Sabre Wordpress Plugin - Rating, Reviews, Demo & Download
Plugin Description
Sabre is an acronym for Simple Anti Bot Registration Engine.
It’s a set of counter measures against spam registration on your blog.
Your visitors are granted permission to register freely on your blog and now you are plagued by fake users automatically created by spammers? Sabre is the solution to stop definitely these robotized visitors!
List of available features:
- Inclusion of a captcha in the registration form
- Selection of the captcha’s complexity
- Selection of the background colour for the captcha image
- Inclusion of a math test in the registration form
- Selection of the math test’s complexity
- Inclusion of a text test in the registration form
- Random or fixed choice of the test to run
- Unobstrusive tests to detect if registration is done by humans or not
- Registration blocked if Javascript is unsupported by the browser
- Registration blocked if visitor’s IP address is found on ban lists
- The site administrator can validate the user registration (monosite only)
- The user can validate his registration by clicking on a link sent by mail (monosite only)
- Limited number of days for user confirmation. Without beeing confirmed within the period of time, the user account is disabled (monosite only)
- Log on prohibited before user confirmation (monosite only)
- User is allowed to choose his password when registering on the site (monosite only)
- User must agree with a warning text, disclaimer or general policy note when registering
- User must give an invitation code during registration
- Main statistics displayed on the site’s dashboard
- Custom logo on logon/registration screen (monosite only)
All these features are activated by parameters. Thus, Sabre is flexible enough and fits the protection policy you define for your blog.
NOTE 1:
For WordPress 3.0 or higher in mono or multisite modes, use Sabre 1.2.2
For WordPress 2.5 to 2.9.x, use Sabre 1.1.2
For WordPress prior to 2.5, use Sabre 0.6.3
NOTE 2:
If you are upgrading from a previous install, don’t forget to deactivate Sabre before overwriting the older files with the new ones. Then activate it again so Sabre can apply the required database and options updates.
Documentation
All the functions of Sabre are located in the Tools >> Sabre tab of the administration environment.
Sabre interface is divided into five tabs:
1) “General options”
First, some numbers related to valid, invalid and pending confirmation registrations are displayed.
Then, you can find the parameters of Sabre:
1a) Captcha Options
Click on the checkbox “Activate captcha” to display, in the registration form , a characters string that the user will have to copy back.
The other captcha’s parameters will let you define the string’s length, valid characters used to generate the random string as well as the background colour of the image, number and type of graphic objects used to “blur” the string.
The captcha is based on QuickCaptcha 1.0 from Web 1 Marketing, Inc released under GNU GPL.
1b) Math Options
Click on the checkbox “Activate math test” to display, in the registration form , an arithmetic operation. The user will have to give the result.
The other parameter let you define the valid operations the plugin will choose from. Recognized operations are addition, substraction and multiplication. The plugin will choose randomly two numbers between 1 and 20 and one of the listed operations.
1c) Text Options
Click on the checkbox “Activate text test” to display, in the registration form , a random word. The user will have to give the n-th letter of this word.
This is an alternative to the graphic captcha for those who dislike it.
1d) Sequence of tests
Select “All” to add all the active tests in the registration form.
Select “Randomly” and the plugin will choose one of the tests, active or not.
1e) Stealth Options
Click on the checkbox “Enable stealth test” to activate a set of internal tests that try to detect if the current registration is done by a human being or not. These tests doesn’t interact with the user and run undetected for a regular human registration.
These tests include the following:
- Control that the registration form is loaded before the answer is sent to the server.
- Control that the IP adress of the requester is the same when the form is sent back.
- Control that the browser used to register has Javascript capabilities as many spambots lack them. You can choose to reject the registration in such case, clicking on the checkbox “Block if Javascript unsupported”.
- Control that the Javascript capability is not faked.
- Control that the registration is done within a maximum period of time. You can set this period (in seconds) under “Session time out”. Try to maintain this number as low as possible for security reasons but high enough to let a human fill the registration form. Default value is 5 minutes (300 seconds).
- Control that the registration form is possibly filled by a human, in a minimum amount of time. A spambot will spend very little time to fill the form and send it to the server compared with human possibilities. You can set this minimum amount of time (in seconds) under “Speed limit”. Default value is 5 seconds.
- Control that IP address is not banned by DNSBL servers. You can turn on/off this control, clicking on the checkbox “Check DNS Blacklists”.
1f) Confirmation Options
Confirmation Options are not available in multisite mode. The built-in registration features of WordPress will be used.
Select the correct item on the dropdown list “Activate confirmation” to force the user or the blog administrator to confirm the registration on your blog.
- None: No confirmation is required. (default)
- By user: User must confirm his registration. When this option is activated, the registering user will receive his user id and password by mail as usual. He is also asked to confirm his registration within x days following a link added to the mail. During this period of time, the user account is waiting for the confirmation but usable to connect to the blog. If the confirmation is not done in the due time, the account will become unusable.
- By admin: The registration needs the administrator’s confirmation to be activated. When this option is activated, the registering user will receive his user id and password by mail as usual but the account is not usable to connect to the blog until administrator’s validation. Upon confirmation, a mail is sent to the user.
The next three parameters are effective only if user confirmation is required.
Number of days lets you give a period of time (in days) for the user to confirm his registration before the account becomes unavailable.
