When I recently wrote a post which pointed to an article that described a few things you should do with your WordPress blog immediately after having it installed, I noticed Collin made a comment in that, WordPress was like the Windows OS where as, it comes bundled with Internet Explorer for a browser while WordPress comes bundled with (albeit fantastic) Akismet for a comment spam blocker.
With that in mind, here are 9 plugins that you can use either as stand alone replacements or in various combinations to combat comment spam. Not all plugins work nicely with others so be sure to read the installation manual if you decide to use any of these plugins on your own blog.
1. Comments For Cookies – This plugin adds a stylesheet to your blog’s html source code. When a browser loads that stylesheet a cookie is dropped. If that user then leaves a comment the cookie is checked. If it doesn’t exist the comment is marked as spam.
2. Bad Behavior – Bad Behavior is an awesome comment spam blocking plugin. If you can imagine, Bad Behavior is like Akismet on steroids. BH is a plugin which contains a series of scripts which block comment spam, trackback spam, guestbook spam, wiki spam, and even protects your site from some malicious website hacking. It’s been rumored that Akismet combined with Bad Behavior is the ultimate anti spam configuration in WordPress.
3. WP-SpamFree – SpamFree takes a somewhat different approach at combating spam by using a combination of JavaScript and cookies. According to the plugin author, most automated bots are stopped dead in their tracks by using this method while normal web site visitors are unaffected. However, the plugin author does state that there may be a few visitors who have JS and cookies disabled who might be annoyed by this plugin but that those people would be far fewer than the 100% of people which would be annoyed by CAPTCHA’s, challenge questions and other validation methods.
4. Spam Karma 2 – SK2 is the successor to SpamKarma. SpamKarma2 developed in 2007 is a an anti spam plugin which contains a wide assortment of options with the ability to find tune it’s effectiveness. SK2 even comes with it’s own module system where you can download separate modules and add functionality to the original plugin if the default is not enough for you. Despite this plugins age, WordPressers are still chanting about how well this plugin works.
5. Comment Inbox – Developed by Mark Jaquith, Comment Inbox gives you the ease of the moderation queue with the freedom of unmoderated comments. Comment Inbox works by placing all comments except caught spam into moderation which is renamed to Comment Inbox. All comments in the Comment Inbox will show up immediately on your blog so conversations don’t become interrupted by moderation time lines. An effective way of dealing with both spam and bacn on your blog.
6. CAPTCHA-Godfather – This plugin offers four different methods of protectio. The first is a verification code which is always generated dynamically. The second is that each verification code is given a session id which is different from the PHPSESSID value. The third protection is that every session id and verification code gets their own time stamp. The time stamp works on the premise that humans need a few seconds or minutes to post a comment. The last protection involved IP addresses. The visitor’s IP is stored with the verification code and only when the comment contains the original IP it’s then saved and held for moderation.
7. Defensio Anti-Spam – This plugin is used by a number of WordPress bloggers. It works similarly in the same way as Akismet as it is an advanced, spam filtering service that learns and adapts to your behaviors and those of your readers. Defensio also includes support for OpenID, detailed statistics and more. With all of this functionality under the hood, it’s no wonder that this is one of the most popular anti spam plugins in use today, outside of Akismet.
8. Worst Offenders – Worst Offenders is a plugin that you can use to help decrease the amount of time you spend looking through messages to determine if they are spam or not. Worst Offenders analyzies messages already marked as spam and then uses several techniques to identify messages with common sources, subjects, and content. The messages marked as Worst Offenders can then be deleted all at once, leaving only a handful of messages to sift through.
9. WP Captcha-Free – WP Captcha-Free blocks automated comment spam without resorting to CAPTCHAs. It does so by validating a hash based on time (and some other parameters) using AJAX when the form is posted. Comments posted via automated means will not have a hash or will have an expired hash and will be rejected. Unlike using a captcha, this does not place any burden on the commenter.
10. Akismet – There is no way in which I am going to write about spam blocking plugins and not include Akismet. Current versions of WordPress come with Akismet installed by default. Akismet uses a unique algorithm combined with a community-created database to “learn” which comments are comment spam and which are legitimate.
The default configuration for Akismet may not be enough for some. In my own experience, I’ve noticed that by check marking the configuration option to allow Akismet to automatically discard spam comments on posts that are older than a month has dramatically lowered the amount of spam in my moderation queue.
