Anti spam-blog plugin for WordPress MU

The very popular WP Hashcash plugin for WordPress has been modified to work on the WordPress MU signup page.

WP Hashcash is an anti spam plugin that protects blogs from comment spam. It does this with Javascript and is quite successful. I worked on it over the last few days and the plugin now offers the same protection on the WordPress MU signup form!

This is the first release of the code so handle with care. Grab the latest version (version 4.2 as of this moment) from the download page. Unzip it and copy wp-hashcash.php into wp-content/mu-plugins/ and visit “Site Admin” -> “WordPress Hashcash” to confirm it’s working.

Now logout and create a new blog, just to make sure everything is working ok. Occasionally some users will have problems registering, and those that have Javascript turned off won’t be able to create a new blog at all. That’s the downside of using this plugin unfortunately.

Keep an eye on the stats counter on the admin page. I want to hear how well this works on your site!

Author: Donncha

Donncha Ó Caoimh is a software developer at Automattic and WordPress plugin developer. He posts photos at In Photos and can also be found on Google+ and Twitter.

19 thoughts on “Anti spam-blog plugin for WordPress MU”

  1. when trying to save option page get the following messege

    Fatal error: Cannot redeclare wphc_option() (previously declared in /home/talebnet/public_html/wp-content/mu-plugins/wp-hashcash.php:22) in /home/talebnet/public_html/wp-content/mu-plugins/wp-hashcash.php on line 33

  2. Doncha,

    I have the same thing like Ferasof:

    Everythime I save its show the error:

    Fatal error: Cannot redeclare wphc_option() (previously declared in /home/yudanto2/public_html/dev/wp-content/mu-plugins/wp-hashcash.php:22) in /home/yudanto2/public_html/dev/wp-content/mu-plugins/wp-hashcash.php on line 22

  3. Hi Doncha,

    I am getting the same error on MU 1.5 after saving the settings as well.

    Fatal error: Cannot redeclare wphc_option() (previously declared in /var/www/vhosts/ in /var/www/vhosts/ on line 22

  4. Hi Donncha –

    Love the plugin – thank you for updating for MU! I’m having trouble with the new blog signup page, specifically the confirmation page. The wphc_value hidden input field is added on the signup_hidden_fields hook. There is no form on the confirmation page, so no hidden fields, and I’m seeing javascript errors on the confirmation page when it tries to assign a value to wphc_value.

    That the plugin loads at all (at least the javascript in the header on wphc_posthead) seems to be driven by the fact that is_page() returns true on wp-signup.php. I am guessing that is a core bug or is that the way is_page() should function?

    The fix might be adding the form/hidden input fields to the signup_finished hook?

    Thanks for all the great work on MU!

  5. Hi Donncha!

    I’m setting up a community blogging network using WP MU and just installed Hashcash. I only really want it to stop spam sign-ups as we were getting a few of those. So I turned off comment moderation and logging. However, any comments posted on the main admin page are still automatically held for moderation, and all have the following message appended:

    “[WORDPRESS HASHCASH] The poster sent us ‘0 which is not a hashcash value.”

    Any ideas?



      1. If you want Hashcash just for WPMU signups… comment out the add_action’s for “comment_form”, “wp_head”, and “preprocess_comment”.

        The above is untested… but theoretically this should work.

        I think it’s also safe to comment out the action for “widgets_init” as well… as that just shows how much spam Hashcash has blocked.

  6. IT WORKS :)1584 spam signups blocked out of 105 human signups. 93.78% of your signups are spam!

    So YES to think i would have had to delete them from the backend …

    It is nice to see Plugs That Works out the box

    Kick Ass Job..

    Ps I am alsow useing it on my new site

  7. Hi Donncha,

    the plugin page on the repository states version 4.3 and compatible up to 2.6.
    is this safe to use on WPMU 2.7.1? Did you see any problems with installs that also have BuddyPress (or even BBpress for those who managed to figure that out? :))


  8. I am having the problem that basically seems Hashcash is not working. I did have to modify my theme to add the correct hooks. Before I did that it would just reload the signup page when you tried to register.

    I installed the plugin about 2-3 weeks ago and since then it has not blocked any spam. I installed a captcha to help protect for the moment but it doesn’t help either. These sploggers just create a blog and account, then I mark them as spam. I also block their ip’s on my server. I get 1-2 spam signups per day. Is there something I’m doing wrong or need to change? It tells me that 16% of my signups are spam but those are just the ones that got blocked before I added the correct hooks. It started at 60% and has gone down considerably since all the spam is getting through and it thinks it’s real.

Leave a Reply