Sabre is an acronym for Simple Anti Bot Registration Engine. It's a set of counter measures against spam registration on your blog.

Your visitors are granted permission to register freely on your blog and now you are plagued by fake users automatically created by spammers? Sabre is the solution to stop definitely these robotized visitors!

List of available features:

1. Inclusion of a captcha in the registration form
2. Selection of the captcha's complexity
3. Selection of the background colour for the captcha image
4. Inclusion of a math test in the registration form
5. Selection of the math test's complexity
6. Inclusion of a text test in the registration form
7. Random or fixed choice of the test to run
8. Unobstrusive tests to detect if registration is done by humans or not
9. Registration blocked if Javascript is unsupported by the browser
10. Registration blocked if visitor's IP address is found on ban lists
11. The site administrator can validate the user registration (monosite only)
12. The user can validate his registration by clicking on a link sent by mail (monosite only)
13. Limited number of days for user confirmation. Without beeing confirmed within the period of time, the user account is disabled (monosite only)
14. Log on prohibited before user confirmation (monosite only)
15. User is allowed to choose his password when registering on the site (monosite only)
16. User must agree with a warning text, disclaimer or general policy note when registering
17. User must give an invitation code during registration
18. Main statistics displayed on the site's dashboard
19. Custom logo on logon/registration screen (monosite only)

All these features are activated by parameters. Thus, Sabre is flexible enough and fits the protection policy you define for your blog.

NOTE 1: For WordPress 3.0 or higher in mono or multisite modes, use Sabre 1.2.2 For WordPress 2.5 to 2.9.x, use Sabre 1.1.2 For WordPress prior to 2.5, use Sabre 0.6.3

NOTE 2: If you are upgrading from a previous install, don't forget to deactivate Sabre before overwriting the older files with the new ones. Then activate it again so Sabre can apply the required database and options updates.

What are the required components for Sabre ?

In order to run, Sabre needs the following:

• PHP 4.3.2 or higher
• GD 2.0.2 or higher
• and WordPress 2.5 or higher

For WordPress 3.0 or higher in mono or multisite mode, use Sabre 1.2.2 For WordPress 2.5 to 2.9.x, use Sabre 1.1.2 For WordPress prior to 2.5, use Sabre 0.6.3

Where can I find a translation of Sabre in my own language ?

Ready-to-use translation files are available in :

1. Danish (thanks to Mads Christian Jensen)
2. Spanish (thanks to Daniel)
3. Finnish (thanks to Kimmo Sinkko)
4. German (thanks to Andreas Schulz)
5. German - old version (thanks to Matthias Koch)
6. Polish (thanks to m1chu)
7. Portuguese - Brazil (thanks to Gustavo)
8. Italian (thanks to Gianni)
9. Norwegian (thanks to Kjetil Flekkøy)

If you can't find the files for your language, you can create them yourself with the sabre.pot file included in the package and PoEdit.

I don't want to bother my users with a captcha or math test but still want to protect me against false registrations. What can Sabre do ?

Sabre can protect your registration process without asking the user to pass a captcha or math test. Just untick the "Activate Captcha" and "Activate math test" checkboxes and select the "All" item of the "Test sequence" dropdown menu. Both tests are now inactive. Then tick off the "Activate stealth test" checkbox. Additionally, change the other parameters of the "Stealth tests" paragraph, if needed. Now Sabre will silently protect your registration process, keeping away spam registration from your site.

I just installed Sabre and now the users already registered can't log in anymore. What's going wrong ?

You decided to activate the registration confirmation and the users registered before Sabre's installation received the following message when they try to log in : "ERROR : Invalid registration status". This is because Sabre considers they have not confirmed their registration. You need to go to Manage >> Sabre >> Approved registrations and manually register each user giving his WordPress account name and clicking on "Add" under "Manual registration". You can also register all the existing WordPress users by ticking off the "Add all WordPress users" checkbox before hiting the "Add" button.

I'm fond of numbers. How can I display some figures about Sabre on my blog ?

You can activate the "Show on dashboard" parameter in Sabre's administration screen to display basic figures like number of registrations blocked, approved and pending confirmation on the dashboard of your blog.

Another possibility is to show up the number of blocked spam bots on the registration form by clicking on the "Show banner" parameter.

The third way is to use Bernhard Riedl's GeneralStats plugin that integrates Sabre's figures among other useful informations about your blog's activity.

