WordPress; manage, reduce, and prevent comment spam

An ideal blogosphere would be free of comment spam – solicitations for enlarging your manhood with knock off drugs, wooing the lady with tried and true sex tips, or drug pedaling bots which believe that BBCode is a compatible comment format for WordPress blogs. The WordPress Discussion Options SubPanel offers a Comment Blacklist filter:

When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be marked as spam. One word or IP per line. It will match inside words, so “press” will match “WordPress”.

Although the Comment Blacklist filter does a great job of holding any comments which contain words from your filter for moderation, it is humanely impossible to continually update the list to reflect new spam. Short of chaining yourself to your site and decreasing the natural comment experience for visitors using the "An administrator must always approve the comment" option, the best route to take is integrating plugins designed and created to prevent & manage spam.

Managing comment spam with Akismet + Simple Spam Filter

Ask any WordPress user that receives any traffic about combating comment spam, and the common response will be to install a comment spam plugin. My recommendation? Auttomatic’s Akismet + Tan Tan’s Simple Spam Filter; here’s why:

How does [Akismet] work? – When a new comment, trackback, or pingback comes to your blog it is submitted to the Akismet web service which runs hundreds of tests on the comment and returns a thumbs up or thumbs down.

Akismet cross-references suspicious comments submitted on your site against a database of recognized and known spam logged by Akismet through other bloggers, forums, wikis, and contact forms. For more information, visit the Akismet FAQ. By integrating Akismet, you reduce the need to manually filter through suspicious comment. If Akismet catches a comment, it’s probably spam.

Unfortunately, "probably spam" does not guarantee that Akismet accurately manages to differentiate between "good" & "bad" with 100% accuracy. It’s good, and better than everything else I’ve tested, but nothing is good enough to be perfect. Occasionally, a few "good" comments – usually lengthy / descriptive comments with multiple URLs – are caught. No innocent commenter enjoys seeing the Your comment is being held for moderation message after submitting a thoughtful comment. Knowing this, it is important to quickly identify false positives in order to prevent readers from being standoffish the next time they consider contributing their thoughts.

Browsing your Akismet Spam view for "good" comments can turn into a tedious and irritating task [depending on how much spam your site attracts]. Akismet has caught over 48,000 spam on 5thirtyone.com since being installed. Could you imagine if Akismet filtered 450 spam comments while you slept? You begin to understand that while Akismet does a fantastic job of catching spam, your new [mounting] task is making sure that you’re not deleting legitimate reader comments. It’s time to filter the comment spam filter, and that’s how Tan Tan’s Simple Spam Filter comes into play:

As I mentioned above, this plugin isn’t ment to replace any of the existing spam plugins out there, but rather it’s ment to work in conjunction with them by doing a simple prefilter to weed out the most obvious comment spams and dump them into the Internet black hole. All other comments (whether spam or not) are passed along and processed normally (like with Akismet). I realize that this is not fool proof by any means, since spam will continue to evolve over time…

Simple Spam Filter adds an additional SubPanel menu option to your Administrative Comments view titled "Spam Filter". The "Spam Filter" view presents a summarized list of keywords identified as likely spam – "Contains a word that matches a short list of common spam words (for example, viagra or cialis). See the plugin’s source for the full list." By reviewing the list and deleting comments based on obvious keyword matches, moderated comments are deleted from the database reducing the number of comments to sift through.

Additional plugins & tools for managing comment spam

Additional plugins & tools sure to simplify the task of managing comment spam on your WordPress driven website.

  • Bad Behavior – Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however. Bad Behavior is available for several PHP-based software packages, and also can be integrated in seconds into any PHP script. Recommended!
  • Spam Karma – Anti-spam plugin for the WordPress blogging platform. It is meant to stop all forms of automated Blog spam effortlessly, while remaining as unobtrusive as possible to regular commenters. Will work in tandem with Akismet. Overkill to run an entirely different spam plugin on top of Akismet.
  • Let human spammers know – Duh! No seriously. Add a snippet of text above your comment submit button warning visitors that comments may be held in moderation and may be deleted at an administrators discretion.
  • Akismet Aunite SpamFirefox Greasemonkey script which alters the view of your Akismet panel for quicker browsing.
  • Comment Timeout – Archived articles are more likely to be targeted by spammers than newer updated articles. Minimize the likelihood of older articles turning into a cesspool of spam crud, disable comments on older articles based on specified rules – e.g. Disable comments when post is more than ‘xx’ days old, or has not had a comment for ‘xx’ days, whichever is the later. Recommended!

