WordPress comments have always been the hardest hit by spam, as long as your website has a certain amount of traffic and the comment function is open, then you must have been plagued by WordPress spam comment messages, there are some plugins that can add a CAPTCHA field to WordPress comments to stop spam. But adding plugins for this one feature sometimes affects the performance of the website.
In this article, I'm going to show you how to add a custom captcha field to a WordPress comment form. The main idea is to add a "What year is it now? question in the hope that spam comment bots don't understand poetry.
Step 1: Add custom fields to the comment form
To add custom fields to a WordPress comment form, we can use thecomment_form_defaults
Filter. This filter returns an array of comment form fields to which you can add new fields. This filter is available for both the Classic theme and the Block theme.
The following code snippet adds a new field labeled "What year is this?" :
function wprs_add_captcha_comment_field( $fields ) {
$fields['captcha'] = sprintf(
'<p class="comment-form-captcha">%s %s</p>',
sprintf(
'<label for="author">%s %s</label>',
__( 'What year is it now?' , 'text_domain' ),
wp_required_field_indicator()
),
'<input id="comment-captcha" name="captcha" size="30" type="text" required>'
);
return $fields.
}
add_filter( 'comment_form_default_fields', 'wprs_add_captcha_comment_field' );
After adding this code, refresh the site and we'll see this field appear in the comment form. If it doesn't, it means that your site isn't using the WordPress core comment form and you need to figure out if it's your theme or a plugin that's modifying it.
Step 2: Validate the customized captcha when submitting a comment
With a custom captcha field, the next step is to validate the input when submitting a comment. We can do this using thepre_comment_on_post
Hook to validate WordPress comments before they are posted.
Here is the code I used to validate the custom captcha field:
function wprs_verify_comment_captcha() {
if ( empty( $_POST['captcha'] ) || (int) date( 'Y' ) ! == (int) sanitize_text_field( wp_unslash( $_POST['captcha'] ) ) {
wp_die(
'<p>' . __( '<strong>Authentication Failed, :</strong> Do you know what year it is?' , 'text_domain' ) . '</p>',
__( 'Verification failed, please don't post spam comments.' ),
[
'response' => 200,
'back_link' => true, [ 'back_link' => true, [ 'back_link' => true, '
]
);
}
}
add_filter( 'pre_comment_on_post', 'wprs_verify_comment_captcha' );
This code will check to see if the user submitted the CAPTCHA field and if the value is equal to the PHPdate()
The current year returned by the function. If neither of these checks pass, we will use thewp_die()
The function terminates execution and displays a message.
summarize
As you can see, adding custom CAPTCHA fields to WordPress comments is very simple. It only requires a few functions. Services like Akismet are expensive and most free anti-spam plugins are bloated or require a third-party service like reCaptcha.