How can I fire some of my own functions based on Sabre's events ?

If you're a plugin or theme designer, you can use the following Sabre's action hooks:

1. sabre_accepted_registration : Fired whenever the registration of a new user is fully accepted. You can simply add the following in your code: < ?php add_action('sabre_accepted_registration', 'myownfunctiontolaunch'); ? > to have your 'myownfunctiontolaunch' function executed each time a new user has been registered by Sabre.
2. sabre_cancelled_registration : Fired each time you unregister a user. Just add the following in your code: < ?php add_action('sabre_cancelled_registration', 'myownfunctiontolaunch'); ? > to have your 'myownfunctiontolaunch' function executed each time a new user has been unregistered in Sabre.

v1.2.2

• IMPORTANT! This version is a security fix.
• You are strongly requested to update to Sabre 1.2.2 in order to suppress a security flaw discovered in the previous releases of this plugin.
• Sabre v1.2.1 is missing some files, use v1.2.2 instead.

v1.2.1

• IMPORTANT! This version is a security fix.
• You are strongly requested to update to Sabre 1.2.1 in order to suppress a security flaw discovered in the previous releases of this plugin.

v1.2.0

• CAUTION: This version won't run with WordPress versions prior to 3.0. See the NOTE 1 of the Description paragraph if you want to use Sabre with an older version of WordPress.
• Compliant with WordPress 3.0 or higher.
• (NEW) Usable in multisite mode. See list of features for restrictions.
• (ENHANCED) Random security test now choose among active tests only.
• (ENHANCED) Password no longer included in the registration mail if the custom password option is activated.
• (FIXED) Few bugs fixed like Password strength indicator and missing HTML tags.

v1.1.2

• (FIXED) Fix a bug preventing to display the captcha image with WordPress 3.0.
• (FIXED) Fix the display of the policy rules in the registration screen.
• (ENHANCED) Link to an policy page and policy text can be both used at the same time.

v1.1.1

• Compliant with WordPress 3.0 in mono-site configuration (formerly standalone WordPress).
• CAUTION: The use of Sabre in multi-site mode (formerly WordPress MU) is an untested feature and will probably not work or give unexpected results.
• (ENHANCED) One can choose now by parameter if registration's informations are to be included in the user profile screen.
• (FIXED) Sabre can again be used with WordPress version prior to 2.8.
• (FIXED) Fix some HTML stuff preventing the login screen to be XHTML 1.0 Transitional compliant.

v1.1.0

• Compliant with WordPress 2.9.2
• (NEW) Registration's informations included in the user profile screen.
• (ENHANCED) Policy text can now be an external html or WordPress page shown as a link on the registration form.
• (FIXED) Added input fields have now the look and feel of the default WordPress registration form but can be customized in the sabre_login.css file.

v1.0.0

• Compliant with WordPress 2.9.1
• (NEW) Captcha test added : The TEXT test. An alternative to the graphic captcha. The user will have to enter the n-th letter of a randomly generated word.
• (NEW) Custom sender's name and Email on the registration's mails sent by Sabre.
• (ENHANCED) Invitation codes management: Auto-generation of codes, limited use of the same code, period of validity of the codes.
• (FIXED) Timestamps didn't take into account the GMT offset from the WordPress general options.

v0.9.0

• Compliant with WordPress 2.8.2
• Administrator can force the confirmation of registration even when user's confirmation is required.
• New design of the options screen to reduce the need of scrolling. The various blocks of parameters can be hidden/shown for easier navigation in the form.
• Timestamps now take into account the GMT offset set in the WordPress general options.
• No more reference to "blog" in the messages sent or displayed. This was done to stick with the fact that WordPress can be used in many other ways than a mere blog.
• Reinforced security against potential SQL injection using $wpdb->prepare function during database accesses.
• Action hooks added to allow third part plugins to run functions according to Sabre's events. See FAQ section for more details.

v0.8.1

• Made compliant with WordPress 2.7.1
• Corrected bug in dashboard statistics links
• Corrected bug in strengh meter when choosing custom password

v0.8.0

• Added parameter to activate invitation codes
• Added custom logo in logon/registration screen
• Plugin is now compatible with WordPress 2.7
• Plugin totally rewritten in object oriented PHP
• Message management reviewed to support plural form

v0.7.4

• Corrected bug in automatic suppresion of the blocked registrations log. A value of zero or less days will now stop Sabre's automatic cleanup.

