The longer we talk, the more adamant that most are that “the CAPTCHA should’ve worked”. It takes a while, but after a while we’re able to explain that not only will CAPTCHA not work, it’s pretty much never worked.
Back in 2008, James Edwards at Sitepoint wrote an excellent article called “Beyond CAPTCHA: No Bots Allowed!” outlining the problems with CAPTCHA at the time. I’m not going to rehash it, but it’s been over five years since that blog post and pretty much nothing has changed in favor of CAPTCHA. In fact, I’d argue that things have only gotten worse as bot technology has gotten better. Gone are the good old days of PHP and Perl running a list of commands one after the other with no UI, now we’re to the point in technology where we can fully automate real web browsers with plugins set to solve the CAPTCHA themselves or take screenshots of the CAPTCHA for third parties to solve.
Seriously. Most people don’t know this, but there are a whole host of services that do outsourced CAPTCHA solving. Starts at $0.70 per 1,000 images with each one done in under 15 seconds. It’s basically “Phone a Friend” for bot spammers. At this point the only people who have trouble reading CAPTCHAs are your actual users – not the bots.
So what is a website owner to do? The answer is simple: turn to more evolved systems to deal with more evolved bots.
One system to help cut down on form spam is Akismet from the team over at Auttomatic, the makers of WordPress. Akismet works by taking the data submitted to your website, validating it against their externally hosted API, and returning back to you whether they believe the submission is coming from a real person or a bot. For years it’s been the standard for WordPress form spam reduction and an absolute no-brainer for those of you fighting WordPress form spam.
There’s also what we do here at Web Secure Services. It doesn’t matter whether the bot comes to your website to spam your forms or steal your data, we’ll block it and make sure it doesn’t come back to your website or anyone else on our network. There’s no additional code to install or maintain and, most importantly, no more development time devoted to keeping your forms spam free. You can get back to building and growing your business.
CAPTCHAs were born 13 years ago and since then there have been nonstop efforts and research done into circumvention and a lot of it has proven very successful.