suggestions for WP-Hashcash

Suggestion 1 — you might want to:

– add the following before the comment form

<noscript>
This form is spam-protected by wp-hashcash. Please enable javascript and reload this page to use it.
</noscript>

– have the plugin add disabled=”disabled” to all of the form’s fields

– add the following script when the page is finished loading or after the form is loaded:

<script>
document.getElementById( ‘author’ ).disabled = false;
document.getElementById( ’email’ ).disabled = false;
document.getElementById( ‘url’ ).disabled = false;
document.getElementById( ‘comment’ ).disabled = false;
document.getElementById( ‘submit’ ).disabled = false;
// any other you automatically detect
</script>

Suggestion 2 — you might also want to take advantage of the md5 js and encrypt (and decrypt):

– ‘wp-comments-post.php’ (or whatever the form’s action is)
– any case-insensitive occurence of ‘wordpress’, ‘blog’, ‘comment’, ‘trackback’, ‘pingback’, etc. (that way, you can only manually discover a blog)

Still taking advantage of the js:

– encrypt / decrypt any emails that the user left behind so they are not easily found by spiders