SI CAPTCHA Anti-Spam

Users users will have to pass the Secure Image CAPTCHA test. They are shown an image with a code, then they have to enter the code in the form field before the click submit. If the code does not match, the form will return "Incorrect CAPTCHA".

They actually visit your form and fill it out including the CAPTCHA.

Sometimes contain content that does not make any sense (jibberish). Humans or Spam bots will try to target any forms that they discover. They first attempt an email header injection attack to use your web form to relay spam emails. This form is to prevent relaying email to other addresses. After failing that, they simply submit the form with a spammy URL or black hat SEO text with embedded HTML, hoping someone will be phished or click the link.

Spamming blog comment forms, contact forms, Wikis, etc. By using randomly generated unique "words", they can then do a Google search to find websites where their content has been posted un-moderated. Then they can go back to these websites, identify if the links have been posted without the rel="nofollow" attribute (which would prevent them contributing to Google's algorithm), and if not they can post whatever spam links they like on those websites, in an effort to boost Google rankings for certain sites. Or worse, use it to post whatever content they want onto those websites, even embedded malware.

It is easy and cheap for someone to hire a person to enter this spam. Usually it can be done for about $0.75 for 1,000 or so form submissions. The spammer gives their employee a list of sites and what to paste in and they go at it. Not all of your spam (and other trash) will be computer generated - using CAPTCHA proxy or farm the bad guys can have real people spamming you. A CAPTCHA farm has many cheap laborers (India, far east, etc) solving them. CAPTCHA proxy is when they use a bot to fetch and serve your image to users of other sites, e.g. porn, games, etc. After the CAPTCHA is solved, they post spam to your form.

Make sure you have configured the settings page and enabled the CAPTCHA on all your forms. The CAPTCHA will not show to logged in users posting comments if you have enabled this setting: 'No comment form CAPTCHA for logged in users'. Enable this setting if a logged in user is the spammer. Check for a plugin conflict. A plugin conflict can break the validation test so that the CAPTCHA is never checked. Be sure to always test all the comments, login, registration, and lost password CAPTCHA forms after installing or updating themes or plugins. Troubleshoot plugin conflicts, see troubleshooting below. Sometimes your site becomes targeted by a human spammer or a spam bot and human captcha solver. If the issue persists, try the following suggestions: Try allowing only Registered users to post, and or moderating comments. Read more about Combating Comment Spam Filter Spam with Akismet - The Akismet plugin filters spam comments. Akismet should able to block most of or all spam that comes in. I made another plugin with Google No CAPTCHA reCAPTCHA that has realtime bot detection. You can uninstall this plugin and try my new plugin Fast Secure reCAPTCHA

If you need to adjust the captcha input form colors, See this FAQ

Another plugin could be causing a conflict. Temporarily deactivate other plugins to see if the CAPTCHA starts working. Your theme could be missing the wp_head or wp_footer PHP tag. Your theme should be considered broken if the wp_head or wp_footer PHP tag is missing. Do this as a test: In Admin, click on Appearance, Themes. Temporarily activate your theme to one of the default default themes. It does not cause any harm to temporarily change the theme, test and then change back. Does it work properly with the default theme? If it does then the theme you are using is the cause. Missing CAPTCHA image and input field on comment form? You may have a theme that has an improperly coded comments.php When diagnosing missing CAPTCHA field on comment form.... Make sure your theme has <?php comment_form(); ?> inside /wp-content/themes/[your_theme]/comments.php. (look inside the Twenty Ten theme's comments.php for proper example. Make sure that the theme comments.php file contains at least one or more of the standard hooks: do_action ( 'comment_form_logged_in_after' ); do_action ( 'comment_form_after_fields' ); do_action ( 'comment_form' ); If you didn't find one of these hooks, then put this string in the comment form: <?php do_action( 'comment_form', $post->ID ); ?>

If you have JetPack comments module enabled then captcha/recaptca/anti-spam plugins will not work on your comments form because the comments are then loaded in an iFrame from WordPress.com The solution is to disable the comments module in JetPack, then the CAPTCHA plugin will work correctly on your comments form.

By default, a logged in user not see the CAPTCHA on the comment form. If you click "log out", go look and it should be there. Make sure you have configured the settings page and enabled the CAPTCHA on the comment form. If the image is broken and you have the CAPTCHA entry box: This can happen if a server has folder permission problem, or the WordPress address (URL) or Blog address (URL) are set incorrectly in WP settings: Admin, Settings, General See FAQ page on fixing this problem

Your theme could be missing the wp_footer PHP tag. Your theme should be considered broken if the wp_footer PHP tag is missing. All WordPress themes should always have <?php wp_footer(); ?> PHP tag just before the closing </body> tag of your theme's footer.php, or you will break many plugins which generally use this hook to reference JavaScript files. The solution: edit your theme's footer.php and make sure this tag is there. If it is missing, add it. Next, be sure to test that the CAPTCHA refresh button works, if it does not work and you have performed this step correctly, you could have some other cause.

This failure could have been caused by another plugin conflict with this one. If you use CAPTCHA on the login form and ever get locked out due to CAPTCHA is broken, here is how to get back in: FTP to your WordPress directory /wp-content/plugins/ Delete this folder: si-captcha-for-wordpress This manually removes the plugin so you should be able to login again.

Yes. To use a translated version, you need to obtain or make the language file for it. At this point it would be useful to read Installing WordPress in Your Language from the Codex. You will need an .mo file for this plugin that corresponds with the "WPLANG" setting in your wp-config.php file. Translations are listed below -- if a translation for your language is available, all you need to do is place it in the /wp-content/plugins/si-captcha-for-wordpress/languages directory of your WordPress installation. If one is not available, and you also speak good English, please consider doing a translation yourself (see the next question). The following translations are included:

• Albanian (sq_AL) - Romeo Shuka
• Arabic (ar) - Amine Roukh
• Belorussian (by_BY) - Marcis Gasuns
• Chinese (zh_CN) - Awu
• Czech (cs_CZ) - Radovan
• Danish (da_DK) - Parry
• Dutch (nl_NL) - Robert Jan Lamers
• French (fr_FR) - BONALDI
• German (de_DE) - Sebastian Kreideweiss
• Greek (el) - Ioannis
• Hungarian (hu_HU) - Vil
• Indonesian (id_ID) - Masino Sinaga
• Italian (it_IT) - Gianni Diurno
• Japanese (ja) - Chestnut
• Lithuanian (lt_LT) - Vincent G
• Norwegian (nb_NO) - Roger Sylte
• Polish (pl_PL) - Tomasz
• Portuguese Brazil (pt_BR) - Newton Dan Faoro
• Portuguese Portugal (pt_PT) - PL Monteiro
• Romanian (ro_RO) - Laszlo SZOKE
• Russian (ru_RU) - Urvanov
• Serbian (sr_SR) - Milan Dinic
• Slovakian (sk_SK) - Marek Chochol
• Spanish (en_ES) - zinedine
• Swedish (sv_SE) - Benct
• Traditional Chinese, Taiwan Language (zh_TW) - Cjh
• Turkish (tr_TR) - Burak Yavuz
• More are needed... Please help translate.

Yes please. Please read How to translate SI Captcha Anti-Spam for WordPress

Yes please. Please read How to update a translation of SI Captcha Anti-Spam for WordPress