Title: wp-morph Last modified: August 18, 2016 --- # wp-morph * [skinnylatte](https://wordpress.org/support/users/skinnylatte/) * (@skinnylatte) * [21 years, 2 months ago](https://wordpress.org/support/topic/wp-morph/) * wondering if anyone’s tried wp-morph and has any comments * :[http://neuromancer.dif.um.es/blog/?p=109http://neuromancer.dif.um.es/blog/?p=109](http://neuromancer.dif.um.es/blog/?p=109http://neuromancer.dif.um.es/blog/?p=109) * i’m currently relying on a capcha but thinking of removing it because of the inconvenience it’s causing to my readers. * but i’m not sure if this one’s what i’m looking for (esp. looking at the need for javascript support) Viewing 11 replies - 1 through 11 (of 11 total) * [cicloid](https://wordpress.org/support/users/cicloid/) * (@cicloid) * [21 years, 2 months ago](https://wordpress.org/support/topic/wp-morph/#post-169853) * I prefer, WP-HashCash, or SpamKarma 🙂 of course, this are my preferences… * [dsevilla](https://wordpress.org/support/users/dsevilla/) * (@dsevilla) * [21 years ago](https://wordpress.org/support/topic/wp-morph/#post-170613) * Hehe… I would say that I have pretty good results with WP-Morph 🙂 I don’t like hashcash because it has a flaw in design I explain in the webpage of WP-Morph. I haven’t tried SpamKarma though, but I’ll give it a try. * [jinsan](https://wordpress.org/support/users/jinsan/) * (@jinsan) * [21 years ago](https://wordpress.org/support/topic/wp-morph/#post-170614) * what’s this hashcash flaw you speak of? Never had a spam commment get through with it, only legit ones. * [brainwidth](https://wordpress.org/support/users/brainwidth/) * (@brainwidth) * [21 years ago](https://wordpress.org/support/topic/wp-morph/#post-170615) * I hate making the users have to do anything extra to post comments, so all I do is use the optional comment moderation plugin to send any comments made on posts older than 10 days to moderation. * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [21 years ago](https://wordpress.org/support/topic/wp-morph/#post-170616) * i prefer a well-thought .htaccess. I use NO plugins. I get No spam. * [dsevilla](https://wordpress.org/support/users/dsevilla/) * (@dsevilla) * [21 years ago](https://wordpress.org/support/topic/wp-morph/#post-170622) * Jinsan, hashcash’s flaw is that it requires the browser to interpret a md5 routine written in JavaScript to codify a result. At first sight, this would require a browser to interpret the code. However, this is not true, as the only requirement is to “interpret” an md5 routine, any spammer that has a, say, perl script with an md5 routine can generate the correct answer and send the form automatically. I don’t know if you’ve received any spam using HashCash, but it has been reported elsewhere (look in the WP-HashCash main page). * Best regards, diego * [dsevilla](https://wordpress.org/support/users/dsevilla/) * (@dsevilla) * [21 years ago](https://wordpress.org/support/topic/wp-morph/#post-170623) * whoami, would you be so kind that share with us what techniques do you use in your .htaccess? BTW, with WP-Morph the user has to do nothing special: no capcha, etc. Just enable JavaScript. * Best regards, diego * Anonymous User 6434 * (@anonymized-6434) * [21 years ago](https://wordpress.org/support/topic/wp-morph/#post-170627) * Actually, there’s a little bit more that has to be done than simply sending the md5 of a certain field with WP-hashcash, although it’s certainly subtle. First, the spammer has to identify that WP-hashcash is in use on the blog, which in the 2.0 release is substantially more difficult, because the javascript is obfuscated. Then, it has to compute the md5 of a special form field and set the name dynamically. In theory it could be beaten, I suppose, so I may well want to add a computation for the value part as well, in the next .1 release. * Anonymous User 6434 * (@anonymized-6434) * [21 years ago](https://wordpress.org/support/topic/wp-morph/#post-170628) * I’ve just updated WP-Hashcash in SVN to insert javascript to compute the value part of the hashcash computation in one of three random ways, which should stave off any attempts to just hack in the md5. It’ll be posted shortly. * [angsuman](https://wordpress.org/support/users/angsuman/) * (@angsuman) * [21 years ago](https://wordpress.org/support/topic/wp-morph/#post-170629) * [@dseville](https://wordpress.org/support/users/dseville/) What you said is theoretically correct. In real-life I am yet to see a spammer who realized it and used a bot to break it. Having said that variety of solutions are good and fixing it is good too. That gives spammers more task 🙂 * I have been running spam free (comment spam or referrer spam or trackback spam) for last 3-4 months using Hashcash etc. You can find the details [here](http://blog.taragana.com/index.php/archive/how-to-keep-your-wordpress-15-blog-spam-free/). * Anonymous User 6434 * (@anonymized-6434) * [21 years ago](https://wordpress.org/support/topic/wp-morph/#post-170630) * The design flaw Diego mentions has been rectified, and you can get the latest version here: * [http://dev.wp-plugins.org/browser/wp-hashcash/trunk/](http://dev.wp-plugins.org/browser/wp-hashcash/trunk/) * If anyone wants to contribute some identity functions for wp / hashcash, that would be great. Basically, if I give you a number, I want you to give me a javascript function that returns that number but does not contain it. Viewing 11 replies - 1 through 11 (of 11 total) The topic ‘wp-morph’ is closed to new replies. ## Tags * [elliottback](https://wordpress.org/support/topic-tag/elliottback/) * 11 replies * 8 participants * Last reply from: Anonymous User 6434 * Last activity: [21 years ago](https://wordpress.org/support/topic/wp-morph/#post-170630) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics