As a response to the many recent articles written about comment spam in blogs and their prevention methods, I thought it would be useful to list all of the existing methods available for WordPress (both in the core and as plugins and hacks) to prevent spammers from targeting your blog and succeeding. I would appreciate it if WordPress users would report their successes and failures with the various methods.
WordPress already has very robust comment spam prevention mechanisms built into the core. To prevent spam you could:
- Turn on comment approval, where every comment would have to be approved by an administrator before it is posted on your live blog
- Force the user to fill out their name and email before they are allowed to post a comment
- Force a comment to be moderated based on the number of links in the comment (links being a major part of most comment spam)
- Fill out the “common spam words” form to comments get moderated when matches are found between the spam words and anything in a comment, including the author URI, author name, author email and the body of the comment itself
All of the above mentioned features can be turned on or off (or modified) through the admin of your blog, without having to wade through any code or plugins.
Outside of the built-in comment spam prevention methods, numerous plugins, hacks and mods exist (and continue to be developed) to further reduce spam.
- WordPress Blacklist Comment SPAM Filteration System: MT style blacklist for your WordPress blog. The built in spam words do pretty much the same thing, so this might be obsolete.
- Kitten’s Spam Words: Robust scripts to delete comments as spam and automatically find keywords and IPs to add to your list of “common spam words”.
- RBL (RealTime BlackHole List) comment spam filter: Check against RBLs available over the web.
- CommentPay: Make your spammers pay you via Paypal to put up their Spam comments
- Comment Killer: Automatically delete spam (without putting into the moderation queue) from your blog without getting notified
- Turn up the minimum wait time between consecutive comment posts: I have mine set quite high.
- Google Link Redirector: Redirect all the links in your comments through Google so spammers cannot steal your pagerank.
- Stop Comments temporarily with one mouse click: Temporarily stop commenting on your blog with one click activation and deactivation
- Comment Email Approval: Much llike an opt-in whitelist, ask your commenters to verify through their email before letting them comment.
- Captcha Authimage: Read a non-machine-readable image and type in the contents before you can comment
- AutoShutOff comments: Automatically shut off comments for posts older than a certain number of days
- Optional timed comment moderation: It allows the blogger to set a time when they would like all entries to be automatically moderated. (Thanks Colin)
- Three Strikes Plugin: This plugin prevent comment spam from ever hitting your system and bugging you with requests to moderate comments. This uses a points system to determine spam (which can be tweaked) and is most effective when used with Kitten’s Spam Words plugin.
- CSPAM – Centralized Spam Prevention And Mitigation: A centralized system which involves a simple installation of a provided plugin and ZERO maintenance. Looking for alpha testers for this method.
Spammer Tar Pit: If you are getting flooded with comments from a single IP or, as in my case, by some person trying to hawk tramadol for cheap (eat your heart out spammer), this is the one for you
I might be missing a couple of hacks/plugins/methods, so if you know of any more, please let us know about it. Also, if you like one better than the other, please let us know.