121 Responses

  1. James July 24, 2011 / 8:46 pm

    Update 2.2.2 is uploaded, should be available shortly. This “should” fix the registration issue when running in network mode.

  2. Shannon August 4, 2011 / 2:41 am

    My security question is showing below the submit button, not above like on your site. How do I fix that?

    • James August 5, 2011 / 7:50 am

      Scroll to the lower portion of the plugins settings in wpadmin, there is instructions on how to do this.

  3. Sascha August 8, 2011 / 1:51 pm


    first off, I love this plugin.Simple, yet very effective.

    Now to the problem: I edited the notice message in my admin panel and wanted to put in line breaks with html tags, since the description says “You can use html here.” I thought that wouldn’t be a problem, but in fact, it was, cause it doesn’t work, no matter how often I try …

    After I hit the “Save Changes” button, the html just disappear in the text field and there are no line breaks.

    Any idea why? Is this maybe a bug? Am I just stupid? 🙂

    • Jen June 12, 2013 / 12:37 pm

      I had this issue as well (v.2.2.4). It removed the spans and ASCII encoded characters that I added. But I really like the simplicity of the plugin so I’ll just add the elements I need in the plugin files.

  4. Sascha August 8, 2011 / 2:08 pm

    Oh, btw, should’ve mentioned that in the first comment: Line breaks don’t work in the “Incorrect Answer Error Message” & “Empty Field Error Message” either. However, other html tags work, like making the text bold and stuff …

  5. Dale August 9, 2011 / 5:52 am

    Thanks for this 🙂 We could not find a good and simple answer to comments spam bots and yours worked a treat and first time!

  6. Nick Daugherty September 1, 2011 / 12:49 am

    For those of us who use Multisite with a caching plugin… does this work using PHP or Javascript?

    If a user gets served a cached page with an old math problem, will this still work?

  7. Proffitt September 20, 2011 / 9:12 pm

    Hi there – I installed and activated this plugin today, but I am still receiving TONS of spam constantly. Does it take any time to take effect?

    • James November 3, 2011 / 9:44 am

      No, and to be honest it’s not a high priority for me right now. The exploit isn’t an exploit against this plugin, it’s a WordPress exploit. I’ve talked to the WordPress people and suggested some changes they make and I have some enhancements to add to the plugin from their feedback that I will get in there sometime. Right now I’m caught up in finishing a deliverable for the J.O.B.

      Regardless, enhancing the plugin will not make the real vulnerability that exploit takes advantage of go away.

  8. max October 14, 2011 / 5:20 pm

    Is a there a way to remove the line “Security Question:” ??

    I tried to erase only the text, but the empty line remains…?!


    • James November 3, 2011 / 9:37 am

      Max, not without altering the code but that’s a great idea for an upgrade. For now, you can just comment out this line in the plugin file.
      echo '


      Should be around line 202.

  9. Sarah December 1, 2011 / 11:44 pm

    I installed this on a multisite, but it seems each site can set up their own settings. Is there a way to set the options once for the entire network?

  10. Justin Alexander December 2, 2011 / 4:09 am

    So, potentially bad news: This plugin took hundreds of plugins that were hitting my Akismet filter and killed them dead as a doornail. And they stayed dead for a long, long time. But starting yesterday afternoon, my spam filter has been getting slammed once again. I can only assume that somebody out there has cracked the plug-in and is auto-answering the math question.

    Not sure what can be done about it, but I’m hoping somebody cleverer than I will be able to modify the plug-in so that it can go back to killing my spam problem.

  11. Anders December 2, 2011 / 4:55 pm

    A small question:

    I have changed the value:
    define (‘BSBM_NOTICE_MESSAGE’,’Udfyld venligst ovenstående’);

    However it does not come through – it still displays.
    IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) 🙂

    I have gone around it by deleting:
    echo $options[‘bsbm_notice_message’];
    But can I do some kind of “refresh” instead?

    • Phil June 29, 2012 / 10:50 am

      Where is that located anders?

  12. Sky December 4, 2011 / 3:24 pm

    Thanks for the Spam block plugin! I am using Plugin 2.2.2 which has been working until yesterday when some people managed to populated bunch of spams on my blog.

    What could be the problem? Thanks.

    • James December 4, 2011 / 8:10 pm

      It depends on how they got in there. If your using Akismet that should catch any that manage to get past the plugin.

      • Sky December 5, 2011 / 2:21 pm

        Thanks, James. There are two or three random posts that full of garbage and mis-spelled words on some pages. I am currently not using payment required Akismet. Will have to find a free plugin similar to Akismet if any.

        • James December 5, 2011 / 5:50 pm

          Sky, you can still get Akismet free. You just need a personal key and donate $0.

          • Sky December 7, 2011 / 2:54 pm

            Thanks, James.

            I’ve installed a free plugin named Growmap Anti Spambot yesterday. There are no spams this morning so far. Hopefully, my blog will be spam free with your plugin and Growmap Anti Spambot activated.

  13. MC February 9, 2012 / 3:51 pm

    In the settings fields that allow HTML, how do I code a link? The typical HTML link code doesn’t work. Thanks.

    • MC February 9, 2012 / 4:15 pm

      And how about for multisites? Is there a way to apply it across the network or does it need to be activated on a site by site basis?

  14. Blaise March 28, 2012 / 3:33 am

    Hi ! I was just about to translate your plugin into the languages my blog is using when I noticed that version 2.2.3 is not quite “standard” as far as po/mo files are handled in wordpress… 🙁
    Were you by any chance looking for new possible enhancements ?

  15. The Dude April 16, 2012 / 1:00 pm

    The plugin has helped kill nearly 90% of spam, however, i am now starting to get some comment spam despite this plugin. I would suggest that authors of plugin extend/renew the options as the more popular it becomes, the more spammers will try to crack it.
    But overall, thumbs up for the plugin authors. The plugin works great and i am a very satisfied user.

