WordPress; manage, reduce, and prevent comment spam
An ideal blogosphere would be free of comment spam - solicitations for enlarging your manhood with knock off drugs, wooing the lady with tried and true sex tips, or drug pedaling bots which believe that BBCode is a compatible comment format for WordPress blogs. The WordPress Discussion Options SubPanel offers a Comment Blacklist filter:
When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be marked as spam. One word or IP per line. It will match inside words, so “press” will match “WordPress”.
Although the Comment Blacklist filter does a great job of holding any comments which contain words from your filter for moderation, it is humanely impossible to continually update the list to reflect new spam. Short of chaining yourself to your site and decreasing the natural comment experience for visitors using the "An administrator must always approve the comment" option, the best route to take is integrating plugins designed and created to prevent & manage spam.
Managing comment spam with Akismet + Simple Spam Filter
Ask any WordPress user that receives any traffic about combating comment spam, and the common response will be to install a comment spam plugin. My recommendation? Auttomatic’s Akismet + Tan Tan’s Simple Spam Filter; here’s why:
How does [Akismet] work? - When a new comment, trackback, or pingback comes to your blog it is submitted to the Akismet web service which runs hundreds of tests on the comment and returns a thumbs up or thumbs down.
Akismet cross-references suspicious comments submitted on your site against a database of recognized and known spam logged by Akismet through other bloggers, forums, wikis, and contact forms. For more information, visit the Akismet FAQ. By integrating Akismet, you reduce the need to manually filter through suspicious comment. If Akismet catches a comment, it’s probably spam.
Unfortunately, "probably spam" does not guarantee that Akismet accurately manages to differentiate between "good" & "bad" with 100% accuracy. It’s good, and better than everything else I’ve tested, but nothing is good enough to be perfect. Occasionally, a few "good" comments - usually lengthy / descriptive comments with multiple URLs - are caught. No innocent commenter enjoys seeing the Your comment is being held for moderation message after submitting a thoughtful comment. Knowing this, it is important to quickly identify false positives in order to prevent readers from being standoffish the next time they consider contributing their thoughts.
Browsing your Akismet Spam view for "good" comments can turn into a tedious and irritating task [depending on how much spam your site attracts]. Akismet has caught over 48,000 spam on 5thirtyone.com since being installed. Could you imagine if Akismet filtered 450 spam comments while you slept? You begin to understand that while Akismet does a fantastic job of catching spam, your new [mounting] task is making sure that you’re not deleting legitimate reader comments. It’s time to filter the comment spam filter, and that’s how Tan Tan’s Simple Spam Filter comes into play:
As I mentioned above, this plugin isn’t ment to replace any of the existing spam plugins out there, but rather it’s ment to work in conjunction with them by doing a simple prefilter to weed out the most obvious comment spams and dump them into the Internet black hole. All other comments (whether spam or not) are passed along and processed normally (like with Akismet). I realize that this is not fool proof by any means, since spam will continue to evolve over time…
Simple Spam Filter adds an additional SubPanel menu option to your Administrative Comments view titled "Spam Filter". The "Spam Filter" view presents a summarized list of keywords identified as likely spam - "Contains a word that matches a short list of common spam words (for example, viagra or cialis). See the plugin’s source for the full list." By reviewing the list and deleting comments based on obvious keyword matches, moderated comments are deleted from the database reducing the number of comments to sift through.
Additional plugins & tools for managing comment spam
Additional plugins & tools sure to simplify the task of managing comment spam on your WordPress driven website.
- Bad Behavior - Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however. Bad Behavior is available for several PHP-based software packages, and also can be integrated in seconds into any PHP script. Recommended!
- Spam Karma - Anti-spam plugin for the WordPress blogging platform. It is meant to stop all forms of automated Blog spam effortlessly, while remaining as unobtrusive as possible to regular commenters. Will work in tandem with Akismet. Overkill to run an entirely different spam plugin on top of Akismet.
- Let human spammers know - Duh! No seriously. Add a snippet of text above your comment submit button warning visitors that comments may be held in moderation and may be deleted at an administrators discretion.
- Akismet Aunite Spam - Firefox Greasemonkey script which alters the view of your Akismet panel for quicker browsing.
- Comment Timeout - Archived articles are more likely to be targeted by spammers than newer updated articles. Minimize the likelihood of older articles turning into a cesspool of spam crud, disable comments on older articles based on specified rules - e.g. Disable comments when post is more than ‘xx’ days old, or has not had a comment for ‘xx’ days, whichever is the later. Recommended!
What methods or tools are you using to combat spam on your own personal website? Add your routine in the comments and the number of comments you’ve blocked in the process. [Digg it]
Explore » Discover new content on 5thirtyone.com
This post tagged , comment, plugin, spam. Explore similarly tagged content below or visit a random entry. Visit the archives for additional content.
