Security Enhancements

This is probably very old-hat to many sites, however this is a relatively new feature for us and not something we've really needed before. The idea it to make the user enter something at registration time that a bot can't possibly know, or in this case see.

The Plone product we've chosen is PloneCaptcha which utilises a free service proided by http://captchas.net, essentially they generate a "random" graphic on demand which is displayed as part of the login process. To complete the login process the user must correctly interpret the graphic and enter the code contained within the graphic.

CAPTCHA is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart. (memorable huh!) Let's see if it filters out some of the idiots who seem to have nothing better to do.

Quick Plone Howto

For anyone wanting to implement this on their own Plone site, assuming you already have the PloneCaptcha product installed, all you need to do is;

1. Register with http://captchas.net and get a username / password (or "key" as they call it)
2. Insert these into PloneCaptcha.py in the PloneCaptcha Products folder
   
3. Customise plone_login/join_form
4. Add the following code wherever you want the Captcha to appear

     <div class="row" tal:define="error errors/captcha|nothing"
          tal:attributes="class python:test(error, 'field error', 'field')"> 
         <div tal:content="error">Validation error output</div>
         <div metal:use-macro="here/captcha/macros/edit" />
     </div> 
   

5. Edit the validators for Join form and add;

   validate_captcha

6. And you're off!

That should be all you need to do to protect your site from automated bogus registrations, and it's all free! That said if you want to donate to the captchas.net project then for 120 EUR you can have the Catchpa images without "captchas.net" printed in the bottom right hand corner ... :)