WordPress Wednesdays–To captcha or not to captcha

Blue seal with W that says WordPress WednesdaysTo captcha, or not to captcha, that is the question:
Whether ’tis Nobler in the mind to suffer
The Slings and Arrows of outrageous spam,
Or to take Arms against a Sea of spam bots…

Today we’re taking about spam, captchas, and how best to prevent spam from your website.

What is spam?

As most of you know, spam is basically any undesired emails which you receive unsolicited. Typically, this is sent by bulk email programs, but any email can be considered to be spam by the recipient. But not all spam comes from bots.

Where does all this spam come from?

Typically, spam coming through your website is typically caused by “bots” which are basically small programs which seek out an email form and fill it in. Typically, they are looking to submit their information and have it published on your site (as a comment, guestbook entry, etc.). With WordPress having so much success in the market, there has been a huge increase in comment spam, which looks like a genuine comment, but includes a link to their site. When approving comments, double-check the website address first. These bots aren’t concerned about what kind of form it is, so you’ll often get spam through website forms which generate emails as well. Some spam is sent to try and sell products, and other spam is just to be annoying or malicious.

What is a captcha?

ReCaptcha Example
A captcha is typically an image which shows distorted letters or numbers, which must be typed in to prove that you are a person, and not machine. The word CAPTCHA is an acronym for “Completely Automated Public Turing Test To Tell Computers and Humans Apart.” Although it is possible for some computers to read these, typically spam bots simply aren’t advanced enough. The example to the right shows a recaptcha, which is one available captcha solution.

Do I want one?

In short, probably not. As you may know if you’ve run into these on the Internet, they can be a pain to fill in. (Some are very difficult to make out!) Accessibility also becomes a problem, because if there is only an image option, any visitors with a sight disability won’t be able to fill in the form. Some also offer a sound option, but that can be a problem as well, as it requires visitors to have sound and doesn’t take into account hearing-impaired visitors. From using these myself, I can attest that they are also extremely garbled and difficult to make out. By using a captcha, you are basically making it more difficult for your visitors to reach you.

Are you sure? I get a lot of spam…

We get lots of inquiries from customers about the amount of spam which they receive. Unfortunately, spam has become a reality, and if you are only getting a handful, you’re best to simply delete them. If there is a pattern in the emails, you can check with your hosting provider to see if they can do something to stop them coming through. At the end of the day, I think it’s more important to get some spam email and not miss genuine emails.

That being said, these emails are annoying, and there are many methods we can use to try and prevent them:

  • Honeypot: This is an alternate method of determining whether a form submission is real or from a spammer. Basically, most spam programs are set up to put something into every single field. Instead, you create a field which must be left blank. We can even hide this field from regular visitors, so they are none the wiser.
  • WordPress Plug-ins: WordPress has some fantastic plugins to help detect and prevent spam, such as Akismet and Anti-spam Bee, which can be used in conjunction to prevent most comment spam
  • Validating Content: Most spam programs will get around this fairly easily, but it is always a good idea to ensure your forms only accept valid email addresses, and that all required fields are properly filled in. Depending on the purpose of the form, we can also block links in the body of the message (with a note advising visitors). Some forms also require the phone number to be submitted in a particular fashion (ie. (905) 263-2666), but this can be frustrating to visitors, and can cause problems with extension numbers and international numbers.
  • Quiz Questions: Basically, a field which asks a simple question, such as “1 + 1 = ” or “What colour is the sky?”. If the visitor puts in the correct answer, their form is sent. These can cause some accessibility problems, as you are making an assumption about your visitors’ ability to answer the question, but can also help cut back on spam responses.

So, you’re sure – I can never use a captcha?

As much as I dislike them, there are some places where you may wish to use a captcha. I would use the guideline that if the visitor has more to gain from the exchange than you do (ie. free email account), and if a spammer getting in is going to cause massive problems (ie. taking all the good account names), then you may wish to use one. If you must use a captcha, ensure there is an easy alternate means of contacting you, for accessibility purposes. If you’re hoping to gain a customer or are counting on their payment, try to make the process as easy as possible.

If you’re getting a lot of email you don’t want, please contact us to see if we can help. It’s possible we can help set up email filtering, provide better spam protection for your mailbox, or optimize your email forms to help you to better deal with your spam.

Comments Off on WordPress Wednesdays–To captcha or not to captcha
Posted on by Sue
Categories: WordPress
Tags: ,