[wp-hackers] Quiz plugin (was: Deprecated functions and files)

Otto otto at ottodestruct.com
Tue Aug 12 16:00:01 GMT 2008

On Tue, Aug 12, 2008 at 10:43 AM, Stephen Rider
<wp-hackers at striderweb.com> wrote:
> Mainly the goal is to require human thought.  Even then, some spammers have
> actually turned to using live people to sit there and fill in captchas all
> day.  So the goal is that you have to have actually read the thing.  The
> default "2 + 2 =" question is okay, but it doesn't cover that -- as it's
> independent of any post content.

My problem with captchas is more basic than that.

Let's say I've taken the time to read and write a coherent response to
your article, or to give you any sort of feedback whatsoever. I write
out a response, fill in my details (or have them filled in for me),
and hit submit. And the first thing that happens is it tells me that I
screwed up your captcha. Not a good User Experience. So, what's my
response? Well, mainly I get pissed off at your stupid hoop-jumping
bullshit, close your tab, and never visit your site ever again. You've
lost a response and a reader all in one shot.

See, I'm not expecting captchas. Not only are they not necessary, they
actively drive people away. Sure, I'm a power-user and it doesn't
happen to me much, but do you only want o get responses from the
technologically literate? A non-tech user sees "what's 2+2" (a
completely ineffective and useless captcha, BTW.. word-based math
problems are trivially solved, even google can do it) and wonders why
you're asking a stupid question like that. If they answer wrong (typo,
don't bother to fill it in, whatever), then they get kicked out of
your system.

Captchas, of any sort, DON'T WORK. Period. They don't prevent spam,
they just annoy commentors. What they prevent is poorly written bots
that use your front comment door (perhaps 1-2% of spam-bots fit into
this category) from getting through. Most spambots use the trackback
door, or run stupid math questions like that through google, or
something else. You are annoying a lot of your readers in order to
prevent, what, a small number of bots from getting through? Not a good

Real spam detection is much simpler. The simple cookie approach works
most of the time, but it's naturally not wholly effective. Akismet
works and very well too. Simple Trackback Validation stops all the
trackback spam I've ever seen. Even known-bot header detection will
stop all of the spam bots that your approach stops, and it will do it
without annoying one casual user too.

> *** Coding Question for you all: ***
> I've seen a particular problem in a number of anti-spam measures, including
> this one, and I was wondering if anyone knows of a fix.  You answer the
> question (or captcha, or whatever), and you get it wrong.  You click the
> "Back" button and your comment is gone!

The best fix: Remove the captcha. Use a real anti-spam method instead
of half-assing it.


More information about the wp-hackers mailing list