Plugin Review: Yawasp

February 15th, 2009
Weekly Plugin Review, WordPress Plugins

Who doesn’t hate spam? Ever since blogs became common place, one thing that we have to worry about is spammers. It is like the constant battle of good vs. evil with the good folks finding means to defend themselves and others and the bad ones finding better means to attack the innocent ones!

Yawasp (Yet Another WordPress Anti-Spam Plugin) is one such plugin that uses an innovative approach to battle comment spam.


Most anti-comment-spambot-plugins focus on user interaction, e.g. captcha or math comment spam protection. Yawasp focuses on handling comment-spam-protection within WordPress. It replaces the names of the comment form fields with random names, protecting your blog from spambots that aim at the default comment field names. Furthermore it adds a blank field, hidden from the user, that needs to be left empty. In addition, the random field names are changed every 24 hours, giving a spambot no chance to adapt to the comment form.


  • Does not require JavaScript, Cookies or Sessions
  • No extra field for user input (e.g. Captcha) required
  • False-positives are nearly impossible
  • No need to manage spam comments anymore
  • Easy installation (automatic or manual)


The installation is more complicated than other plugins as it requires deal of manual intervention (in case the automatic editing fails). Upload the plugin and activate it.

Make the necessary changes in your theme files if necessary and you’re good to go.

The plugin will display the number of spambots blocked on the dashboard.



This plugin is another attempt to protect your blog from spam. However, I still don’t think that this is the first and last stop for protecting your blog.

For one, it only attempts to stop automated spambots attacking your comment form.

And it cannot protect you against manual comment spammers and trackback/pingback spam. Hence, you’d require another plugin like Akismet to form your secondary defense.

I recommend using this plugin if you have been able to identify that your primary amount of spam is spambots attacking your site. By installing this plugin, you’ll notice that with these spambots blocked, you’ll be required to take a look at a much smaller amount of spam in your spam queue.

What I would like to see is what spam is actually blocked by the plugin. The plugin does store which spambots are blocked over a 24 hour period, which works well. However, you won’t see any of the comments blocked.

In case your visitors start to report being blocked, you’ll need to check your comments.php to see if the code is properly installed. I suggest making a few test comments as well getting a few friends to test it out. From my experience, a lot of commenters will just not bother informing you in case they face problems commenting on your site.

So, which antispam plugins do you use? If you’re already using Yawasp, what has been your experience so far? What features would you like to see added?




  1. Frank says:

    I think Antispam Bee is better, because smaller and more efficient.

  2. Arizona Rifleman (1 comments.) says:

    I use Yawasp+Akismet to great effect. So far, I’ve had no spams successfully make it past the combination (out of several thousand attempts).

    There are no changes to the user interface and my readers have had no problems posting comments.

    I’ve opted to be on the safe side, in that if a spammer fails the Yawasp test, it gets submitted to Akismet as spam and added to my “spam” queue so I can review everything. So far, no false-positives at all. This also supplies Akismet with new spam, so as to make their filters better. I could just have Yawasp block the spam outright, but I like helping out Akismet.

  3. SSG says:

    I use WP Captcha Free as my first line of defense and it works great. No configuration required.

  4. Hikari (79 comments.) says:

    This plugin seems great, but is there a real risk of commenters being blocked?

    I really don’t want anything that makes commenting harder or boring. I’d rather deal myself with spam queue.

    I’m having a hard time with bots that add junk comments thou… Are you sure there is this risk of troubling real commenters? Because I really liked this plugin idea :(

  5. Mihai Secasiu (12 comments.) says:

    “This plugin is another attempt to protect your blog from spam. However, I still don’t think that this is the first and last stop for protecting your plugin.”

    Why would you want to protect your plugin? :)

    This is an interesting approach, but a smart bot could still figure out which fields to fill by looking at the html elements around the comment fields. Also the “extra empty field” seems more like a joke then an actual extra protection measure.

    To make this better the author could generate the random field names using JavaScript on every page display.
    The plugin could also be improved to actually show blocked comments, assuming stupid bots still use the standard field names to post comments.

