THE plugin to fight spam

  • Plugin is great. Some spam gets through but what are you gonna do. I always use “Easy” difficulty too though, don’t want to bug humans too much.

    If you have your WP login credentials saved in the browser at /wp-admin they are autofilled in hCaptcha settings:

    Yikes, can't add images - Error: Please do not add links to your review, keep the review about your experience in text only.

Here's a link anyway:

i . imgur . com / HhPE3gK.png

    That could be disabled with autocomplete="off" or something, would be nice. Honestly, Secret Key shouldn’t be obfuscated anyway, who’s watching over my shoulder and memorizing that, I just want to see it to be sure I pasted the right thing.

    Also setting it up for loads of sites gets a bit tedious, wish there was a button to “Login with hCaptcha” that redirects to hCaptcha site, click login, redirect back with some token and let hCaptcha register the site and generate the keys itself. Pretty much like Google Site Kit works.

    Also not a fan that the inline styles include compatibility for plugins that I don’t have enabled, such as #wpforo, #af-wrapper, .gform-*, .wpdm-*, .w3eden, .elementor-*, etc, but it’s not the end of the world.

    I think I also had an issue with CF7 that it appended hCaptcha to the form even though I had added it manually with the hcaptcha shortcode. I have it enabled under Integrations but for some forms I may need to tweak the location so I added it manually there. Looking at the source, maybe I needed to use [[cf7-hcaptcha]], so my bad, but maybe it could be added to CF7 form editor “media_buttons” row to remember what it is.

    Also maybe the function hcap_get_error_messages() could have a filter or plugin options to change the 3 main plugin messages. I know I could contribute a translation to the plugin but you need like permissions first and then you gotta translate a major chunk of the plugin and get it reviewed and ideally maintain it, a lot of hassle for just changing the “Please complete the hCaptcha.” message. gettext filter applies to every single translatable string ever so I’m hesitant to use it for performance reasons or maybe it’s fine I don’t know.

    Anyway, sorry for wall of text, 5 stars, thanks and keep it up!

Viewing 1 replies (of 1 total)
  • Plugin Contributor kaggdesign

    (@kaggdesign)

    Hi, @r4nd99y! Thank you for your review, very appreciated!

    In v2.7.0, I have added some improvements proposed here.

    1. autocomplete="off" for password field.
    2. ‘hcap_error_messages’ filter to modify hCaptcha error messages.

    The CF7 issue seems not exist now; this was fixed some versions ago. If I add the [cf7-hcaptcha] shortcode inside the form, no additional widget is added automatically. Could you please check and, if the problem persists, open the issue on our GitHub?

    I did not proceed with cleaning inline styles, as they are so tiny and adding a logic there would cost more than just throwing them to the browser.

    Registration via the hCaptcha website (like Google Site Kit) is not a bad idea, but it could require some time due to changes required on the website. I have added it to our issues on GitHub.

    Thank you again for your feedback and ideas.

Viewing 1 replies (of 1 total)
  • The topic ‘THE plugin to fight spam’ is closed to new replies.