v0.7.3

• Added parameter to choose between black or white background for the captcha image.
• Added parameter to ask the user to read and agree with the general policy rules of the blog before registration.
• Sabre has been made compliant with the possibility offered by WordPress 2.6 to move the wp-content directory to a custom location.

v0.7.2

• Added parameter to let the blog admin validate the user registration.
• Revised admin interface for the management of registrations to confirm.
• Added tab "Registrations to confirm".

v0.7.1

• Added parameter to display Sabre statistics on the dashboard of the blog.
• Added parameter to let the user choose his own password during registration.

v0.7.0

• This version requires WordPress 2.5 and can't be used with previous versions of WordPress.
• Administration panel has been reworked to stick with the new WordPress admin interface.
• Manual registration of an existing user done by name and no longer by user ID as WordPress 2.5 no longer shows the user ID.
• Added parameter to receive a mail upon confirmation of registration by a user.

v0.6.3

• Small adjustments done to comply with WordPress 2.3.3

v0.6.2

• Added parameter to check if IP address is banned by DNSBL servers.

v0.6.1

• Change the Sabre table definition as some MySql versions doesn't allow text columns to have default value. This was preventing the creation of the table during Sabre initialization in some occasion.

v0.6.0

• Added parameter to delete WordPress account automatically when registration is canceled, either manually or because of exceeded period of time.
• Added parameter to insert a reference to Sabre at the bottom of the registration form.
• Added parameter to select the number of days for automatic purge of history log.
• Added parameter to delete all information about Sabre when deactivating the plugin. This will clean your WordPress blog of tables and options created by Sabre, if you decide to stop using Sabre.
• Performance improvement bypassing the tests if errors already detected before calling Sabre (eg. user name and/or mail missing)
• Performance improvement by code optimization
• Reinforced access security to the administration panels of Sabre using wp_nonce_field

v0.4.2

• Corrected bug in the storage of the number of days for registration's confirmation

v0.4.1

• Added parameter to deny/authorize newly registered users to sign in before registration is confirmed.
• Added the possibility to automatically register all existing WordPress accounts.
• Added several messages to give the status of operations done.

v0.4.0

• Added several new internal tests to make Sabre more efficient in spambot detection. Those tests run undetected for regular human registrars.
• Those new tests are:
• Control that the registration form is loaded before the answer is sent to the server.
• Control that the IP adress of the requester is the same when the form is sent back.
• Control that the browser used to register has Javascript capabilities as many spambots lack them.
• Control that the Javascript capability is not faked.
• Control that the registration is done within a maximum period of time.
• Control that the registration form is possibly filled by a human, in a minimum amount of time.
• Changed the way to control who can bypass the registration confirmation : Sabre now tests the "edit_users" capability and no longer the user level. This will ensure that all accounts with a high level of rights will always be able to sign in.

v0.2.2

• Code optimized and splitted in various files to reduce server loading.
• Automatic cleanup enhanced.

v0.2.1

• Added a possibility to include the test randomly in the registration form. Added manual suppression of logs.

v0.1.1

• First public version

1. download the archive
2. unzip and drop all the files, as is, in your plugins/sabre directory.
3. Enable the plugin in the WP Admin >> Plugins section.
4. In monosite mode, just click on "Activate".
5. In multisite mode, Sabre MUST be activated by clicking on "Network Activate" as it is designed to protect all the sites of a network with the same options. Additionaly, only the super admin of the network will be able to manage the plugin's options.
6. Change the parameters following the "Configure" link of the Plugins panel or go to the WP Admin >> Tool >> Sabre tab.
7. Other languages Sabre is delivered in English and French but can be easily used with other languages. You just have to create a file sabre-xx_YY.po (xx_YY being the language code of your WordPress settings. Eg: fr_FR for French) from the existing file sabre.pot using PoEdit. Then, just translate the text strings located after the "msgid" tag and put the translated string after the "msgstr" tag. The resulting sabre-xx_YY.mo file has to be stored in the sabre/languages directory. Alternatively, you can find the translation files (.mo et .po) of some languages in the FAQ page.

If you are upgrading from a previous install, don't forget to deactivate Sabre before overwriting the older files with the new ones. Then activate it again so Sabre can apply the required database and options updates.