Hashcash protects your website against spam
We have all suffered a spam attack on our WordPress blog or website, in the vast majority of websites we use a captcha system, in which we have to introduce the solution to a visual test, which in principle the machines would not be able to solve. With the appearance of Hashcash we can protect our WordPress blog or web page against spam or brute force attacks regardless of annoying captchas.
Hashcash has caught my attention because it is a fairly practical and clean solution compared to traditional captchas. Traditional captchas can become frustrating, solve again and again endless strings of text that sometimes require considerable effort to obtain the solution. Many times the traditional captcha is the decisive element that prevents a good user from leaving a comment on our blog, because they are really annoying and break the flow of user activity.
Many will be thinking that there are also audio captchas, but they are even worse than visuals. The point is that captchas are still used because there is no other more practical method to replace it , but Hashcash seems like a great alternative.
What is Hashcash and how does it work?
Hashcash offers us a new method to keep our websites free of spam comments and protected against brute force attacks. They have a web page with information but it is entirely in English Hashcash.io
How does Hashcash work?
Hashcash forces users to solve a series of mathematical operations, but these are solved by the browser itself using the technologies Asm.js, HTML5 and Web Workers.
When it is applied to WordPress with the official Hascash plugin for WordPress , what we get is to protect the login forms and the sending of comments. The buttons on these forms remain deactivated until the Hashcash button is pressed and the browser finishes solving the mathematical operations.
In the following images we see how a progress bar is shown until the operations are finished and the active form buttons are shown.
One of the options offered by the plugin is to establish the difficulty of the mathematical operations to be performed. The more difficult they are, the longer it will take to get the solution and unlock the form.
Disadvantages and advantages of Hashcash compared to traditional captchas
We will start by naming some of the advantages of this anti spam system:
- Clean integration in web pages.
- The effort to solve the captcha is done by the machine and not the person.
- Protects against spam and brute force attacks.
- It has an API to facilitate the integration of Hashcash in any website.
Disadvantages or disadvantages of Hashcash:
- Despite being annoying to spam bots, it does not offer total protection.
- Compatible only with modern browsers:
- Google Chrome 7+
- Mozilla Firefox 4+
- Internet Explorer 10+
- Opera 11.6+
- Safari 5.1+
- Android Browser 4.4+
- iOS Safari 5+
- Blackberry Browser 10+
- As it depends on the hardware, in computers with few resources this system can be extremely slow.
- Interrupts the user’s activity flow with timeouts.
In short, I had been excited about this system so clean and not very intrusive, but after trying it thoroughly, the fact of requiring a modern browser hardware and stop making it viable . There is a demo available on which I have done several tests. On my PC with approximately one year old hardware (Windows 7 64bit, Intel Core i5 3570k CPU, 8GB of RAM) the operations were resolved in less than 10 seconds while a test on my Sony Xperia P smartphone, which already has several years, it took a minute to get the solution and unlock the form . One minute is an unacceptable waiting time, so this system is completely discarded in websites that can receive visits from mobile devices .
In Vozidea we continue to bet on Akismet and dispense with annoying captchas, for now it is the system that has given the best results, although it must be said that an average of 150 spam comments are blocked per day with the consumption of resources that this entails.