WordPress; manage, reduce, and prevent comment spam

  • May 6th, 2007

An ideal blogosphere would be free of comment spam – solicitations for enlarging your manhood with knock off drugs, wooing the lady with tried and true sex tips, or drug pedaling bots which believe that BBCode is a compatible comment format for WordPress blogs. The WordPress Discussion Options SubPanel offers a Comment Blacklist filter:

When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be marked as spam. One word or IP per line. It will match inside words, so “press” will match “WordPress”.

Although the Comment Blacklist filter does a great job of holding any comments which contain words from your filter for moderation, it is humanely impossible to continually update the list to reflect new spam. Short of chaining yourself to your site and decreasing the natural comment experience for visitors using the "An administrator must always approve the comment" option, the best route to take is integrating plugins designed and created to prevent & manage spam.

Managing comment spam with Akismet + Simple Spam Filter

Ask any WordPress user that receives any traffic about combating comment spam, and the common response will be to install a comment spam plugin. My recommendation? Auttomatic’s Akismet + Tan Tan’s Simple Spam Filter; here’s why:

How does [Akismet] work? – When a new comment, trackback, or pingback comes to your blog it is submitted to the Akismet web service which runs hundreds of tests on the comment and returns a thumbs up or thumbs down.

Akismet cross-references suspicious comments submitted on your site against a database of recognized and known spam logged by Akismet through other bloggers, forums, wikis, and contact forms. For more information, visit the Akismet FAQ. By integrating Akismet, you reduce the need to manually filter through suspicious comment. If Akismet catches a comment, it’s probably spam.

Unfortunately, "probably spam" does not guarantee that Akismet accurately manages to differentiate between "good" & "bad" with 100% accuracy. It’s good, and better than everything else I’ve tested, but nothing is good enough to be perfect. Occasionally, a few "good" comments – usually lengthy / descriptive comments with multiple URLs – are caught. No innocent commenter enjoys seeing the Your comment is being held for moderation message after submitting a thoughtful comment. Knowing this, it is important to quickly identify false positives in order to prevent readers from being standoffish the next time they consider contributing their thoughts.

Browsing your Akismet Spam view for "good" comments can turn into a tedious and irritating task [depending on how much spam your site attracts]. Akismet has caught over 48,000 spam on 5thirtyone.com since being installed. Could you imagine if Akismet filtered 450 spam comments while you slept? You begin to understand that while Akismet does a fantastic job of catching spam, your new [mounting] task is making sure that you’re not deleting legitimate reader comments. It’s time to filter the comment spam filter, and that’s how Tan Tan’s Simple Spam Filter comes into play:

As I mentioned above, this plugin isn’t ment to replace any of the existing spam plugins out there, but rather it’s ment to work in conjunction with them by doing a simple prefilter to weed out the most obvious comment spams and dump them into the Internet black hole. All other comments (whether spam or not) are passed along and processed normally (like with Akismet). I realize that this is not fool proof by any means, since spam will continue to evolve over time…

Simple Spam Filter adds an additional SubPanel menu option to your Administrative Comments view titled "Spam Filter". The "Spam Filter" view presents a summarized list of keywords identified as likely spam – "Contains a word that matches a short list of common spam words (for example, viagra or cialis). See the plugin’s source for the full list." By reviewing the list and deleting comments based on obvious keyword matches, moderated comments are deleted from the database reducing the number of comments to sift through.

Additional plugins & tools for managing comment spam

Additional plugins & tools sure to simplify the task of managing comment spam on your WordPress driven website.

  • Bad Behavior – Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however. Bad Behavior is available for several PHP-based software packages, and also can be integrated in seconds into any PHP script. Recommended!
  • Spam Karma – Anti-spam plugin for the WordPress blogging platform. It is meant to stop all forms of automated Blog spam effortlessly, while remaining as unobtrusive as possible to regular commenters. Will work in tandem with Akismet. Overkill to run an entirely different spam plugin on top of Akismet.
  • Let human spammers know – Duh! No seriously. Add a snippet of text above your comment submit button warning visitors that comments may be held in moderation and may be deleted at an administrators discretion.
  • Akismet Aunite SpamFirefox Greasemonkey script which alters the view of your Akismet panel for quicker browsing.
  • Comment Timeout – Archived articles are more likely to be targeted by spammers than newer updated articles. Minimize the likelihood of older articles turning into a cesspool of spam crud, disable comments on older articles based on specified rules – e.g. Disable comments when post is more than ‘xx’ days old, or has not had a comment for ‘xx’ days, whichever is the later. Recommended!

What methods or tools are you using to combat spam on your own personal website? Add your routine in the comments and the number of comments you’ve blocked in the process. [Digg it]