BloggingPro logo

  • Blogging Jobs
  • Post a Job
  • Contact
  • WordPress Tips
  • Books for Bloggers
  • Services
  • RSS Blog Feed
  • RSS Blogging Jobs Feed
  • BloggingPro Starter Kit
    • The Secret Sauce to Freelance Writing on the Side
    • Swipe This! How to Create a Killer Copywriting Arsenal Using the Competition
    • How To Massively Grow Your Blog (In As Little As 30 Days)

WordPress Plugin: WP-Morph 1.0

3/15/2005 by

WP-Morph 1.0 is yet another anti-spam plugin for WordPress. Features include:

  • No capcha. The user doesn’t have to enter any additional code.
  • JavaScript support required in the browser.
  • Spammers would have to interpret the JavaScript in the page to be able to submit comments.

Author:

Filed Under: WordPress Plugins

Looking for flexible blogging and writing jobs?

Comments

  1. Diego Sevilla says

    3/16/2005 at 6:31 am

    Mmm… Well, I don’t think it’s just “yet another.” Let me explain myself. I’ve studied a lot of spam plugins, from capchas to OSA that you’re using here including SpamKarma.

    Capcha based are painful, as you have to enter the code, and also are against people with disabilities, and also force the user to change their way of doing things just _because_ spammers.

    Others like OSA and SpamKarma are complicated, include database access, and even require maintainer from time to time activating the moderation and moderating comments (removing spam, teaching the bayesian what is spam and what is not…).

    The simplicity of WP-Morph is that you don’t have to do any of these. It generates a randomly complicated JavaScript code that must be executed in order to be able to pust a comment. The browser does that for us, but spammers with their bots won’t include a complete JavaScript interpreter just to decode the code and obtain the result. Thus, the test for spam is just a comparison (instead accessing data bases as SpamKarma and OSA) and the plugin is really simple. Just look at the code here.

    Best regards,
    diego

  2. Denis de Bernardy says

    3/16/2005 at 6:34 am

    Diego: What’s the difference with wp-hashcash?

  3. John says

    3/16/2005 at 6:44 am

    What about the 10-11% of users who have JavaScript disabled in their browsers?

  4. Diego Sevilla says

    3/16/2005 at 6:49 am

    Hi, Denis:

    Now, this is a good question I was expecting.

    There are two main differences:

    1. Wp-hashcash doesn’t have any “hidden” value. By hidden I mean a value that is *only* known by the server. This value is essential, and is used in pre- and post-processing. Spammers cannot know this value, and cannot generate correct results unless they execute the JavaScript. In other words, WP-Hashcash gives the spammers all the info they need to produce a fake response.

    2. In WP-Morph the JavaScript code *has to* be executed. WP-Hashcash claims that in his case, the JavaScript code that calculates the md5 *must* be executed by the client. But this is false: any spammer with an “md5” function in his pocket can do the calculus without executing any JavaScript in the page, then generating the fake response form. In fact, reading the comments to the WP-Hashcash blog entry, I see that any stupid pimprick has taken the time to study the code and release this code that fools the plugin. In WP-Morph, the code is generated ad-hoc for the page, it must be executed to obtain the result (because the code changes every time), and the result must be returned.

    Hope this clarifies the differences.

    Best reards,
    diego.

  5. Diego Sevilla says

    3/16/2005 at 6:52 am

    John,

    Yeah, that is a problem with the plugin, I must admit it… I thought about it, but there are really many things that depend on JavaScript: look at how many sidebars implement it without it… So I decided that I could pay this inconvenience to stop spammers…

    Best regards,
    diego

  6. Denis de Bernardy says

    3/16/2005 at 7:04 am

    Diego: I thought the wp-hashcash generated the key on the client…

    John: Personally, I wouldn’t care much about users with js disabled. To start with, I’ll take the bet most of them are in fact bots. And for the very few real users that remain, you can always put a noscript tag in your page to notify them js is required to use the comment form.

  7. John says

    3/16/2005 at 7:09 am

    Fair enough Diego. Comment spam has caused everyone inconvenience and with almost any implementation of a filtered device, some innocent users will get caught in the filter.

Managed WordPress Hosting

Work for Bloggers

  • Writing Jobs
  • Online Content Jobs
  • Editing Jobs
  • Blogger Jobs
  • Publishing Jobs
  • Copywriting Jobs
  • Telecommuting and flexible jobs at Flexjobs

Blogging & Writing Work

  • Writing Jobs
  • Online Content Jobs
  • Editing Jobs
  • Blogger Jobs
  • Publishing Jobs
  • Telecommuting and flexible jobs at Flexjobs

DISCLAIMER

A few things we'd like to share with you

BloggingPro © 2021 Splashpress Media