Ronald Heft
cavemonkey50.com
Excellent work finding Simple Spam Filter. Akismet is working wonders, but I just get way too much spam. I’ve tried to lower my spam count by installing Bad Behavior, yet I still find obvious comments with 8 million links. Hopefully Simple Spam Filter will cut down on that even more.
The only thing I worry about is the 5 link limit. What if a legitimate user had a very detailed comment with multiple URLs? Looking at the source, I see the plugin spits back a page letting the user know they have too many links, but I still think there should be a way to let the person’s comment through. Possible presenting a captcha on multiple URLs would be an effective method.
May 6th, 2007 Quote
Derek
5thirtyone.com
The URL limitation worried me as well but looking back at the archives (previous comments), most people that do insert links average two at most. Those that feel to express their link love with more are often individuals who don’t know how to create a proper hyperlink.
May 6th, 2007 Quote
Miles Evans
macapper.com
Hey nice Derek. I just installed SSF as well. My biggest problem lately is false positives, and while it’s a chore to wade through the akismet filtered list, it’s just kind of a fact of life. Having said that, I have a cu\ouple Moveabletype blogs that are much harder to spam proof than my WP projects.
Dugg
May 6th, 2007 Quote
Jonathan Solichin
53m1.com
Nice list of spam filter for wordpress. Though I don’t think getting dugged is a good way to reduce spam ;). Currently I am still using good ol’ trustable hand to combat spam. Although Iately I am not allowing comments. The bad thing is that I am blocking good comments too, the good thing is, the bad comment is comming down with it. You can’t win everytime right? i’ll keep this in mind when i finally allow comments.
May 6th, 2007 Quote
Joe
tantannoodles.com
Cool, thanks for all the nice comments
I do plan to make the link limit and spam words configurable, and possibly make the error message a little more user friendly in a future release (like via an ajax popup or something like that). Let me know if you have any other ideas that might be helpful!
May 6th, 2007 Quote
Armen
iffect.net
Limiting the links to two is not a problem. Even a genuine commenter should know not to leave more than two links.
I think Akismet, along with having to enter in letters or numbers, is as much as the average blog would need.
(Nice site by the way).
May 6th, 2007 Quote
LEMONed
ilemoned.com
added a digg. Akismet is really enough for me, it catches around 300 spam comments per day, and RARELY miss one.
May 6th, 2007 Quote
Matt
webrevolutionary.com
Yeah, Akismet seems to work great for me, although I don’t actually have enough traffic to interest the spammers yet
Let’s just hope it doesn’t become a problem.
May 6th, 2007 Quote
Alan
freakytrigger.co.uk
I hacked Akismet so that logged in users never get marked as spam, and other than that we need nothing more. it’s caught 300,000 spam in nearly a year.
May 7th, 2007 Quote
Ivan Minic
burek.co.yu
Akismet is a brilliant system, and I’ve seen that lately it is being introduced as a way of protecting messageboards and other software from spam
May 7th, 2007 Quote
Dumitru Tira
Nice one Derek, definitely a must do then I’ll set up my own blog. cheers.
May 8th, 2007 Quote
Jayce Ooi
jayceooi.com
Thanks for the tips. It is useful to me.
May 8th, 2007 Quote
Shawn Blanc
thefightspot.com
I installed the Tan Tan plugin after reading this post few days ago. It has definately reduced my spam comments. It is nice seeing my Akismet list go from ~150 spams a day to 7, but I just have this little fear that it’s deleting genuine comments and I don’t know it.
May 9th, 2007 Quote
Derek
5thirtyone.com
It’s probably safe to assume that any comments using any one of the words in the pre-filter list are probably comments that you don’t want on your pages. Same goes for comments that include mutliple URLs.
May 9th, 2007 Quote
Motorcycle Guy
cyclechaos.com/blog
Probably the worst problem with akismet is it manages to sometimes false positive the best comments made.
May 12th, 2007 Quote
Spencer Ferguson
wasatchsoftware.com/blog
Nice job! Keep working on preventing false positives.
May 21st, 2007 Quote
Malliobiana
cathetel.com
There is nothing better for protection than a regular review by a human, which I thought was the whole purpose of a Blog, not to simply be created then abandoned. If you can’t moderate it, then switch off comments.
Jun 5th, 2008 Quote
Derek
5thirtyone.com
Comment moderation becomes more and more of a chore once your site is targeted by spam bots. Most individuals I know who try and maintain an online presence through their blog do so on their free time (usually outside of a regular job). I don’t think it is humanly possibly to stay on top of moderating comment spam once your site is targeted. 5thirtyone receives over 300 spam comments per day. I wouldn’t ever consider moderating comments myself unless the spam filters marked them as potential false positives.
Jun 7th, 2008 Quote