As a response to the many recent articles written about comment spam in blogs and their prevention methods, I thought it would be useful to list all of the existing methods available for WordPress (both in the core and as plugins and hacks) to prevent spammers from targeting your blog and succeeding. I would appreciate it if WordPress users would report their successes and failures with the various methods.
WordPress already has very robust comment spam prevention mechanisms built into the core. To prevent spam you could:
- Turn on comment approval, where every comment would have to be approved by an administrator before it is posted on your live blog
- Force the user to fill out their name and email before they are allowed to post a comment
- Force a comment to be moderated based on the number of links in the comment (links being a major part of most comment spam)
- Fill out the “common spam words” form to comments get moderated when matches are found between the spam words and anything in a comment, including the author URI, author name, author email and the body of the comment itself
All of the above mentioned features can be turned on or off (or modified) through the admin of your blog, without having to wade through any code or plugins.
Outside of the built-in comment spam prevention methods, numerous plugins, hacks and mods exist (and continue to be developed) to further reduce spam.
- WordPress Blacklist Comment SPAM Filteration System: MT style blacklist for your WordPress blog. The built in spam words do pretty much the same thing, so this might be obsolete.
- Kitten’s Spam Words: Robust scripts to delete comments as spam and automatically find keywords and IPs to add to your list of “common spam words”.
- RBL (RealTime BlackHole List) comment spam filter: Check against RBLs available over the web.
- CommentPay: Make your spammers pay you via Paypal to put up their Spam comments
- Comment Killer: Automatically delete spam (without putting into the moderation queue) from your blog without getting notified
- Turn up the minimum wait time between consecutive comment posts: I have mine set quite high.
- Google Link Redirector: Redirect all the links in your comments through Google so spammers cannot steal your pagerank.
- Stop Comments temporarily with one mouse click: Temporarily stop commenting on your blog with one click activation and deactivation
- Comment Email Approval: Much llike an opt-in whitelist, ask your commenters to verify through their email before letting them comment.
- Captcha Authimage: Read a non-machine-readable image and type in the contents before you can comment
- AutoShutOff comments: Automatically shut off comments for posts older than a certain number of days
- Optional timed comment moderation: It allows the blogger to set a time when they would like all entries to be automatically moderated. (Thanks Colin)
- Three Strikes Plugin: This plugin prevent comment spam from ever hitting your system and bugging you with requests to moderate comments. This uses a points system to determine spam (which can be tweaked) and is most effective when used with Kitten’s Spam Words plugin.
- CSPAM – Centralized Spam Prevention And Mitigation: A centralized system which involves a simple installation of a provided plugin and ZERO maintenance. Looking for alpha testers for this method.
Spammer Tar Pit: If you are getting flooded with comments from a single IP or, as in my case, by some person trying to hawk tramadol for cheap (eat your heart out spammer), this is the one for you
I might be missing a couple of hacks/plugins/methods, so if you know of any more, please let us know about it. Also, if you like one better than the other, please let us know.
I’ve got a couple of hacks that I use on my (low traffic) site that help out. One is to display a ‘Pending’ message whilst a comment is awaiting approval so the genuine submitter knows they don’t need to send it again, and the other means that something has to be put into each of the 3 fields as I was getting a lot of posts that were a mass of smiley faces with no real message in them.
They’re not going to win awards, but if you’re collecting stuff then here you go !
http://minimal.cx/category/wordpress/
—
ian.
Mark: The default WP processes you note stop 99% of the spam that I get, honestly.
FWIW, I’ve written up a short tutorial with screen caps to show how to kill a pile of trapped comment spam in WP 1.2.
Sent a trackback ping but it failed, so I’ll leave a comment. I’m wondering if using google bombs on popular spam words might be a fun and effective way to fight back. http://www.stupidsimple.org/bl.....ment-spam/
I haven’t tried this as I have yet only had a few comment spams, but what about renaming the HTML fields for comment, name, url, etc so that the spiders don’t know what key-value pairs should be in the request…. and adding more buttons so that the correct button to press for submit is obvious to visitors, but not obvious to a spider? If every wordpress blog had different request parameters for comments, that would be really tough to program a spider.
I have one, me me me: 🙂
http://theubergeeks.net/2004/0.....ration-03/
It allows the blogger to set a time when they would like all entries to be automatically moderated.
Try implementing:
http://www.devshed.com/c/a/PHP.....es-in-PHP/
That has already been implemented.
Rename wp-comments-post.php and 2 other files to stop autobot spamming: http://www.blogs-about.com/sup.....c.php?t=97
Here’s a modified version of Matt’s Stopgap plugin that moves the md5 computation to the client, preventing all automatic spam. It also makes the md5 vary by hour, by client, etc, so those bot networks will be unable to penetrate your precious comments.
http://elliottback.com/wp/arch.....p-extreme/
Mark,
After getting a handle on my comment spam using Elliott’s plugin, now I’m getting hit by trackback spammers!! I was thinking about just creating a simple plugin that would send trackbacks and pingbacks automatically into moderation, since it doesn’t really matter to me if these do not show up on the blog right away like I want my comments to. I was thinking that you might have an idea on how to fight these things, since you always come up with good plugins. Tonight I’ll try to whip up plugins to do what I mentioned though.
I am facing the same problem right now. I think there will have to be a plugin that pumps all trackback/pingback traffic through the comment posting functions. Let me know if you think of anything.
I’m getting completely trackback attacked and it’s ugly. Some help please.
http://weblogtoolscollection.c.....m-updated/
The best one I have seen so far is a heuristic approach. They scanned in comments and would flag any that failed to be verified. Only other way is to just dissable comments after a few days.
I was bombed by 25 spam commments. deleted them all and blocked the IP they came from.
where read about it in russian
How can this:
“Force the user to fill out their name and email before they are allowed to post a comment”
help stop spammers???
My main concern is that you can’t guarantee every page of your website will be included in the SERPs. Considering I’m constantly adding new products to my company’s website, I need to be sure that customers can find them as soon as possible.http://www.seoptimizerz.com
Hi, I propose my own made wordpress modification.
http://www.goplayme.com/posts/.....ments.html
Great stuff, thanks for the tips, these comment spam stoppage techniques will really help me with my new funny stuff blog.
Unfortunately, a lot of people respond unthinkingly and unwittingly, becoming their own trolls. I have spent hours agonizing over how to respond to a few comments in my time, wanting to keep things level and fair and host free speech and opinions, but sometimes censorship wins, something I struggle with all the time. Luckily, WordPress allows me to put comments into moderation until I decide, giving me the time I need to battle out my inner debate.
I just rolled out this free spam blocker, it eliminates all the problems of people having to read a captcha and all you gotta do is upload and activate. Check out the post I made on it, http://amazingwordpressthemes......m-blocker/
I’ve made my own spam stopping plugin. In fact it’s a WordPress client for Mollom, a new anti spam service founded by Dries Buytaert of Drupal, to WordPress.
Download: http://wordpress.org/extend/plugins/wp-mollom/
Mollom.com is a new spam deterring service. It blocks spam effectively. As a plus, false positives are reduced to virtually 0. The site admin doesn’t need to retrieve valid comments back from spam hell, as a bonus.
How does it do that?
When in doubt, Mollom will rather present a safe CAPTCHA to the commenter. As long as the CAPTCHA isn’t solved, the comment will never be saved.
Aside, Mollom is an intelligent self-teaching service. It will learn from it’s mistakes and the comments that it checks. Making it better as it’s being used more and more.
More information on their site: Mollom