In a world (wide web) besieged by bots, one plugin will see it fit to stop them all. Its name is Stop Spammers!
A primary objective of the Stop Spammers project is to build a plugin that is both comprehensive and easy to use. Stop Spammers works great out of the box. And in 2021.16, we added a check for Square payments enabled by default.
The plugin is also very layered. For example, the allow request module has several points of configurable settings. If you have the Stop Spammers allow request feature enabled, you know that humans appearing as bots through the rigorous check logic can request that the admin add their email and IP address to the allow list so they aren’t blocked in the future.
But here’s the deal. Just as they trick the forms, spam bots can also trick the second chance form that activates when a security check is flagged. That’s why we offer the ability to connect to a captcha service in order to display the captcha on the allow request form. The leader in captcha services for years has been Google since the company acquired reCAPTCHA in 2009. And we are happy to offer integration with v2. However, the baggage of the company offering reCAPTCHA is hard to ignore.
What Information Is Google Collecting?
Privacy (and the lengths tech giants will go to in order to violate ours) is at top of mind for many of us these days. Google earns much of its revenue serving up ads. Intimately monitoring traffic only helps in service of its advertising wing. With v3 in particular, Google is very opaque about how they distinguish bots from users given that the end user doesn’t need to actively participate in human validation.
Will reCAPTCHA Remain Free?
Google seems less and less interested in the “don’t be evil” ethos that helped it become the behemoth it is today. The company will offer services for free and then gradually introduce advertisements in the case of gMail or more and longer advertisements in the case of YouTube or paywalls in the case of Google Places API once market share has been firmly established. Google Maps may be one of the first shoes to drop in the developer realm, but we see this same path taking shape with reCAPTCHA and its “enterprise” version. You may very well be stuck with a watered-down version or one that forces you to make other compromises in the years to come.
Introducing hCaptcha for Stop Spammers
hCAPTCHA is a fantastic alternative to Google. And it’s been on our radar for awhile now. The company is privacy focused and compliant with the GDPR. The reCaptcha service has a free edition that is solid, but also has an enterprise edition that offers other perks. You could even earn rewards (rather than being punished) for higher traffic.
Another great thing about it is the user experience will be very familiar to your visitors. Everything was designed to help make the switch from Google to hCAPTCHA easier: the backend code to the admin console that lets you create keys, limit by domain, and control the difficulty, and the end-user look and feel.
Configure hCaptcha in the Stop Spammers Admin
In the WordPress admin, navigate to the Stop Spammers menu and click on the “Challenge & Deny” submenu. From there, add the public and private keys you created on the hCAPTCHA website and choose hCAPTCHA as the service for the challenge request form. You should see the hCAPTCHA box appear without any errors displayed once you click save. If there is an error, it usually means the API key is not valid for the site where it’s been activated. Make sure the URL of the site you’re managing is allowed in the hCAPTCHA sitekey settings.
What’s Next – Spam Plugin Roadmap
We’re excited to announce hCAPTCHA integration will be a key component to our near-term roadmap. We’ll have more to come in the next month. As always, please let us know what you think. Your contributions and feedback help keep this project strong.