Stopping Comment Spam

Lately, I’ve been getting a ton of comment spam on Command-Tab. Fortunately, WordPress (combined with an extensive “bad word” blacklist) has been able to catch 100% of it, so you never see it. However, I have to deal with the comments held in moderation and actually delete them. I’m wondering how to stop it altogether…

I’ve considered several options, including challenge/response schemes like a question or a captcha image script, but I want to make it as easy as possible for real humans to leave comments (without registering — I don’t like that idea), but near impossible for an automated machine.

For now, the spam is from a specific few IP addresses, which I’ve blocked altogether by blacklisting them in my .htaccess file. What are your suggestions on stopping comment spam?

Stopping Comment Spam

12 thoughts on “Stopping Comment Spam

  1. Fred Monroe says:

    Use The Bad Behavior wordpress plugin. Other than that, I would not mind having to register to post however for people that are not registered, they would be provided the captcha image script instead. This would ideally not apply to a registered and logged in visitor


  2. I have used SpamKarma wordpress plugin for ages, and I have not had a single spam slip through since I began using it. I also do not have to moderate comments, as if a comment is not marked as spam, it is sent through to the post.


  3. google search google’s new NOFOLLOW html tag. Also, I think the picture/text way is the only real way to make it easy for a human, impossible for a machine. But after looking at all the spam I get in my guestbooks, I think a lot of it is a human. Like someone just goes from site to site manually pasting stuff in your comments/guestbooks for hours each day. I just use a manual approval system and though its annoying, its not really a hassle at all. Even if i miss an email, the spam comment will never show up the site, it will just stay in limbo forever


  4. Also, i find some of the text images modify the text so bad, even as a human, i have a very hard time reading what they are saying. I wonder if thats due to teh same problem, people keep increasing the distortion thinking that the bots are getting smarter and smarter, when its really that a human is at the controls pasting everything in.


  5. I moderate all my comments in order to keep them down.

    I used to get a ton using MovableType and just kept a huge blacklist. I’m with Fred though, i wouldnt mind registering.


  6. Actually, it is possible to decode a significant amount of captcha images. Take, for example, PWNtcha, a project dedicated to cracking captcha challenge/response images. It does so with very impressive results.

    WordPress automatically adds the nofollow tag to link within comments, but apparently that doesn’t stop spammers.


  7. Fred Monroe says:

    the other option is to have it send the user an email that they have to get and hit a confim link on although some spamers will pick up on this but there is no perfect system because there is always a way around anything (almost)


  8. I’ve completely changed the form element names in my comment fields. This immediatly shut down all of the comment “bots” and i haven’t seen the huge amount of comment spam again. I still have the random manual comment spam though. Which I weed out through moderation.


  9. The Gatekeeper Plug-In works magic for me. You make a up a question only a human would know, and they have to fill in this field before posting. That’s it. For example, “A coin worth $0.10 is called a…” Once someone has successfully typed “dime” the post can go through. You can set up a number of different questions as well. Works great. As the plug-in itself says, “the point is to write questions and answers are completely obvious to a human.” You can find it here:


  10. I was thinking about writing a plugin like wp-gatekeeper a few days ago. Lo and behold, here it is. I may implement it soon. Suprisingly, though, my spam has dropped to near zero (I got my first one in several days today) just by banning a few IPs in my .htaccess file.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s