I did a post for a Antivirus plugin for WordPress, several users commenting about different plugins that improve the security of WordPress, so I decided to sum up some of the plugins that provide security and comment spam protection for WordPress blogs.
Anti-spam WordPress Plugins
Akismet – One of the best plugins to protect your WordPress blogs against spam comments, this plugin has worked like a charm for many users, saving then time and effort while moderating and managing comments.
WP-SpamFree Anti-Spam – An extremely powerful WordPress anti-spam plugin that eliminates blog comment spam, including trackback and pingback spam. Includes spam-free contact form feature as well.
WP-Hashcash – WP Hashcash is an antispam plugin that eradicates comment spam on WordPress blogs. It works because your visitors must use obfuscated JavaScript to submit a proof-of-work that indicates they opened your website in a web browser, not a robot.
WP reCAPTCHA – reCAPTCHA is an anti-spam method originating from Carnegie Mellon University which uses CAPTCHAs in a genius way. Instead of randomly generating characters, reCAPTCHA uses a combination of these words from digitalized books and further distorts them to construct a CAPTCHA image.
Math Comment Spam Protection – Probably the most simplest way to thwart spammers robots from posting comments on your blog, it adds a new field to the comment form asking users to enter a sum of two numbers, you will have to edit your contact template to include the comment spam field to it.
Security Related WordPress Plugins
WP Security Scan – Scans your WordPress installation for security vulnerabilities and suggests corrective actions. It allows you to generate strong passwords, check improper file permissions, database security, version hiding, admin panel protection and more.
WordPress Exploit Scanner – This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.
AskApache Password Protect – You can set up Password Protection for your blog using HTTP Basic Authentication, or you can choose to use the more secure HTTP Digest Authentication.
TTC WordPress Security Tool – This plugin blocks cross-site script attempts, ip numbers of ill behaved people and bots and bans bad user agents.
Secure WordPress – Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
WordPress Firewall – This WordPress plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks.
Did I miss anything out? Do you use any plugins for optimizing security and protecting against spam comments? Do share them with others by commenting here.
wordpress gets “scarier” instead of simpler, where’s the simplicity? firewall? anti virus? bahhhhhhhh
I don’t know that I’d say that WordPress is getting “scarier.” I’d say the rising amount of attacks against all types of web sites – including WordPress sites – are “scarier.”
Hackers aren’t a simplistic group of people. Their attacks are becoming a lot more sophisticated and a lot more frequent.
I’m thankful that these are plugins available. Better safe than sorry.
is “scarier.” I miss the ability to edit my comments. 🙁
Raven’s Antispam by Peter “Kahi” Kahoun has done a great job of reducing bot spam for me. For folks with javascript enabled, it’s invisible, otherwise they have a simple captcha-type question.
I’m using NoSpamNX for stopping spambots on many sites and works pretty well.
Hi all,
I use “AntispamBee” and “AntiVirus for WP” by Sergej Müller: http://antispambee.com/ and http://wpantivirus.com/
They work fine!
Best regards from Germany,
André
How can you leave Bad-Behavior off the list? http://www.bad-behavior.ioerror.us/ stops the bots from being able to get to your site, let alone post. Quite possibly my favorite tool, as it kicked my spam down to 1 a month.
I have to agree with the bad behavior thing. bad behavior, along with akismet, has kept me spam free for the last 3-4 years now.
In fact, I would say bad behavior probably gets rid of all my spam before it even gets to askimet, because I haven’t had to moderate my comments for years. thankfully, because I hate having to moderate comments, takes up too much dang time, I don’t want to spend all day on my blog after all. lol
At this stage, I’m only using Askimet for my site. I have to admit that I get around 10 spam cooments a week and thats still ok for me. I’m trying to keep my plugins to a minimal, so installing another plugin will not be for me.
AVH First Defense Against Spam:
The AVH First Defense Against Spam plugin gives you the ability to block spammers before any content is served.
Spammers are identified by checking if the visitors IP exists in a database served by stopforumspam.com or by a local blacklist.
It also has a mechanism to stop spammers who post comments by accessing wp-comment-post.php directly.
http://blog.avirtualhome.com/w.....inst-spam/
Anti-spam tools are an absolute must for any site running an open comment system. There’s been times where I’ve logged into my wordpress site only to spend an hour deleting comment after comment of pure spam.
Anyways great list thanks much!
Nice to know that there are many plugins to choose from instead of only one. With this growing numbers of plugins, users can choose what is best and what suits their needs.
Akismet – it’s doing a great job because considering the amount of spam i receive daily i could never face it.
Thanks! Akismet is great. Back in time, I also used SpamKarma 2 against spams. It worked well, but the plugin is no more supported 😐 However, there is a GPL verion on Google Code.
Well Math Comment Spam Protection does not seem to work poperly anymore. Since a couple of days I have a daily average of 30 spamcomments getting through. They are eaten by Spam Karma 2, but still this is a little annoying.
I agree that Bad Behavior has done more to eliminate spam from my blog than many of the tools I’ve tried. I still use Akismet, but Bad Behavior has all but eliminated spam posts.
Hey ! This is really cool list and I had install few plugins at my blog.
Hi Keith,
Great list, thanks! I did notice that both the title and link for “WP-SpamFree Antispam” is missing the initial “WP” that comes before the dash. The current link only takes you to the WP plugins directory’s main page. You might want to correct that.
Just letting you know.
For some reason the ‘wp’ didn’t come out on my previous comment. No idea why.
Sigh
Title should be:
WP-SpamFree Antispam
And the link is missing the wp before the dash. Third time’s a charm?
(Since when is wp surrounded by quotation marks considered code?)
ah, never mind.
@Kirk Thanks for that, seems to be some technical issue we are looking into it and will fix it shortly.
Ah, no problem. I just checked it out on my site (running 2.8) and the dreaded double-U pea posts normally. Might be an anti-spam plugin? 😉
Sorry, couldn’t resist.
You forgot WP-Mollom! See http://mollom.com.
look at another one – http://wordpress.org/extend/plugins/antivirus/ – seen on my friends on twitter.
sorry, i did not see that you wrote a post about this plugin.
For awhile, I thought about requiring users to login via facebook, using that facebook connect plugin, because most people who read and comment on my blog, all have facebook accounts anyway…..but then I thought, well, maybe I’ll get a new user who still wants to comment…
I do know that nobody, I mean nobody, signe up for a WP account on individual sites anymore. so that facebook connect plugin was heaven sent for me anyway. Just about anyone I know about (or care about lol) has a facebook account, so doing that would probably elimiate the need for all this spam stuff, if I decided to go that route for sure.
Another plugin that you didn’t mention that might be worth a look:
http://mattwalters.net/project.....e-monitor/
And also the website:
http://www.unmaskparasites.com/security-report/
Can come in handy.
P.s: I just got my website hacked so had to start searching for these, thank you for your post!
Tal
Thanks for the mention Keith!
Well I am totally newbie person in WordPress but finally I found some cool plugins which is really help me to make my new blog very good now. I want to make it better and I found really good tips here.
I also heard that Akismet sometimes create problems and flagged spam to short comments. If you clear the idea then I would be happy for you.
I also want to know what plugins you are using to show ” Visited 4155 times, 9 so far today ”
Please answer me, I will be happy if you reply me on my mail id.
Well I’m using a new spam filter called SpamTask, I haven’t had any spam so far.
<a hrefSpamTask