Plugin Author
Guido
(@guido07111975)
Hi,
Yes and no, please check the FAQ:
The captcha is a random number that changes every day.
In older plugin versions it changed every session. But the capcha has been simplyfied, because it’s not using a PHP session anymore.
Guido
Hello Guido,
i really like your plugin, however the CAPTCHA is really easy to defeat, if someone wants to spam your forum. Wouldnt it be smarter to include a real CAPTCHA solution that can be configured via the wordpress options? E.g. an option for a reCAPTCHA API key, that can be set via WP-CLI?
This would really boost your plugin a lot regarding secure use!
Best regards!
Plugin Author
Guido
(@guido07111975)
Hi,
I really dislike the reCaptacha, but I agree with you that mine isn’t very solid.
I strongly prefer a build in captcha feature. How about a captcha sum, as for example described here?
Guido
Hello Guido,
i understand your concerns regarding reCAPTCHA and probably the dependency of google. However, CAPTCHA solutions are extremely difficult to design and a lot of projects already died due to their weaknesses and their inefficiency. The solution you suggested is barely more secure than the one you are using right now, as an attacker might circumvent it easily.
Some hints are given on this page: https://www.gravityforms.com/rip-captcha/
Maybe a honeypot solution is OK for now, even though it is not very secure either, but at least it doesnt disturb the users.
Unfortunately, Googles noCAPTCHA is the most advanced CAPTCHA until now. MAybe also an integration of Akismet Spam Plugin could work. However, i havent checked that in detail
Greetings!
Plugin Author
Guido
(@guido07111975)
Hi,
My form already has a honeypot field 🙂 And until now I did not get a single complaint from a user regarding SPAM via my forms. And my plugin has been around several years now. This means I can be lucky, or it’s because of the honeypot, or bots like the more popular forms more. Older plugin versions had a session-based Captcha (not very strong either), but it was using a PHP session and this caused problems on a few sites. So I’ve removed it. Personally I think a simple numeric Captcha (for humans) with a honeypot (for bots) isn’t that bad. But not the best, I agree. Will look into reCaptcha, maybe it’s not very difficult to include this, as extra feature.
Guido