As for myself, I am perfectly content with the performance I have received out of Akismet. However, I must note that some of the success tied into Akismet deals with the way I have configured commenting in general on my own personal blog. For example, for a comment to appear on my blog, a user must fill out the name and email text fields. They must also contain a previously approved comment. I have also configured my comment moderation settings to place comments in the moderation queue if they contain two or more links.
Everyone’s comment spam/configuration circumstances are different, so be sure to experiment with different options or techniques to figure out which comment spam blocking recipe works for you. If you would like even more information on how to combat comment spam, check out this article on the Codex.
Just a thought but Bad Behavior isn’t quite compatible with WP 2.5. The new upload tool will fail when bad behavior is activated. A workaround is to add the IP net block you usually use wordpress from into the whitelist.inc.php file in the bad-behavior folder.
I use a combination of Akismet, WP-SPAMFREE, Bad Behavior and now a GREAT comment form plugin called cformII (see this).
Seems like a lot of “Stuff” but I went from a couple of hundred a week to about 1 or 2 per week. Now if I could only find something someway to deal with people who scrape my blog and the pingback spam…
Actually, BB + SK2 with the Akismet SK2 plugin may be the ultimate solution. It allows SK2 to judge whether a comment is spam or not by additionally seeing what Akismet had to say. However, I found that many many times, Akismet would report a comment was ham even when it wasn’t.
So, I recently started using Defensio just to try it out. In the 72 hours I’ve been using the plugin, it’s caught 430 spam and let just one into my moderation queue. No spam comments actually made it onto my blog.
Pretty dang good if you ask me, plus hiding the obvious spam from the Defensio page in WordPress makes it way easy to make sure to false positives are occurring.
I think I’ll be sticking with it. 🙂
Ooof, I rewrote my comment a couple times and it didn’t turn out so good.
I was responding to the “It’s been rumored that Akismet combined with Bad Behavior is the ultimate anti spam configuration in WordPress.” comment. Since my vote is currently with Defensio, I obviously didn’t mean BB + SK2 + SK2 Akismet was the best.
As I’ve pointed out before, Akismet is not free for everyone. Its ridiculous $50 per month fee is out of reach for non-profit organizations operating on a shoestring budget. Instead, I simply turned off pings and require users to register to post comments. I’ve never gotten any spam at all.
I use Akismet religiously. Do concede that it’s not (free) ideal for anything other than personal websites. Hadn’t realised that it was $50 per month though… quite a bit! Perhaps it might be worth getting together a petition to see if they might be able to change their pricing structure for different non-profit organisations.
SK2 & BB are the best combo. Every time I read about akismet, I see the words “moderation queue.” Before turning on BB, I got about 20k spams a year. SK2 blocks them all and almost never puts anything in moderation.
And I don’t know why you said it was old. It’s still in development, although that’s supposed to end soon thanks to WP’s inability to sit still.
This needs clarification because the $50 per month is not entirely correct information.
From the Akismet Commercial Use page: http://akismet.com/commercial/
– Free for personal use
– $5 per month for problogger use (if you’re making more than $500/mo from your blog )
– $50 per month for corporate ventures (a corporate blog or a blog network)
There are other prices for registered Non Profits and for API access.
yes i really hate spam, Akismet can hold and count incoming spam but there not stop spam really.
For an unregistered non-profit orgainization, Akismet costs $50 per month. That’s ridiculous for our all-volunteer operation. (Note that nonprofits with multi-million dollar budgets only have to pay $25 per month.)
hello, for the comment problem i found someday a plugin which i really would like to use. my pc crashed and so i have no link nor a search tag, please help me.
this plugin swithes off the comments after a time period, so its not possible to post on older posts – i really would like to use it.
can you help me with a link, does someone know what i mean, thx in advance
Good list, I just use akismet, regularly update it and still happy with it.
Anyway, thanks for the list. Perhaps I can choose one for my naughty cousin blog 🙂
I use Akismet (which does have significant false positive problems) and simply moderate all posts that contain a link. Since most comment spammers are greedy and will throw many links into a comment, they’re easy to screen out and either mark as spam to Akismet or to simply edit out the links in order to add new content to the page in Google’s eyes.
Does anyone else use SpamBam? It seems to work great for me.
We were using BB as well as Askimet for a while but it made our blogs run very slowly so we turned off BB. Has anyone else had this problem with BB?
