Preventing Bot Attacks on WordPress using No Captcha reCaptcha

你们需要为假冒建立一个环境网页,使语言管理员能够安装从Captcha行政小组检索的现场关键和秘密钥匙。

function 
no_captcha_recaptcha_menu()
{
    add_menu_page( "reCapatcha Options", "reCaptcha Options", "manage_options", "recaptcha-options", "recaptcha_options_page", "", 100 );
}

function recaptcha_options_page()
{
    ?>
        <span class="wrap">
        <h1>reCaptcha Options</h1>
        <form method="post" action="options.php">
            <?php
                settings_fields( "header_section" );
                do_settings_sections( "recaptcha-options" );
                submit_button();                     
            ?>          
        </form>
    </span>
    <?php
}

add_action( "admin_menu", "no_captcha_recaptcha_menu" );

function display_recaptcha_options()
{
    add_settings_section( "header_section", "Keys", "display_recaptcha_content", "recaptcha-options" );

    add_settings_field( "captcha_site_key", __("Site Key"), "display_captcha_site_key_element", "recaptcha-options", "header_section" );
    add_settings_field( "captcha_secret_key", __("Secret Key"), "display_captcha_secret_key_element", "recaptcha-options", "header_section" );

    register_setting( "header_section", "captcha_site_key" );
    register_setting( "header_section", "captcha_secret_key" );
}

function display_recaptcha_content()
{
    echo __(  <p>You need to <a href="https://www.google.com/recaptcha/admin" rel="external">register you domain</a> and get keys to make this plugin work.</p>  );
    echo __( "Enter the key details below" );
}
function display_captcha_site_key_element()
{
    ?>
        <input type="text" name="captcha_site_key" id="captcha_site_key" value="<?php echo get_option( captcha_site_key ); ?>" />
    <?php
}
function display_captcha_secret_key_element()
{
    ?>
        <input type="text" name="captcha_secret_key" id="captcha_secret_key" value="<?php echo get_option( captcha_secret_key ); ?>" />
    <?php
}

add_action( "admin_init", "display_recaptcha_options" );

让我们看看上述法典如何运作:

We created a settings page on the WordPress admin dashboard.

This settings page displays two input text fields for site key and secret key.

These keys are stored as WordPress options. We name the options as site_key and secret_key

Preventing Comment Spams

#submit { display: none; }

上述法典藏在《语言压力评论》表中的提交纽芬兰语,这样,我们就可以将回Captcha盒放在提交书的纽特文上,用手工方式插入提交书纽和回Captcha盒。

这里的法典是将重新定位于评论形式。

add_action( "wp_enqueue_scripts", "frontend_recaptcha_script" );

function frontend_recaptcha_script()
{
    if( get_option(  captcha_site_key  ) && get_option(  captcha_secret_key  ) )
    {
        wp_register_script( "recaptcha", "https://www.google.com/recaptcha/api.js" );
        wp_enqueue_script( "recaptcha" );

        $plugin_url = plugin_dir_url( __FILE__ );

        wp_enqueue_style( "no-captcha-recaptcha", $plugin_url . "style.css" );
    }   
}

add_action( "comment_form", "display_comment_recaptcha" );

function display_comment_recaptcha()
{
    if( get_option(  captcha_site_key  ) && get_option(  captcha_secret_key  ) )
    {
        ?>
            <span class="g-recaptcha" data-sitekey="<?php echo get_option(  captcha_site_key  ); ?>"></span>
            <input name="submit" type="submit" value="Submit Comment">
        <?php   
    }

}

add_filter( "preprocess_comment", "verify_comment_captcha" );

function verify_comment_captcha( $commentdata )
{
    if( isset( $_POST[ g-recaptcha-response ] ) )
    {
        $recaptcha_secret = get_option(  captcha_secret_key  );
        $response = file_get_contents( "https://www.google.com/recaptcha/api/siteverify?secret=" . $recaptcha_secret . "&response=" .$_POST[ g-recaptcha-response ] );
        $response = json_decode( $response, true );
        if( true == $response["success"] )
        {
            return $commentdata;
        }
        else
        {
            echo __( "Bots are not allowed to submit comments." );
            return null;
        }
    }
    else
    {
        if( get_option(  captcha_site_key  ) && get_option(  captcha_secret_key  ) )
        {
            echo __( "Bots are not allowed to submit comments. If you are not a bot then please enable JavaScript in browser." );
            return null;    
        }   
        else
        {
            return $commentdata;
        }
    }
}

让我们看看上述法典如何运作:

We en-queued Google s reCaptcha JavaScript file to WordPress frontend by using wp_enqueue_scripts action.

We also en-queued the style.css file using wp_enqueue_style

Inside the comment form we display the checkbox using comment_form action.

When the comment is submitted and before inserting it to the database, WordPress calls the preprocess_comment filter. Inside the filter we check if the user is human or bot. If human then we return the comment to be inserted otherwise we return null to prevent the comment from being added to database.