By clicking on the “Deny early sign-in” checkbox, you can prevent the connection of the new user until confirmation of his registration.
If you want to receive a mail whenever a user confirms its registration, click on the “Send mail when confirmed” checkbox.
If you want to suppress automatically the user account created by WordPress when the registration is cancelled, just click on the “Suppress unregistered users” checkbox. This option will be taken into account either in a manual cancelation or in case of exceeded period of time. Keep in mind that all the posts and links owned by the suppressed user account will be deleted as well.
IMPORTANT : The users with “edit_users” capability will not be controled. Then, it is always possible to use the default admin account created by WordPress during the blog installation.
1g) Policy Options
Click on the checkbox “Enable policy agreement” to force the user to acknowledge the fact that he read the rules of use of your blog before registration.
Give a title to your text block filling the “Policy name” input box. You can choose names like Disclaimer, Licence agreement, General policy, etc…
If you have a dedicated policy page on your site, you can enter its URL in the “Policy link” input box. When displaying the registration form, the user will see a link to this URL. The link’s text will be the Policy name entered above. The URL can be a WordPress page or an external html file.
If you don’t have a dedicated policy page, just write down the text of your disclaimer in the “Policy text” input box. Just write plain text. HTML tags are not allowed.
1h) Invitation Options
Click on the checkbox “Enable invitation” if you want to control who can register on your blog by asking the user to give his invitation code during registration.
Fill the “Code” input box with the valid invitation codes you want. Example : PROMO2008, SZ78PQR, etc… or click on the “Gen” button to let Sabre generate an invitation code for you. To delete a code, just click on the “Sup” button. CAUTION: Invitation codes must be typed in uppercase letters.
If you want to limit the number of use for a specific code, just type a number in the “Usage” zone. Sabre will rest one each time the code is used. When the counter reaches zero, the code is no longer valid.
If you want to limit the period of use for a code, just type an expiration date in the “Validity” zone. Format must be YYYY-MM-DD: Example : 2010-10-20 for a code valid until October 20th, 2010.
Then, you can communicate those codes to the persons who will be allowed to register on your blog.
1i) Miscellaneous Options
Click on the checkbox “User password” to let the user choose his own password during the registration process. Otherwise, WordPress will generate a random password. The password strength is displayed in real time to help the user to choose a strong and safe password. (Not available in multisite mode)
Enter the name you want in the “Sender’s name” input box. This name will appear as the sender of the registration mail sent by Sabre to the user. Will default to the site’s name if left blank.
Enter the Email address of your choice in the “Sender’s Email” input box. It will appear as the sender’s Email of the registration mail sent by Sabre. Will default to the administrator’s Email set in the WordPress general parameters if left blank.
Click on the checkbox “Show banner” to add a reference and a link to Sabre’s site at the bottom of the registration form. It’s up to you to decide if you want to advertise Sabre or not !
Click on the checkbox “Show on dashboard” to add a widget on the dashboard with the main statistics about Sabre.
Click on the checkbox “Show in profile” to add some informations about the registration status in the user profile.
Click on the checkbox “Suppress Sabre” if you want to delete all information created by Sabre (table and options) when deactivating the plugin.
CAUTION : Use this option only if you decided to stop using Sabre or if you want to purge the table and reset all the options to their default values.
Don’t forget to click on “Save options” to store your changes.
2) “Blocked Registrations” Tab
List the invalid registrations with the cause of error. The number of new registrations blocked since your last visit is shown between parenthesis on the tab.
It’s possible to suppress the log giving the number of days to retain (20 days by default) and clicking on “Delete”. You can ask Sabre to do it automatically, from now on, with the same period by clicking on the checkbox. A null or negative number of days with the checkbox ticked will prevent Sabre from doing the automatic cleanup. To suppress the log for a specific period of time without modifying the parameter of the automatic cleanup, just type the number of days to retain, untick the checkbox and press “Delete”.
3) “Approuved Registrations” Tab
List the registration definitively accepted (status = ok). The user id created is displayed and gives access to its data by just clicking on it. The number of new accepted registrations since your last visit is shown between parenthesis on the tab.
It’s also possible to register manually a user giving his WordPress account name or all existing WordPress users clicking on the checkbox then pressing the “Add” button.
To cancel the registration of users, just click on the corresponding checkbox in the list, then press the “Unregister” button.
4) “Registrations to confirm” Tab
List the registration waiting for confirmation (status = to confirm). The user id created is displayed and gives access to its data by just clicking on it. The number of new registrations to confirm since your last visit is shown between parenthesis on the tab.
Whether the confirmation is done by the blog administrator or the user, the following two buttons are available:
- Confirmation of the registrations is done by selecting the accounts in the list, then pressing the “Confirm” button.
- Refusal of the registrations is done by selecting the accounts in the list, then pressing the “Refuse” button.
When the confirmation must be done by the user himself, the blog administrator has no reason to intervene but, if needed, he can confirm or refuse manually a registration on behalf of a user.
5) “About” Tab
A wise text about the author and his work. A must-read you can’t resist to !
6) Custom image in logon/registration screen
To change the default logo, copy your own image file in the /images directory of Sabre plugin. The file must be a 290pixels x 66pixels GIF file named sabre-login.gif. (Not available in multisite mode)
Screenshots
-
Registration form with captcha added and custom password choice
-
Registration form with math test added and custom password choice
-
The dashboard widget