I recently wrote an article on how to integrate CloudFlare turnstile in WordPress comments and implemented the code here at WPExplorer. However, I think using Turnstile is overkill and loading extra scripts just slows down page loading. So, I decided to code my own custom captcha field and use the Comment Blocklist to see if I can prevent comment SPAM without any 3rd party dependencies.
In this article I will provide the code needed to add a custom captcha field to the WordPress comment form. Specifically a field named “What year is it?”. Hopefully bots aren’t smart enough to answer the question.
To add custom fields to the WordPress comments form you can hook into the comment_form_defaults
filter. This filter returns an array of comment form fields to which you can add new ones. The filter will work with both classic and block themes.
Here is a code snippet which adds a new field labeled “What Year is It?”:
/**
* Adds a "What year is it?" field to the WordPress Comments.
*
* @link https://www.wpexplorer.com/how-to-add-custom-captcha-wordpress-comments/
*/
function wpexplorer_add_captcha_comment_field( $fields ) {
$fields['captcha'] = sprintf(
'<p class="comment-form-captcha">%s %s</p>',
sprintf(
'<label for="author">%s %s</label>',
__( 'What year is it?', 'text_domain' ),
wp_required_field_indicator()
),
'<input id="comment-captcha" name="captcha" size="30" type="text" required>'
);
return $fields;
}
add_filter( 'comment_form_default_fields', 'wpexplorer_add_captcha_comment_field' );
If you refresh your site you should see the new field added to your comments form. If you don’t, your site isn’t using the core WordPress comment form and you’ll need to figure out if your theme or a plugin is modifying things.
With the custom captcha field in place, the next step is to validate the input when a comment is submitted. We can hook into the pre_comment_on_post
action hook to run any code before WordPress posts a comment.
This is the code I’m using to validate the custom captcha field:
/**
* Hook into "pre_comment_on_post" to verify our custom captcha.
*
* @link https://www.wpexplorer.com/how-to-add-custom-captcha-wordpress-comments/
*/
function wpexplorer_verify_comment_captcha() {
if ( empty( $_POST['captcha'] ) || (int) date( 'Y' ) !== (int) sanitize_text_field( wp_unslash( $_POST['captcha'] ) ) ) {
wp_die(
'<p>' . __( '<strong>Captcha Error:</strong> Do you not know what year it is?', 'text_domain' ) . '</p>',
__( 'Comment Submission Failure' ),
[
'response' => 200,
'back_link' => true,
]
);
}
}
add_filter( 'pre_comment_on_post', 'wpexplorer_verify_comment_captcha' );
This code will check to make sure our captcha field has a value and the value equals the current year as returned by the PHP date()
function. If neither of these checks pass we kill execution using the wp_die()
function and display a little message.
Conclusion
As you can see, adding a custom captcha field to your WordPress comments is very simple. It only requires a couple functions. Services like Akismet are expensive and most of the free anti-spam plugins are bloated or require 3rd party services like reCaptcha.
I will give this custom captcha field a go on the site and see how it works out. If the site keeps getting comment spam, I will try switching to a honeypot field.
Let me know in the comments how you prevent comment or other SPAM on your site and be sure to check out our list of the best anti spam plugins for WordPress.