Comment flood prevention – a really simple solution

July 7th, 2004
Weblog Add-Ons

I was having a terrible time with comment flooders recently and even though the comments are put in the moderation queue, it is still quite a chore to delete or remove a hundred comments that are fifty lines long. Not fun by any means.

To create a simple solution to the problem, I have increased the timeout between the time a comment is posted and a comment can be posted again. By default, this time in WordPress is set to 10 seconds. I have increased that time considerably and added a really nice comment to the error code so people understand the reasons for not being able to post something. A commenter that is genuine is more likely to try to post somewhere in between the beginning of the timeout and the end. On the average she/he will only have to wait half the time set in the timeout.
I think comment flooders will not be willing to spend more than six hours on leaving comments on a single blog. It *should* be counter productive for them.

Though I am not sure this will work, I am going to give it a shot. I have another comment spam prevention script (or service) in the works but ETA on that is completely up in the air.

How do I do this?

Look here:

If this is successful (looks like it stopped 2 sets of flooders already, I have a little script that tracks how many attempts were made) I might post this on the WordPress fora.




  1. craig (19 comments.) says:


    MooKitty has a plugin for comment spamming that sets up a mass editing mode to very easily get rid of the crap being sent your way. It also writes entries automagically to the spam filter list and will even ensure that there are no duplicate entries. It’s very slick.

  2. Mark (7 comments.) says:

    I might look into that tonight!

  3. Matt (64 comments.) says:

    Every flood I’ve gotten has been through dozens (if not hundreds) of anonymous proxies so IP based throttling is useless.

  4. Mark (7 comments.) says:

    The throttling is (meant to be) not IP based, it is based on the last write to the comment table. So, the part that I forgot to mention was that I have changed the MySql call as well. I will fix the post when I get home.

  5. Blowy (1 comments.) says:

    And why you are not using any spam prevention plugins to decrease a number of malicious comments? except of akismet of course

  6. Cadmium Plating (1 comments.) says:

    We have some heavy spamming going on for just one of our pages on one site. The same bot tries to hit the same form over and over with the same spam every 30 seconds or so for a few hours. I think it is stuck? Strange

  7. Peter (1 comments.) says:

    If the comment throttling is not IP based, what happens if 2 legitimate comments are made within your limit? Even a nice error message can be frustrating if the error message is saying “please wait 60 seconds and then try again”

  8. Stefan Nilsson says:

    This is actually a terrific idea even though some people who find your site for the first time might end up in the filter with honest intention. With that said, those are so few compared with how many spammers there are out there. Have you thought about releasing this as a plugin instead of a short code? I’m sure it would get attention and get you some new readers as well as backlinks.

  9. Mikael U (3 comments.) says:

    On thing you can do to prevent spam is to have ha hidden field that IS filled with data. IF any spambot for some reason do attack you site it will most likely alter the field (inputing garbage) and if it (the field) does not match agains the set data you can trash the comment.


  1. Bitte warten…
    Mark Gosh behindert Kommentarspamflutwellen, so wie auch ich neulich einen gehabt hatte, mittels einer nur ganz kleinen Änderung: er verlängert einfach die Wartezeit, bis wieder ein Kommentar abgegeben werden kann. Das sind nur Änderunge…

Obviously Powered by WordPress. © 2003-2013

page counter