UPDATE 2007.07.11: version 1.2 released.
UPDATE 2007.08.29: instructions for MT 4.0.
UPDATE 2008.05.01: instructions for MT 4.1.

Joel just clued me in on a new Captcha system called reCAPTCHA. What’s different about reCAPTCHA is that they use the verification words to correct OCR mistakes in scanned books. In their words: “About 60 million CAPTCHAs are solved by humans around the world every day…. in aggregate these little puzzles consume more than 150,000 hours of work each day. What if we could make positive use of this human effort?”

They provide PHP code and a WordPress plugin, but I’m using Movable Type here, so I wrote a Movable Type plugin to use this system. Details follow…

Installing in Movable Type

I’ve tested this plugin with Movable Type 3.2. It should work with 3.3 also. NOTE: skip to the bottom for Movable Type 4.x.

  • Download the reCAPTCHA plugin: Recaptcha.zip
  • Copy the Recaptcha.pl file to your mt/plugins directory.
  • Edit your mt/lib/MT/App/Comments.pm file, somewhere around line 230, adding the block below noted with “begin addition”:

# Run all the Comment-throttling callbacks
my $passed_filter = MT->run_callbacks('CommentThrottleFilter',
                                      $app, $entry);
$passed_filter ||
    return $app->handle_error($app->translate("_THROTTLED_COMMENT"),
                              "403 Throttled");

### BEGIN ADDITION FOR RECAPTCHA PLUGIN ###
my $error_message = MT->run_callbacks('CommentErrorFilter', $app, $entry);
if ($error_message) {
    return $app->handle_error($error_message);
}
### END ADDITION FOR RECAPTCHA PLUGIN ###
  • Edit your templates for comments and comment preview to include something like:

<p>
  Verification (needed to reduce spam):
  <$MTRecaptchaBox$>
</p>
  • Go into the Movable Type admin interface, click “Settings” (left bar), then “Plugins” (across the top). You should see “reCAPTCHA” listed with your plugins. Click “Show Settings” and enter the public and private keys you got from recaptcha.net when you signed up. Click “Save Changes.”
  • You should now rebuild your site so the reCAPTCHA box will show up on your pages. Click “Rebuild Site” (left bar).

Notes for Version 1.2 Upgrade

If you are upgrading from a version prior to 1.2, you’ll notice the public/private keys have moved out of the Recaptcha.pl source file and into the MT settings page, where they belong. Also, the change to Comments.pm is different. Please replace the change with the new text shown above.

Notes on the Plugin

The plugin adds two features: the MTRecaptchaBox tag and a callback hook for comment posting. The tag simply generates the correct HTML for displaying a Recaptcha box.

The comment posting hook contacts recaptcha.net to validate the contents of the Recaptcha box. Unfortunately, I couldn’t properly implement this without changing Comments.pm; I needed to add a new callback which would allow a plugin to cause comment submission failure and return an error message to the user. The existing mechanisms (throttling, junk, and ‘CommentFilter’) weren’t good enough. I did this the nicest way possible, though, by adding another callback hook.

Movable Type 4.0

MT 4.0 has a new CAPTCHA plugin API, and they supply a reCAPTCHA plugin. Unfortunately, it’s busted. Here’s how to make it work:

  • Copy the reCaptcha folder from extras/examples/plugins to your plugins directory.
  • Edit the reCaptcha.pl file: change system_config_template to config_template at line 20.
  • Also in reCaptcha.pl at line 29, add your keys like so:

['recaptcha_publickey', { Default => 'YOUR-PUBLIC-KEY-HERE' }],
['recaptcha_privatekey', { Default => 'YOUR-PRIVATE-KEY-HERE' }],
  • Now go to the Movable Type dashboard in your browser, Preferences > Blog Settings > Comments. Set “Immediately Approve Comments From” to “anyone.” Near the bottom is a chooser called “CAPTCHA provider.” Select reCAPTCHA and click Save Changes.
  • In the sidebar select Registration. Check the “Anonymous Comments” checkbox and deselect the rest, click Save Changes.
  • Rebuild your site.

Something is busted with the Preferences > Plugins panel (it won’t save the keys if you enter them there) so that’s why you need to hard-code them in reCaptcha.pl. I’ve submitted a bug to SixApart so hopefully these problems will be fixed in the next release of MT 4.

Movable Type 4.1

SixApart has fixed the reCATCHA plugin in 4.1. Here’s what you need to do:

  • Copy the mt/extras/examples/plugins/reCaptcha directory to mt/plugins/reCaptcha.
  • Edit the comment form template as indicated in the README file. Ignore the part about the JavaScript index template.
  • Go to Preferences > Blog Settings > Comment and set “CAPTCHA Provider” to reCAPTCHA. Save your changes.
  • Go to Preferences > Plugin Settings > reCaptcha > Settings and fill in the public and private keys. Save changes.
  • Rebuild your site.

Update 2008.05.02: Marcos Lara adds: if you’ve turned on Movable Type’s built-in spam protection, turn that back down to zero when using reCAPTCHA. Otherwise all comments will get marked as needing moderator approval.

Thanks

Many thanks to Ian Peters for getting the plugin integrated with the MT settings page, and other tasty improvements.