    • Ajay (209 comments.) says:

      “Why would you want to protect your plugin?”

      Thanks for pointing out the blooper. I’ve corrected the post :)

  6. Hikari (14 comments.) says:

    oh yeah, another thing

    another very nice plugin I’ve been using to deal with flooders and spammers is Bad Behavior.

    It uses Poject Honey Pot blacklist to block spammers. I also recomment all bloggers to add honey pots on their sites to catch these fukers. More info about it:

  7. John Biddle (1 comments.) says:

    I have been using WP-SpamFree for a couple weeks nw. It has stopped hundreds of comment spams without having any adverse effects on human commenters.

    The installation was simple and fast, and I heartily recommend it.

  8. Mark McGillveray (1 comments.) says:

    I have been using Bad Behavior for about a year not and like It a lot. I am also a member of Project Honey Pot and the two are integrated together by your Project Honey Pot number entered to Bad Behavior. I agree every blogger should join Project Honey Pot to help CATCH THE SPAMMERS.

    Thanks all.

  9. Marc says:

    WP-Spamfree. You don’t need anything else.

  10. Mr. I (2 comments.) says:

    I have used it but after I got a mail from reader saying that he could not comment and was instead shown the message “You are a Bot”, I stopped using it. Now, I use Bad Behavior which goes a step further and does not allow spam bots to even access your blog.

    The spam bot information is matched with Project HoneyPot database so that Search Engine and other legimate bots are not banned.

  11. rudy (8 comments.) says:

    I never try it yet.

    I used akismet and wp-spam free.

  12. Mus_ (5 comments.) says:

    since my blog is a low-traffic blog site, Akismet is enough for me.

  13. (5 comments.) says:

    I used this for a while, but it seems that’s not compatible with WP-SuperCache, so I’m not using it anymore… I’ve used Akismet for quite a while (almost since it was first released), with various results: quite poor at first (too many “ham” or proper comments – false positives – were marked as spam), then better, later just good (but still letting pass quite a few spam comments per day, and storing lots of comments marked as spam, which was not good for DB performance) and currently working ok, with an average of 5 to 10 spam comments in moderation or incorrectly published per week; with practically no false positives.

    A really good, effective, precise and not cpu-intensive measure it’s to limit the access to wp-comments-post.php (which “Handles Comment Post to WordPress and prevents duplicate comment posting”) file with .htaccess so it only accepts requests that have been refered by your server, which will block most of the spambots, since they usually try to send spam without even “viewing” a page, but injecting data directly into wp-comments-post.php

    I used BadBehavior and SpamKarma too… they’re great, but usually more cpu-intensive, so you might not want to over-use them if you’re on a shared hosting

  14. Otto (215 comments.) says:

    I use Cookies for Comments, which I find works to great effect at preventing comment spam, but not trackback spam. For trackback spam prevention, I also use Akismet.

  15. Armand (5 comments.) says:

    Another good anti spam, however I’ve used Akismet and I think it’s good for me now.

  16. bubazoo (213 comments.) says:

    The only thing I don’t like about captcha’s, is that 99% of them are
    impossible to read for the visually challenged. Think about how a blind person, as an example, would read a captcha. Impossible without an audio captcha, and there are alot of people with 20/20 who can’t read most of the captcha’s out there, so I’ve always found that method offensive to my disabled visitors. I have seen some audio ones, that speak numbers instead of the letters that are on the screen, which is DUMB too because text box only accepts input of the letters shown on the screen, so IMHO, there hasn’t been a decent captcha that tackles that issue yet. I know you guys don’t care, but over 20% of the population are visually challenged.

  17. bubazoo (213 comments.) says:

    hehe, I mean, if yer gonna make an audio captcha, allow the text box to accept the numbers, its so stupid that they don’t. I have fussed with that on that recaptcha page for years…

  18. Tinh (11 comments.) says:

    Excellent plugin, that is what i have been looking for. I have tried Peter antispam but now do not like it any more


  1. […] Yawasp (Yet Another WordPress Anti-Spam Plugin) – (Our Review) […]

Obviously Powered by WordPress. © 2003-2013

page counter