You’d better try “Hiddy”. That’s the ultimate solution against SPAM. I used to get 60/70 spam comments per day, now I’m about 1 or two (and sometimes 0, yes ZERO).
http://hiddy.etechs.it/
Tom, you want a plugin called Close Old Posts.
See http://wordpress.org/extend/pl.....old-posts/
Seems to me like you should register your organization then. Unregistered = unofficial. If you’re not registered, then they have no way to check up and see that you’re not defrauding them.
WP SpamFree isn’t all it’s cracked up to be. Here’s a demonstration of how easy it is to defeat.
You left off Raven’s Anti-Spam (http://kahi.cz/blog/ravens-antispam-for-wordpress). Between that and Akismet, spam never gets through on my sites.
Otto, perhaps you’d like to volunteer your time to handle the paperwork for our organization to register us as a 501(c)(4) orgainization. All I do is run the web site as a volunteer, so I have no idea what’s involved.
And my previous comment was wrong. Multi-million dollar charities get to use Akismet for FREE, while our organization with a budget that barely hits five figures would have to pay $600 per year.
But I don’t know that it matters, because it looks like the upgrade to 2.5 will be such a PITA that I’m leaning toward dropping WordPress entirely.
I was getting anywhere from 10-20 a day with Akismet, so I installed Bad Behavior and I have not gotten one all week. Kind of funny that this post pops up after my own positive experience!
hi. not trying to be picky and all but in number 6 captcha godfather shouldn’t the last sentence read “and held for moderation.” and not “and held for moderation.” ?
that’s it. no need to publish this comment publicly. and thank you for the good article.
Though it’s not on your list, I have found TanTanNoodles exceedingly helpful. It’s a simple plugin that gets 99% of the spam out there – it gets rid of comments with lots of links, just links, or if they contain certain words.
@Moreno: Later updates to the WP-SpamFree plugin overcame the concerns that Adam brought to light in that blog post.
Great post! Gotta fight the forces of the evil spammers and their spambot henchmen! Keep up the great work!
wonderful bob, thanks alot – that is exactly what i was looking for …and its so simple “closing old posts”…
sometimes i wonder why i got a head on my shoulders 🙂
On the subject of spam fighting, does anybody know of a good way to retroactively fight spam? Is there anyway to go through old comments and take out the spam that was ignored by a previous admin?
i use the wp-spam-free and it works great! It saves me from hundreds of spam comments per day.
I just don’t like having to moderate comments. I don’t have the time to check my blog for spam everyday, so I turn the moderation feature OFF in wordpress, and I always have.
The only problem is, I get so few comments on my blog that aren’t spam, I’d rather just be notified via email when someone makes a comment to my blog, but i have no idea how to do all that? I just use bad behavior and askimet, and both those together work fine for me, I haven’t noticed any comment spam in forever after installing those two, except I am getting tired of spammers signing up for new user accounts, wordpress needs to do something about that.
You should really check out the latest WP Hashcash at http://wordpress-plugins.feifei.us/hashcash/ which offers an infinitely more sophisticated Javascript-based antispam solution than WP Spam Free. The latest features include rudimentary trackback blocking and a nice admin configuration panel.
And it’s transparent. Turn it on, configure it for “delete,” make sure it’s working, and kiss your moderation queue goodbye. Your visitors won’t even notice.
bubazoo, just turn off new user registration.
#11 on the list should be “something custom.” The best defense against spam is to have something customized on your blog, even if it’s simple. Spammers don’t want to retool their bot to attack a single blog.
I agree with a recent post i read about the fact the captcha as not the ideal protection methods against zombies. Zombies has the computing power to break it, its just a matter of time and resource. If it economics for spammers than it will be done.
@bubazoo: Alternatively you can use my plugin Sabre that is designed to protect WordPress blogs against spammer bots registration. Thus, you can let the new user registration turned on.
Akismet has been doing a stellar job for me, but I’ll consider one or two back ups just in case. Most are new to me, so I’ll have to experiment to see which ones work best.
I actually did a write up and followup on my blog about this some time ago… Using the comment timeout plugin virtually eliminated all of the automated spammers.
It’s an incredibly simple solution.
Very interested article and comments… I have been using Akismet for a number of different word press blogs – unaware that I am incurring nay costs – I am going to have to remove the program because of the potential hidden costs. So far Akismet has not noticed – but I clearly am gong to have to use a different system to protect the various blogs from spam.