Captcha

The captcha was made more difficult to prevent spammers using automated OCR on it. There is a refresh button to reload another one if you cannot see it well.

There used to be a setting to change the difficulty level. But since the CAPTCHA programming is outside of WordPress, it could be forged to a lower setting by the spammers. That is why I removed the setting.

That setting would be really nice to have back. I think the vast majority of the users of this plugin are not concerned with spammers using automated OCR and would rather have easier captchas. Spammers going that far only going to go after the big sites that are not likely to being using this platform.

The simple captcha on Contact Form 7 stopped virtually 100% of spam messages on my other sites. Your plugin has some features that I need though.

It would be an interesting survey, but I would bet real money on the opposite: that the majority of users are very concerned with spam. I sure am, both on my own sites and my clients’ sites. My clients have all had to deal with spam, they all hate it, and when it gets out of hand they call me to do something about it. So anything and everything I can do to block spam is welcome. Spammers will actually target smaller sites that aren’t well monitored/managed in the hopes that they can deposit some of their crap without anyone noticing. And by the way, WordPress is used on some of the biggest sites in the world. Just take a look at https://www.ads-software.com/showcase/ .

Maybe a good option for the plugin would be to show a label that says “Get a new CAPTCHA image” without hovering. I changed my hover text to say this, but if people don’t hover over the button, they won’t see it. However, unless they’re not very computer savvy, I would also bet that most people would know by now what that button does. But we won’t know for sure unless someone has done a usability test!

When you submit the form without the correct code, it automatically shows a different CAPTCHA image.

I will make note of the issue for further review, but no promise.

I did notice that you get a new CAPTCHA image if you enter a wrong code. I also noticed that the CAPTCHA images were harder in 4.0 Beta, but I just click once or twice to get one that’s readable. For me it’s totally worth it to minimize spam. We might as well not even use a CAPTCHA if it’s easy for spammers to bypass.

However, the vast majority of spam I’ve seen has targeted post, page, or media attachment page comment forms, and not email contact forms.