If you have ever commented here, you might have noticed that it requires approval before posting (although once approved, you can then post automatically without waiting for approval in the future).  That works well to keep spam out of comments, but does require me to manually dispprove/delete all the spam posts that come in, and it’s tedious and somewhat tiresome clicking through a couple dozen posts daily.  I’ve been leaning towards installing one of those little fields where you have to type what you see or do a basic sum or something to post, but before I do that and make it more difficult for posting comments, I’m going to try a plugin called “WP Captcha-Free” which, in theory, should prevent bots from being able to post.

“WP Captcha-Free generates a hash (aka token) based on several parameters like time (with a some cushion), post id, IP address, and browser user-agent which should not change between requests (within a short period of say a few seconds). When the comment form is posted the plugin uses ajax to get a hash value and adds it to a hidden field. On the server side it verifies if the hash is valid or not. It uses adds random salt to the hash so that it cannot be guessed.

A combination of a time based hash and javascript (ajax) makes it almost impossible for any bot to bypass.”

I don’t entirely understand all that, so I hope that it isn’t so aggressive as to interfere with actual people!