I have been using Google’s reCAPTCHA to get rid off spam bots in my blog’s comments section. It had generally worked very reliably and I had been happy with it. That is until recently when Google released the new ‘no CAPTCHA reCAPTCHA’. Since switching my reCAPTCHA to the new version a decent amount of spam comments started to get through. I posted about it on Twitter and got a reply from James Wood of FunCaptcha who directed me to one of their blog posts talking about the issue.
FunCaptcha is an Australian startup that takes a fresh approach to spam protection by asking the user to complete a short fun activity when submitting their comment or registration form. Presently, the activities consist of rotating a ball with an image of an animal, so that it is the right side up, or identifying a picture of a woman among images of men and dragging it into a designated location. Quite a simple and fast-to-do task for a human, but apparently very difficult for a spam bot.
Now, I have not heard of FunCaptcha or known James before my Twitter post which means they are actively browsing the web looking for folks to promote their service to. That is totally fine in my book as I appreciated their post regarding the new reCAPTCHA issues and also the fact that they did not shove FunCaptcha in my face or tried to convince me to use it. Like at all. James did not even mention it. Subtle and nice.
The fact is they didn’t really need to—as a gamer, I completely dig the concept (and beat myself in the head for not thinking of it first). Most people love games—regardless of how ‘casual’ or ‘hard-core’—and why not turn something as menial as submitting a comment form into 5 seconds of fun. While reCAPTCHA had generally worked pretty well for me, there is no doubt that trying to decipher the squiggly letters it produces is not always easy. So I decided to give FunCaptcha a try. As you can see, it is now set up on my site, and I am curious to see how it is going to perform over the next weeks. If you happen to read this post and want to give it a try, just scroll down and try to submit a comment.
The setup itself was straightforward. You register on FunCaptcha’s website and get your public and private key. FunCaptcha provides a number of plugins for popular scripts and CMSs which makes it dead simple. Just install the plugin for your flavor of CMS, input your keys and choose a couple of settings such as the theme, alignment, etc. And you are set.
That said, I ran into two issues which I would like to mention:
First, my web host uses cPanel and your account’s primary domain files get put in the /public_html folder by default. While this is fine for some users, for folks like me with a multiple domain hosting plan it is not ideal as your subsequent add-on domains are stored in their respective folders also inside the /public_html folder. In other words, after a while the main folder becomes a mess and your primary domain files and folders are mixed with your add-on domain folders. As such, I have set up custom .htaccess redirect rules which allow me to keep my primary domain files and folders inside a subfolder in the /public_html folder. This makes everything much neater and more organized. Very occasionally this setup leads to some unexpected redirect behavior and I experienced it with the FunCaptcha WordPress plugin. Basically, I could not save the plugin settings (including my public and private key) as upon submitting the settings form, I was redirected out of WordPress and asked to log in again.
The solution was quite simple: the FunCatpcha plugin folder includes two files which are responsible for the admin section of the plugin— wp_funcaptcha_admin.php and wp_funcaptcha_admin_activate.php. These files contain the forms that allow you to save the plugin settings and the action attribute of the forms uses this code:
<?php echo(htmlentities($_SERVER['PHP_SELF']).'?'.htmlentities($_SERVER['QUERY_STRING'])); ?>
The PHP_SELF bit of the code is what was conflicting with my redirect rules and it is actually not needed as the form will stay on the same page without it anyway. So just change all instances of the above code to the following and you will be fine:
<?php echo('?'.htmlentities($_SERVER['QUERY_STRING'])); ?>
Second, if you de-activate the FunCaptcha plugin in WordPress and then activate it again, it will reset its saved settings including the public and private key. I did not investigate why this happens, but I hope it is something the FunCaptcha guys can change in the future updates of the WordPress plugin. As a user, I may want to temporarily disable the plugin and I do not want to have to set everything again if I reactivate it again. It’s an inconvenience, but a minor one.
Your account on FunCaptcha’s website has, among others, a customization and analytics section, but as these are currently in beta, they are not enabled by default and you need to email FunCaptcha’s support to ask them to enable them for you. I have yet to do that—and I will as I am curious to see what the customization options are and I also want to see the usage stats. On that note, it would be nice if you could submit the request from your account’s dashboard instead of having to send an email. Ideally, I would like to see the customization options and reports as part of the WordPress plugin in the future as it would be more convenient to manage everything from within my CMS rather than the FunCaptcha’s site.
FunCaptcha is presently completely free. From reading between the lines on their website, I am assuming that they intend to make money from embedding ads in FunCaptcha’s iframe (and possibly offering a paid ad-free version of the service). If that is indeed the case, it could be interesting if they offered a revenue share for the site admins who adopt FunCaptcha (this would possibly incentivize a wider adoption of the plugin) and if they provided at least some general control over what ads get displayed on your site (e.g. web/technology vs cars or beauty products).
All in all, the setup was a breeze and I am stoked to have the comment submission turned into a bit of fun. Let me know how you like it or if you run into any issues with it.
Update 1 – January 26, 2015
For whatever reason the FunCaptcha iframe stopped loading on my site. It says the verification cannot load because it cannot connect to the server. I checked the FunCaptcha’s status page and all the services appear to be up and running. Until that is sorted out, I am switching my spam protection back to reCAPTCHA.
Update 2 – January 26, 2015
The FunCaptcha guys confirmed that everything on their side was working properly and suggested that the issue on my side might be caused by caching of the pages. I disabled my caching plugin (W3 Total Cache) and indeed FunCaptcha is back to live. I’d like to keep the caching on my site enabled, so will see if there’s a way to make it work together with FunCaptcha.