  16. Tom April 23, 2012 / 6:21 am

    to begin with a praise to the good Captcha plug-in!

    I have in addition, however, one more question:

    If a visitor or member of my web page enters a wrong Captcha code, he is forwarded on an empty white page. I do not find this so good if visitors of the page are not any more on the real page and are not able in addition also any more about the ‘back-button’ back on the homepage!

    How can I change this that the user is escorted after a wrong input again to the homepage or to the formular?

    Tom (Germany)
    (Sorry for my bad english!)

  17. Phil June 29, 2012 / 10:06 am

    Can you remove the “IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)” all together? I just get a random yellow box

  18. bbpress July 5, 2012 / 6:24 am

    How to make this plugin work with bbpress forum plugin?

    Like solving the maths question before submitting new topic or before replying to any old topic?

    Please help

  19. Viklit July 15, 2012 / 2:41 pm

    I would absolutely love this but am on blogger – darn it.

  20. Jenn July 19, 2012 / 4:21 pm


    Thank you for such a fabulous plugin. I have a quick question – is there a way to manually add the code for the security check to the plugin WPTouch? It uses its own mobile theme. Thanks in advance!

  21. jolly August 7, 2012 / 10:43 am

    Hi – Can you help me to get the answer box for the math question to appear. I need to add a grey outline or background to it. I have tried turning off styling and on . Can you tell me which lines address the border and background in the bsbm.css to change to correct this.

    Thank you so much.

  22. Phil August 23, 2012 / 11:40 am

    Hi James – Just a small suggestion (if you haven’t had this one before) but a lot of people tab to the next box while filling in forms.

    On the log in screen with your plugin, the tab misses your question out and moves onto *Remember me

    Thanks for the plugin – Phil

  23. Gordon September 13, 2012 / 7:42 pm

    Hi James,

    Love your plug-in, but I have a couple suggestions.

    1) You should not be storing the answer to the math question directly on the client page. Right now there’s a couple hidden INPUT boxes named “mathvalue0” and “mathvalue1” which contain the numbers. Very easy for a bot to figure out how to scrape that off the page and answer correctly.

    Instead, store the answer in a session variable, which is stored server-side and inaccessible by a bot.

    2) The actual math question itself should be obfuscated, the text “What is 6 + 14” is plain enough that a semi-intelligent bot could see a blank input box below a textual math question and put two-and-two-together (pun intended!)

    Instead, the plug-in should generate an image of the number – the act of generating the image should fill the session variable I mentioned in (1). This will make it much much harder for a bot to “scrape” the page. As a bonus it makes it easy to then have a “refresh” button beside the image that can generates a new question if the user desired.

    You can throw some unique-IDs into the mix to prevent multiple simultaneous open tabs or windows from messing things up, although this would be a minor issue.

    I’m working on this right now for my own site. If you’re interested in the code when I’m done, shoot me an email.

    • Gordon September 14, 2012 / 12:36 pm

      James – I finished the code. I ended up using a salted hash for the answer instead of a session variable (that way there are no issues with multiple tabs etc.)

      Also, I found and fixed a bug where the “BSBM_EMPTY_ERROR” and “BSBM_ANSWER_ERROR” error messages were reversed – look near line 325.

      Can I send you the code? I can’t find you email anywhere on your site here.

      It’d be nice to have this code already in the repository so when I install your plugin for future customers of mine I don’t have to manually modify it every time.

  24. sky October 2, 2012 / 2:28 pm

    Hi James,

    Block Spam By Math has helped a great deal blocking those spams for quite some time. However, I’ve just found that there are 10-15 anti-aging cream spams on my blog today. Do you have any suggestions in blocking those annoying spams? Thanks.

  25. Anas October 12, 2012 / 5:28 pm

    Hello there,

    Thank you for the plugin.

    I am facing a couple of problems that could be related.

    1) The question is placed below the submit button. I tried to change it from the settings that you provided but whenver I change it from the default the question disappears.

    2) Another issue is that the answer field can’t be selected. In some browsers it would select with a double click and in others it wouldn’t at all.

    Could the second issue be because of the first?

    Would really appreciate your advice.

    Thank you.

  26. Robert Wilkins January 24, 2013 / 12:54 pm

    Seems like an awesome plugin. For some reason, I’m using it on an ecommerce site and the math ? does show up on new user registration, but it is not showing on “login” form for existing members. I have it set to show up for everyone so maybe it just can’t work with this scenario.

  27. Jacques Davis January 25, 2013 / 1:10 pm


    I love this plugin!

    Could you please provide specific instructions to make this work with another wonderful plugin, “Contact Form 7”.

  28. Nanako April 4, 2013 / 5:06 am

    After update (3.5.1), Block-Spam-By-Math-Reloaded doesn’t work.

  29. Kirsten April 11, 2013 / 9:34 am

    I installed the plugin and this is not showing up in my theme at all. How can I manually add it?

  30. nesthib April 14, 2013 / 6:16 pm


    It looks like in the version found on https://wordpress.org/extend/plugins/block-spam-by-math-reloaded/ the definition of the salt is erroneous. I had to replace the double quotes by single quote to prevent considering the salt as a PHP variable (“$2a$07$secretsaltstringASDFAS$” by default in the sources).

    As the generation of the salt and the crypt fail, the hashed value is always “*0” which allows any answer to validate the comment.

    Replacing the double by single quotes is sufficient to solve the problem.

  31. Douglas November 18, 2013 / 12:23 pm

    Noted that the block spam by math is no longer showing up on the comment form. Did something change?

Leave a Reply

Your email address will not be published. Required fields are marked *