Raven’s antispam, a plugin

Published: On Tuesday, August 26, 2008


Raven's antispam is a WordPress plugin, powerful and invisible fighter against comment spam. It works on a priciple (afaik) invented by Jakub Vrána: visitors with enabled JavaScript see nothing – no annoying questions, no captcha, nothing. Just (visually) untouched comment form. Users with disabled JS see an additional text-field and a word that must be rewritten into textfield. (If it's not, then an error page is displayed.) Simply clever. (original explanation in czech)


Low-traffic sites can live just with Raven's antispam, no other plugin is needed. At more popular websites it's sometimes necessary to use it in combination with (for example) Akismet. Since Raven's antispam can't check trackbacks (because of its spam recognizing method), it's also recommended to secure this door with Simple Trackback Validation or Bad Behaviour. But in many cases can the Raven's antispam alone mean a sufficient protection.


Download newest Raven's antispam (10 KB, *.ZIP)

Installation (as usual)

  1. Unpack the archive and copy the entire folder into your wp-content/plugins directory
  2. Activate Raven's antispam plugin (Administration → Plugins)
  3. Enjoy your blogging without spam

Other info

  • Licence: GNU/GPL
  • actual info (official plugins repository)
  • Thanks for your donations or other ways of support are very appreciated.
  • Included translations: Czech, Russian (thanks Ptath)


  • I activated the plugin, but after sending a comment it shows „You didn't answer the antispam question…“? → The problem is most probably in your template file comments.php. Inside the form element there should be this code somewhere: <?php do_action('comment_form', $post->ID); ?>. If it's missing, add it.
  • Didn't the homepage of R.A. change recently? → Yes, it did. This place is in my opinion more adequate. Old comments archive.

Any problems?

Please, if you'll experience any kind of problems (caused by Raven's antispam), let me know about it, so I can possibly fix it.


  1. 1.  Stargazer wrote: On October 24., 2008 comment number 1

    Does it work with WP 2.7 (beta)?

  2. 2.  Kahi [author] wrote: On October 24., 2008 comment number 2

    @Stargazer: Yes

  3. 3.  Leo wrote: On November 26., 2008 comment number 3

    Thanks much for this plugin. So neat!

  4. 4.  Kate Foy wrote: On December 19., 2008 comment number 4

    thanks for the plug-in. You can never have too much protection against those pesky spammers … but hey, I wanted to say what a lovely theme design you have here on your blog. Thumbs up!

  5. 5.  SE7EN wrote: On January 3., 2009 comment number 5

    Is it possible to see how many times spam comments are blocked by this plugin?

  6. 6.  Kahi [author] wrote: On January 3., 2009 comment number 6

    SE7EN, you can compare total comments-count with the ID of the last one. Difference is the number of removed comments – can be silimar to number of blocked comments (that is not directly measured, like Akismet does).

  7. 7.  SE7EN wrote: On January 5., 2009 comment number 7

    So that means automated spam comments blocked by this plugin are atill record on the db, right?
    I'm comparing this plugin to WP-Spamfree

    WP-Spamfree don't allow automated comment to fill in the db from the first place, so the comment id don't run. It says „The beauty of this plugin is the methods of blocking spam. It takes a different approach than most and stops spam at the door“

    but it forces visitors who want to comment to turn on their JS, while your plugin provide the alternative for non-JS visitors.

    I use WP-Spam free at my old blog. Now I'm deciding which one to use, yours or WP-Spamfree, on my new blog, due to the non-JS visitors problem as state

  8. 8.  Kahi [author] wrote: On January 5., 2009 comment number 8

    Se7en, as far as I know, you can't write WP plugin that stops spam „at the door“. So Raven's AS lets comment to be saved to DB and only after that it can check the „spam status“. If RAS consider a comment to be spam, it's deleted. Spam is no longer in DB but the ID grows.

  9. 9.  karel wrote: On January 28., 2009 comment number 9

    Love the plugin – thank you for updating I’m having trouble with the new blog signup page, specifically the confirmation page. The wphc_value hidden input field is added on the signup_hidden_fi­elds hook. There is no form on the confirmation page, so no hidden fields, and I’m seeing javascript errors on the confirmation page when it tries to assign a value to wphc_value.

    That the plugin loads at all (at least the javascript in the header on wphc_posthead) seems to be driven by the fact that is_page() returns true on wp-signup.php. I am guessing that is a core bug or is that the way is_page() should function?

    The fix might be adding the form/hidden input fields to the signup_finished ho­ok?

  10. 10.  Kahi [author] wrote: On January 28., 2009 comment number 10

    @karel, thanks for notifying me. Now I hear about this issue for the first time. I will look at details later, hopefully this week. By the way, are you sure that these errors are shown after RAS' deactivation too? This public version should touch nothing else than the comment-processing, so bugging at signup sounds little bit weird…

  11. 11.  Chris wrote: On February 24., 2009 comment number 11

    I would like to change the answer. How do I do that?

  12. 12.  Kahi [author] wrote: On February 24., 2009 comment number 12

    @Chris – find function GenerateAnswer and after { insert return 'asdf';

  13. 13.  MAn wrote: On April 11., 2009 comment number 13

    Lo probaré a ver como me funciona.

  14. 14.  Mr. I wrote: On April 28., 2009 comment number 14

    Hi Kahi, The WordPress page of this plugin says it works only upto 2.6 while I have tested it successfult on 2.7.1 It has been running for a month and is wonderful. Great Job!

  15. 15.  Kahi [author] wrote: On April 29., 2009 comment number 15

    @Mr. I: Thank you, I'll update that information probably with publishing WP 2.8 (coming soon).