Preventing Brute Force Login Attacks

add_action( "login_enqueue_scripts", "login_recaptcha_script" ); function login_recaptcha_script() { if( get_option( captcha_site_key ) && get_option( captcha_secret_key ) ) { wp_register_script( "recaptcha_login", "https://www.google.com/recaptcha/api.js" ); wp_enqueue_script( "recaptcha_login" ); } } add_action( "login_form", "display_login_captcha" ); function display_login_captcha() { if( get_option( captcha_site_key ) && get_option( captcha_secret_key ) ) { ?> <span class="g-recaptcha" data-sitekey="<?php echo get_option( captcha_site_key ); ?>"></span> <?php } } add_filter( "wp_authenticate_user", "verify_login_captcha", 10, 2 ); function verify_login_captcha( $user, $password ) { if( isset( $_POST[ g-recaptcha-response ] ) ) { $recaptcha_secret = get_option( captcha_secret_key ); $response = file_get_contents( "https://www.google.com/recaptcha/api/siteverify?secret=" . $recaptcha_secret . "&response=" . $_POST[ g-recaptcha-response ] ); $response = json_decode( $response, true ); if( true == $response["success"] ) { return $user; } else { return new WP_Error( "Captcha Invapd", __( "<strong>ERROR</strong>: You are a bot" ) ); } } else { if( get_option( captcha_site_key ) && get_option( captcha_secret_key ) ) { return new WP_Error( "Captcha Invapd", __( "<strong>ERROR</strong>: You are a bot. If not then enable JavaScript" ) ); } else { return $user; } } }

让我们看看上述法典如何运作:

We en-queued Google s reCaptcha JavaScript file to WordPress admin login, registration and lost password pages by using the login_enqueue_scripts action.

We displayed the checkbox using the login_form action.

Before producing the final authentication result, WordPress runs the wp_authenticate_user filter to let us add a extra vapdation step. We check if the user is bot or human inside this filter. If its human we return the user object else we return and WordPress error object.

Preventing Creation of Fake Accounts

add_action( "register_form", "display_register_captcha" ); function display_register_captcha() { if( get_option( captcha_site_key ) && get_option( captcha_secret_key ) ) { ?> <span class="g-recaptcha" data-sitekey="<?php echo get_option( captcha_site_key ); ?>"></span> <?php } } add_filter( "registration_errors", "verify_registration_captcha", 10, 3 ); function verify_registration_captcha( $errors, $sanitized_user_login, $user_email ) { if( isset( $_POST[ g-recaptcha-response ] ) ) { $recaptcha_secret = get_option( captcha_secret_key ); $response = file_get_contents( "https://www.google.com/recaptcha/api/siteverify?secret=" . $recaptcha_secret . "&response=" . $_POST[ g-recaptcha-response ] ); $response = json_decode( $response, true ); if( true == $response["success"] ) { return $errors; } else { $errors->add( "Captcha Invapd", __( "<strong>ERROR</strong>: You are a bot" ) ); } } else { if( get_option( captcha_site_key ) && get_option( captcha_secret_key ) ) { $errors->add( "Captcha Invapd", __( "<strong>ERROR</strong>: You are a bot. If not then enable JavaScript" ) ); } else { return $errors; } } return $errors; }

让我们看看上述法典如何运作:

We displayed the checkbox using register_form action.

Before producing the final authentication result WordPress runs the registration_errors filter to let us add a extra vapdation step. We check if the user is bot or human inside this filter. If its human we return empty error object else we add a add to the error object and return it.

Preventing Bots Submitting Lost Password Form

add_action( "lostpassword_form", "display_login_captcha" ); add_action( "lostpassword_post", "verify_lostpassword_captcha" ); function verify_lostpassword_captcha() { if( isset( $_POST[ g-recaptcha-response ] ) ) { $recaptcha_secret = get_option( captcha_secret_key ); $response = file_get_contents( "https://www.google.com/recaptcha/api/siteverify?secret=" . $recaptcha_secret . "&response=" . $_POST[ g-recaptcha-response ] ); $response = json_decode( $response, true ); if( true == $response["success"] ) { return; } else { wp_die( __( "<strong>ERROR</strong>: You are a bot" ) ); } } else { if( get_option( captcha_site_key ) && get_option( captcha_secret_key ) ) { wp_die( __( "<strong>ERROR</strong>: You are a bot. If not then enable JavaScript" ) ); } else { return; } } return $errors; }

让我们看看上述法典如何运作:

We displayed the checkbox using lostpassword_form action.

Before producing the final password reset pnk WordPress runs the lostpassword_post action to let us add a extra vapdation step. We check if the user is bot or human inside this filter. If its human we return nothing else we kill the script with an error message.

Final Thoughts

该网站是保护你网站不受机器人影响和增加用户友善的新途径。 http://qnimate.com/how-does-googles-no-captcha-recaptcha-work/ 谷歌利用这种新型的帽子在内部检测机器人或人体。 一旦你把这一句子纳入你的话语的话,你就会写下以下经验。