WordPress Tools: WP-Gatekeeper

• Version: 1.5 RC5
• Compatible with: WordPress 1.5
• Apparently compatible with: WordPress 2.1
• Date: 1 March 2006
• Download: wp-gatekeeper.php.zip

Description

WP-Gatekeeper is a comment-spam defense plugin for WordPress 1.5. Upon installing it, a challenge will automatically be added to comment forms: "What color is an orange?". In order to post, the commenter must enter the correct answer. The strength of Gatekeeper is that it allows you to create any number of challenges you like, and picks one at random to insert into the comment form. You can also define your own markup template as well as manually place the challenge in your comment forms, should you so desire.

Bug and Change Notes

• 1 March 06: Changes in RC5

  • The challenge is now automatically added to forms in all WP 1.5 installs, including those which have gzipping enabled (which was the cause of the failure in RC4). You can still use the PHP call gatekeeper_pose_challenge() to place the challenge exactly wherre you want it, but if you're fine with it showing up after the comment field, you can just activate the plugin and you're off to the races!

• 7 July 05: Changes in RC4

  • Trackbacks and pingbacks are now actually permitted. They were thought to be permitted in RC3. Now they really are, according to my testing. Really!
  • As of RC4, there is one known bug.
    • The auto-challenge feature, which is supposed to automatically add a challenge to forms that don't contain the gatekeeper_pose_challenge call, does not seem to work on many sites. The problem seems to lie somewhere in the function gatekeeper_comment_form_filter, but as yet the actual fault remains undiscovered. Note that this problem does not occur in all WP installs, further complicating the effort to fix it.

• 14 June 05: Changes in RC3

  • In previous versions, running Gatekeeper would prevent any trackbacks or pingbacks from being registered. As of RC3, Gatekeeper allows through all ping- and trackbacks untouched (thanks to Joseph Scott for the fix). This change means that your WP install will be vulnerable to trackback spam. There is little or nothing Gatekeeper can do to change this. You will have to combat such spam through other means; i.e., disabling trackbacks, requiring approval of all comments, running another spam filter, etc.
  • The markup in the administrative interface was fixed so that it now validates. This includes encoding problematic characters in the textarea found on the page.

• 10 Mar 05: Changes in RC2

  • IMPORTANT: if you have used earlier versions of WP-Gatekeeper, you must run the RC2 updater. It is recommended that you run the updater and then immediately install the RC2 plugin. If RC2 is your first version of Gatekeeper, then you don't need to run the updater.
  • Added "reset to default" links for the challenges and the markup template on the management page. Remember that if you say "OK" to the pop-up dialog box, the data will be reset to install default and there's no going back.
  • Fixed a bug where logged-in users still had to answer the Gatekeeper challenge. Now there should be no challenge for logged-in users. This assumes that your install allows people to register and log in, of course. (Thanks, ColdForged!)
  • Tweaked the scanning routines to be more cross-platform friendly, the form scanning to be kinder to 1.5 themes that were ported from 1.2 installs, and fixed (I think) a slash-insertion bug that could affect the markup template. (Thanks, Scott!)
  • Added theme-root support. (Thanks, Terrence!)
  • Changed the gatekeeper_default_template option to be called gatekeeper_markup instead.

Installation

0. Back up your WP files! There's nothing here that should cause major problems, but if you have trouble or decide you want to back out WP-Gatekeeper, you'll want your original files.
1. Place wp-gatekeeper.php into the plugins directory.
2. In your administrative interface, activate the WP-Gatekeeper plugin.
3. Under "Manage", select the new "Gatekeeper" submenu. Make sure everything's to your liking, and take this opportunity to add new challenges or change the one that comes pre-installed (which I strongly recommend).

That's all. Did you want more?

Okay, here's more. By default, the plugin will scan comment forms and insert the challenge into the form. It's set up to insert the challenge after the URL input on the default (Kubrick) template. If it doesn't find a match for the markup it expects, it will insert the challenge after the textarea in the comment form. Failing that, it will simply insert an XHTML comment indicating its failure, and commenting will be blocked until the problem is fixed.

And how does one fix the problem? Well, you could disable the plugin, of course. You could also edit your comment form(s) to include the function gatekeeper_pose_challenge wherever it is you want the challenge to appear. This will likely mean that you'll have edit the markup it generates, and possibly surround it with your own, but odds are you've already been fiddling with the markup as it is, so no sweat, right?

Note that if your WordPress install allows users to register, logged-in users will not receive a Gatekeeper challenge. They're assumed to be trusted by dint of having accounts. This behavior may become an option in a future version of Gatekeeper.

Functional Reference

You will only need this information if you plan to manually place the challenge in your comment forms. Otherwise, it's an interesting curiosity.

format (string)

Format string for the link. Markup may be included in the format string, and will be returned unaltered. Defaults to the built-in format string, available from the Gatekeeper administrative page.

stripslashes (string)

Accepts one of two values: Y and N. If Y is passed, then the result will have escape-slashes stripped from any displayed text. N will leave the slashes in place, which is useful if the result will be placed within JavaScript. The default is Y.

tabindex (string)

Allows you to specify the tabindex value that will be used for the challenge's text input field. This is useful if you have a custom-structured form and don't want tabindexing to break. The default is 5.

doctype (string)

Accepts one of two values: xhtml and html. The former will cause empty elements to be returned with trailing slashes; the latter will leave off the trailing slashes. The default is xhtml.