This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.



bcSpamBlock is a simple way to protect your blog from comment spam. It
ensures that the client is a human by using a small bit of javascript on the
comments page. Users with Javascript enabled will never notice any
difference. For users without Javascript, they will have to copy/paste a
short code into a textbox to confirm.

This plugin was designed to be as light and compatible as possible. It doesn’t require
PHP sessions, a database table or file-based lookups. It uses a bit of
cryptography to have the visitor submit all of the information necessary to
validate them.

For trackbacks and pingbacks, it ensures that the IP requesting the pingback
resolves back to the website it is saying that it is. If so, it retrieves
the page that it says contains the link, and makes sure that it does, in-fact
have a like to this blog.

How it works:
Essentially, this generates one random value, and a crypted version of it with salt.
The crypted version is put directly into a hidden field.
If the visitor has JavaScript enabled, the original random value one is copied to a
second field via javascript and then hidden
If the visitor has javascript disabled, the user must copy/paste the random value
into the input box

Original logic for the Javascript portion was taken from the JS SpamBlock WordPress plugin
by Paul Butler (

The idea for the trackback validation came from the
simple-trackback-validation plugin


Copyright (c) 2007 – 2009 Brandon Checketts

This software is provided ‘as-is’, without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.

Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:

  1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required.
  2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.
  3. This notice may not be removed or altered from any source distribution.


  1. Installation is the same as any simple WordPress plugin. Simply create a
    /wp-content/plugins/bcspamblock/ directory, then copy the three files 3
    files (bcspamblock.php, bcspamblock_wp.php, and readme.txt) into it

  2. Log into the administrative section of your blog. Go to the Plugins menu and
    click ‘Activate’ next to the bcspamblock plugin

Contributors & Developers

“bcSpamBlock” is open source software. The following people have contributed to this plugin.


Translate “bcSpamBlock” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.


  • 2007-10-10 – v1.0 – Initial release
  • 2007-10-12 – v1.1 – Changed the salt to be a string in the format ‘$1$xxxxxxxx$’
    This fixes a problem where only the first 8 characters were
    useful for generating the hash
  • 2007-11-08 – v1.2 – Disabled the checking for the hidden variables in
    trackbacks, and instead uses a system inspired by the
    simple-trackback-validation from
    Essentially, make sure that the website referenced matches
    REMOTE_ADDR, and that the page actually contains a link to this
    Thanks to for information on how to handle
    trackback/pingbacks seperately
  • 2007-11-09 – v1.2.1 – Fixed needle/haystack problem with strstr() call
    An annoying PHP inconsistency
  • 2008-05-14 – v1.3 – Fixed a problem where PHP’s crypt() function includes
    the salt inside the encrypted value.
  • 2009-01-13 – v1.4 – Auto approve comments submitted by administrators. This
    fixes the ability to add/edit comments from the admin screens