  16. 16.  Mr. I wrote: On April 29., 2009 comment number 16

    I wonder why it is not mainstream like many overhyped ones! Many other plugins are promoted heavily and are good for nothing. One such plugin that added extra fields blocked 90% of my commentators(Thanks to cFroms plugin which let them contact me). Another one did the most interesting thing! It blocked me from commenting on my own blog. Wheen I tried replying from dashboard, I got message: „Goodbye Spammer“ complete with a dancing smiley!

    Yours was recommended by @doreo on Twitter and I must say that its the best solution against captcha for bloggers like me who do not want to add captchas for every reader(theya re very annoying!)

  17. 17.  Kahi [author] wrote: On April 30., 2009 comment number 17

    @Mr. I, I'm not sure. I think most of the people are satisfied with Akismet (packed with WP) and default strict hold-for-moderation settings (and they care about SEO and other „important“ thing at the first place). I could write more about this but your question was rather rhetorical, wasn't it.

  18. 18.  Christopher wrote: On August 7., 2009 comment number 18

    This plugin is not compatible with wordpress 2.8.2 version. When people put the correct code in it doesn't accept the comment. Needs to be updated.


  19. 19.  Kahi [author] wrote: On August 7., 2009 comment number 19

    @Christopher, thank you for letting me know. But – I can't simulate the problem – on my installation of WP 2.8.3 it works well. Possible problem might be in incompatible browser – do you know in which browser/versi­on/platform the problem happens? Plus: are you absolutely sure the the code&field actually was displayed and the code was coppied correctly? Thanks.

  20. 20.  Christopher wrote: On August 8., 2009 comment number 20

    Hi Kahi,

    I had the plugin set up so that it wouldn't reveal the code. In other words, I left the box unchecked. So I don't know why this happened. But it did happen to at least two people that I am aware of who tried to leave comments.

  21. 21.  Kahi [author] wrote: On August 8., 2009 comment number 21

    @Christopher, I have an idea – check the comments.php (the file with comment-form) whether the do_action('comment_form', $post->ID); code is before the submit-input. If not, please try to move it up…

  22. 22.  Emily wrote: On December 21., 2009 comment number 22

    This isn't working with WP2.9, just FYI- tells people they didn't answer the antispam question correctly, where there is no antispam question to answer!

  23. 23.  Kahi [author] wrote: On December 22., 2009 comment number 23

    @Emily, please see the FAQ above. According to my experience, this plugin works fine with 2.9.

  24. 24.  had wrote: On June 24., 2010 comment number 24

  25. 25.  Kahi [author] wrote: On June 25., 2010 comment number 25

    ↪ had Dík, možná se inspiruju při aktualizaci R.A.

  26. 26.  marek wrote: On July 25., 2010 comment number 26

    Chrání to i proti registraci spam uživatelů?

  27. 27.  Kahi [author] wrote: On July 25., 2010 comment number 27

    ↪ marek Ne, zatím ne, na to je třeba najít jiný plugin… :(

  28. 28.  marek wrote: On July 26., 2010 comment number 28

    To kahi: Dík za odpověď. Asi o žádném takovém náhodou nevíš, že?

  29. 29.  Kahi [author] wrote: On July 26., 2010 comment number 29

    Nevím, ale něco tam href=„http://­wordpress.org/ex­tend/plugins/se­arch.php?q=re­gistration&sor­t=“ rel=„nofollow“>http:/­/wordpress.or­g/extend/plugin­s/search.php?q=re­gistration&sor­t= přece být musí. Měl jsem to kdysi rozpracované i pro tento plugin, ale pak jsem to už nevím proč zrušil.

  30. 30.  pip wrote: On February 3., 2011 comment number 30

    nice plugin, seems to stop the spam for me ^__^

  31. 31.  Julian wrote: On June 8., 2011 comment number 31

    Kahi, I have discovered that the plugin is generating code which is not XHTML 1.0 valid.

    When running pages of my site through the W3 Markup Validation service it says „id and name attributes must begin with a letter, not a digit“

    Can you tell me how can I alter your code so that the generated input name and id attributes only ever start with a letter?


  32. 32.  Kahi wrote: On June 11., 2011 comment number 32

    ↪ Kahi May I see the page (URL) where it happens?

  33. 33.  Julian wrote: On June 24., 2011 comment number 33

    Hi Kahi, pages on the site that have a comment form, e.g. http://www.jton­line.info/gues­tbook/ don't pass validation.

    See http://valida­tor.w3.org/chec­k?uri=http%3A%2­F%2Fwww.jtonli­ne.info%2Fgues­tbook%2F&char­set=%28detect+au­tomatically%29&doc­type=Inline&grou­p=0&ss=1

    The first error that comes up is to do with the Facebook share button code and there doesn't seem a way around that, which is annoying.

    The next two errors are the one's I refered to in my post above.

    I'm trying to get my site to pass the w3c validation process with as few errors as possible.

  34. 34.  Kahi [author] wrote: On June 28., 2011 comment number 34

    ↪ Kahi [author] http://cl.ly/130V0943­2×3w3A1d1M3n Please download, unpack, upload, replace? Yes! It should be fine now :-).

  35. 35.  Julian wrote: On July 21., 2011 comment number 35

    Kahi, I've downloaded and replaced the file as you suggested and the ‚problem‘ is now fixed. Many thanks for the update.

I quit working with WordPress, comments are closed. My plugins will not be updated any more – at least not by me. Feel free to modify my source codes though… Also I am not able to provide support, sorry. –Kahi