Integrating VouchSafe with WordPress
To get started with VouchSafe, you need to do the following:
- Create an account and register your domain with us to get a public / private key pair for your website.
- Download the VouchSafe plugin for WordPress from the VouchSafe downloads page.
The guide below will give you step-by-step instructions for installing and configuring VouchSafe on your WordPress website or blog.
- Log into the administration console on your WordPress site, (yoursitename.com/wp-admin).
- Select the plugins tab and Press the “Add New” Button.
- Press the “Upload” button.
- Select the wp_vouchsafe.zip file and press the “Install Now” button to upload and install it.
- Once the package has been uploaded and installed, press the “Activate Plugin” button to activate it.
- You need to configure the VouchSafe plug-in before it will work, so open your “Plugins” tab again to list all your plugins, find the “VouchSafe” plugin, and press the “edit” button to edit the settings.
- As soon as you do this, you will be prompted to enter your key values to activate the plugin and to activate your account on VouchSafe.
- If you haven’t already done so, log into your account on console.vouchsafe.com. If you don’t have an account, register for one by clicking on the “Register” tab.
- Once you’ve registered, you’ll have the option to change your password, or to create a new key pair. Press the “Create a new KeySet” button to set up VouchSafe for your domain.
- You’ll be presented with the management pop-up for a new keyset. Here you can type in your top-level domain name, and configure the way VouchSafe will be presented on your website. In general, you should not select the “Global” option, (this is for use where you want to be able to publish VouchSafe validated content on other websites).
You can select the button style, the interface style, and the background color for the VouchSafe pop-up. When you’re done, press the “Create KeySet” button to generate a key pair for your domain.
- You should now see the new key pair for your domain, (shown highlighted in the image below). These are the values you need to copy into the plugin configuration form on your WordPress website. You can always change the settings for your site later on by logging back into your account and pressing the “Edit” button for your keyset. If you wish, you can manage multiple domains from the same VouchSafe account by simply creating new keysets.
- Now simply paste your key values into the configuration screen for the VouchSafe plugin, and select whether you want it to validate comments, user registration, or both, (we recommend both). If you wish, you can also edit the error messages that appear if a user fails to complete validation or submits a wrong answer.
And that’s it. If you attempt to create a new user account or to leave a comment on a blog post, you should now see the VouchSafe button just above the submit button for the form. If you click on the button, the VouchSafe challenge should appear with the color combinations you selected. In the picture shown here, we’re using the “gunmetal” interface with a black overlay.
Important Note: Security Issues Relating to WordPress
VouchSafe is an effective barrier to spammers IF users are required to interact with the VouchSafe validation. However, in developing a plugin, we can’t directly address issues relating to individual WordPress configurations, or the interaction between other plugins that users may or may not have installed in their particular website configuration.
There is an issue specific to WordPress, wherein spammers have learned that they can bypass form validation altogether by exploiting Trackbacks. You’ll know this is happening if you start to get spam without getting notifications of new messages – the spammers are simply bypassing the comment mechanism and any spam prevention system that you might have installed to validate input.
Not every WordPress template supports the trackback block, but if you experience difficulty with this issue, you have two choices:
- You can simply disable Trackbacks by selecting Settings -> Discussion in your administration console and unchecking the “Allow Link Notifications from other blogs (pingbacks and trackbacks)” option.
- You can install a separate plugin created to address this particular WordPress issue. You can find that plugin in the WordPress plugins directory at this URL: http://wordpress.org/extend/plugins/simple-trackback-validation/