robots to read distorted text. However, research has shown that today’s Artificial Intelligence technology has become sophisticated enough that it can solve this type of distorted text at 99.8% accuracy. This means that distorted text, on its own, is no longer a dependable way to determine whether a user is human.
To solve this issue, reCAPTCHA uses Advanced Risk Analysis to consider how users interact with CAPTCHA verifications. If the risk analysis engine determines that the user is human, it will only require checking a box, but if the engine needs more information, it will prompt the user to enter additional information, adding additional security to verify the validity of the user.
ReCAPTCHA also provides increased usability, especially on mobile devices. For example, the image below shows a CAPTCHA that verifies a user by asking them to select all of the images that correspond with a clue. When using a small smartphone touch screen, it is much easier to tap several photos than to try to type in a line of text.
If your site runs on WordPress, there are a number of options available for implementing CAPTCHA. I recommend WP-reCAPTCHA-bp, which is a free CAPTCHA service that protects your site against spam, malicious registrations, malicious logins, and other attacks. My initial testing on a simple WordPress site has stopped all the submissions that I considered spammers.
The service is free, but you will need to get Public and Private keys by registering your domain name via the plug-in. The following advanced features are available by upgrading to the PLUS or PRO version:
The problem of spam is not going to go away anytime soon, so if you want to ensure that your site is secure and provides a quality user experience, implementing CAPTCHA to filter out robotic activity is essential. If you have any questions about how to correctly set up CAPTCHA functionality, please contact us, or feel free to share any tips of your own in the comments below.