Spam Defeating All My Captcha
As in many other areas of antisocial behavior, the comment spammers are constantly improving their game. Captcha was really effective, until the spammers actually improved the state of the art in OCR. Then there are the "are you a human?" types of tests -- adding numbers, identifying pictures, etc -- and those can be defeated by ... humans, very inexpensive humans.
This means that, just like email spam, you need to up your game and start looking at where the comment/post is originating from. If you have a site targeting the US, the UK, or some other large, well-defined geographic area, it is possible to check the IP address and use that as part of your "spam or ham?" calculation. Additionally, you can look at the contents of the comment and see if it seems to be full of links, or is composed almost entirely of just one link.
Limiting posts to registered users helps, as does making sure that all first comments are handled by a moderator.
We use a scoring method that uses IP-block include and exclude lists, link count (checking both HTML and simple text patterns), and a minimum comment size. Comments that fall into a grey area are kicked to a moderator. This is a US-oriented Django site, so I can't point to a PHP class or WP plugin, but this combination has substantially reduced the flood. At least for the moment it has.
There are lots of public CAPTCHA-scripts that you can use, Google's "reCAPTCHA" being one of them, others want the user to tell whats on a photo or other riddles ...
The problem is: You can never block human spammers. Sometimes it's not a bot that's solving your CAPTCHA but a real person. There's even a business for solving CAPTCHAs where people are paid to solve CAPTCHAs and provide bots with solutions.
One solution that I found is working pretty well: make it hard (if not impossible) for spammers to use the account they created. Spammers only have that much time so when they need too much of it to actually post to your blog, they'll go away eventually.
Meaning: let only people post that you approved personally, let only people post links that have posted at least X (meaningful) posts before.
I don't know about wordpress, but this worked for me in phpBB, I'm sure there are similar plugins for wordpress.