HELP, I'm still getting spam!
There are four common issues that make HappyCaptcha appear to be broken:
- Moderation Emails: HappyCaptcha marks comments as spam, so even though the comments don't actually get posted, you will be notified of what is supposedly new spam. It is recommended to turn off moderation emails with HappyCaptcha.
- Akismet Spam Queue: Again, because HappyCaptcha marks comments with a wrongly entered CAPTCHA as spam, they are added to the spam queue. These comments however weren't posted to the blog so HappyCaptcha is still doing it's job. It is recommended to either ignore the Spam Queue and clear it regularly or disable Akismet completely. HappyCaptcha takes care of all of the spam created by bots, which is the usual type of spam. The only other type of spam that would get through is human spam, where humans are hired to manually solve CAPTCHAs. If you still get spam while only having HappyCaptcha enabled, you could be a victim of the latter practice. If this is the case, then turning on Akismet will most likely solve your problem. Again, just because it shows up in the Spam Queue does NOT mean that spam is being posted to your blog, it's more of a 'comments that have been caught as spam by HappyCaptcha' queue.
- Trackbacks and Pingbacks: HappyCaptcha can't do anything about pingbacks and trackbacks. You can disable pingbacks and trackbacks in Options > Discussion > Allow notifications from other Weblogs (Pingbacks and trackbacks).
- Human Spammers: Believe it or not, there are people who are paid (or maybe slave labor?) to solve CAPTCHAs all over the internet and spam. This is the last and rarest reason for which it might appear that HappyCaptcha is not working, but it does happen. On this plugin's page, these people sometimes attempt to post spam to try and make it seem as if HappyCaptcha is not working. A combination of HappyCaptcha and Akismet might help to solve this problem, and if spam still gets through for this reason, it would be very minimal and easy to manually take care of.
Are CAPTCHAs secure? I heard spammers are using porn sites to solve them: the CAPTCHAs are sent to a porn site, and the porn site users are asked to solve the CAPTCHA before being able to see a pornographic image.
CAPTCHAs offer great protection against abuse from automated programs. While it might be the case that some spammers have started using porn sites to attack CAPTCHAs (although there is no recorded evidence of this), the amount of damage this can inflict is tiny (so tiny that we haven't even seen this happen!). Whereas it is trivial to write a bot that abuses an unprotected site millions of times a day, redirecting CAPTCHAs to be solved by humans viewing pornography would only allow spammers to abuse systems a few thousand times per day. The economics of this attack just don't add up: every time a porn site shows a CAPTCHA before a porn image, they risk losing a customer to another site that doesn't do this.