bcSpamBlock is a simple way to protect your blog from comment spam. It
short code into a textbox to confirm.
This plugin was designed to be as light and compatible as possible. It doesn’t require
PHP sessions, a database table or file-based lookups. It uses a bit of
cryptography to have the visitor submit all of the information necessary to
For trackbacks and pingbacks, it ensures that the IP requesting the pingback
resolves back to the website it is saying that it is. If so, it retrieves
the page that it says contains the link, and makes sure that it does, in-fact
have a like to this blog.
How it works:
Essentially, this generates one random value, and a crypted version of it with salt.
The crypted version is put directly into a hidden field.
into the input box
by Paul Butler (http://www.paulbutler.org/)
The idea for the trackback validation came from the
Copyright (c) 2007 – 2009 Brandon Checketts
This software is provided ‘as-is’, without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.
Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:
- The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required.
- Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.
- This notice may not be removed or altered from any source distribution.
- 2007-10-10 – v1.0 – Initial release
- 2007-10-12 – v1.1 – Changed the salt to be a string in the format ‘$1$xxxxxxxx$’
This fixes a problem where only the first 8 characters were
useful for generating the hash
- 2007-11-08 – v1.2 – Disabled the checking for the hidden variables in
trackbacks, and instead uses a system inspired by the
Essentially, make sure that the website referenced matches
REMOTE_ADDR, and that the page actually contains a link to this
Thanks to email@example.com for information on how to handle
- 2007-11-09 – v1.2.1 – Fixed needle/haystack problem with strstr() call
An annoying PHP inconsistency
- 2008-05-14 – v1.3 – Fixed a problem where PHP’s crypt() function includes
the salt inside the encrypted value.
- 2009-01-13 – v1.4 – Auto approve comments submitted by administrators. This
fixes the ability to add/edit comments from the admin screens