What methods or tools are you using to combat spam on your own personal website? Add your routine in the comments and the number of comments you’ve blocked in the process. [Digg it]

Discuss - 37 Comments

  1. Dumitru Tira says:

    Nice one Derek, definitely a must do then I’ll set up my own blog. cheers.

  2. Jayce Ooi says:

    Thanks for the tips. It is useful to me. :)

  3. Shawn Blanc says:

    I installed the Tan Tan plugin after reading this post few days ago. It has definately reduced my spam comments. It is nice seeing my Akismet list go from ~150 spams a day to 7, but I just have this little fear that it’s deleting genuine comments and I don’t know it.

  4. Derek says:

    It’s probably safe to assume that any comments using any one of the words in the pre-filter list are probably comments that you don’t want on your pages. Same goes for comments that include mutliple URLs.

  5. Probably the worst problem with akismet is it manages to sometimes false positive the best comments made.

  6. [...] installed Tan Tan’s Simple Spam Filter a little while ago (via Derek’s suggestion). It’s supposed to just delete the “really obvious” spam comments, but perhaps it [...]

  7. Nice job! Keep working on preventing false positives.

  8. [...] WordPress; manage, reduce, and prevent comment spam [5thirtyone.com] [...]

  9. [...] Check out these spam filtering tips – filtering the spam filter, managing, and reducing weblog spam.read more | digg [...]

  10. [...] Hmmm, đây là lúc bắt đầu googling. Yeah, phát hiện má»™t bài viết khá hay tại 5thirtyone – nếu bạn giống tôi sá»­ dụng Askimet thì nên cài thêm má»™t số plugins để hạn [...]

  11. [...] asa juga sih, habis benar-benar udah jadi langganan spam gitu commentnya. Lalu setelah membaca recomendasi dari Derek, akhirnya saya tambahkan plugin TanTanNoodles Simple Spam Filter. And I think it’s work, tiap [...]

  12. [...] popular software so I can leverage the experience of others. the goog found me this post “wordpress; manage reduce and pervent comment spam“. Now I have to figure out how to weed the comments, tweek the admin and sex up the site. [...]

  13. Malliobiana says:

    There is nothing better for protection than a regular review by a human, which I thought was the whole purpose of a Blog, not to simply be created then abandoned. If you can’t moderate it, then switch off comments.

  14. Derek says:

    [quote comment="114877"]If you can’t moderate it, then switch off comments.[/quote]

    Comment moderation becomes more and more of a chore once your site is targeted by spam bots. Most individuals I know who try and maintain an online presence through their blog do so on their free time (usually outside of a regular job). I don’t think it is humanly possibly to stay on top of moderating comment spam once your site is targeted. 5thirtyone receives over 300 spam comments per day. I wouldn’t ever consider moderating comments myself unless the spam filters marked them as potential false positives.

  15. [...] “Ask any WordPress user that receives any traffic about combating comment spam, and the common response will be to install a comment spam plugin. Try these  Auttomatic’s Akismet + Tan Tan’s Simple Spam Filter . It just works! and Here’s why:” [...]

  16. Robert says:

    Hi,
    We are already using Akismet & require moderation for all comments. There are some comments that are posted by some users which you really can’t say, if they are real or not. These kind of comments leave you in a fix and you really can’t decide what to do. What is your advice on treating such kind of comments?

    The Spam folder of our WordPress blog is getting filled with spam comments. So do you know of any plugin that will actually remove the spam comments from that folder and yet not Approve/Delete them? Perhaps like a Trash bin where they just stay stagnant? I could not find one, so if you can suggest of any such plugin, it would be much appreciated.

    Thank you for your help.