Let me introduce you to a typical day in a paranoid website administrator. In WordPress v1.2, after several months of spam free use, the comment spammers slammed my site. I tried all kinds of spam catching tools that worked, but my paranoia grew. Like most site administrators, I hated those time wasting monsters.
With WordPress 1.5, without any plugins, comment spam dropped almost to nil. There were maybe 5 comment spams a week. Remember, these include the occasional idiot time waster trying to link my site to theirs or just posting stupid stuff, comment spam that can easily get through most spam catching software. I have a top page ranking site with over 700 articles. That kind of popularity and visibility attracts a lot of freaks, whackos, and time wasters. Now, almost nothing. Comment spam, for the most part, is controlled and controllable.
With no comment spam coming in, I started to get worried. What if the new process was cutting out GOOD comments? I installed Paged Comment Editing Plugin from ColdForged which allows me to SEE what WordPress is catching. I was stunned at how little was actually coming through. Using the plugin, click on
include spam to see what is being caught highlighted in a pink background. I can easily delete these, removing them from my database and saving some space. Nice.
Then one day I got hit by about 25 viagra/casino spams. While these were caught by WordPress comment spam filters, they showed up in pink using ColdForged’s Paged Comment Editing Plugin. The monsters were in my spam catching database, eating up valuable space on my server. Well, not really but I was angry anyway. Remember, I’m paranoid about comment spam. After several months with only the occasional irritant, I was pissed, so I added the Bad Behavior Comment Spam Plugin.
Again, things trickled down to a nothing and I got paranoid again. Comments were being bounced by Bad Behavior before they even got in the door. It was “too quiet”. I was paranoid. So I added Bad Behavior Stats so I could keep track of what it was doing. Bad Behavior was catching a LOT. On average, it nails 500 known comment spam spiders, robots, etc., every week.
But you see what happened? WordPress stopped the majority of the comment spam out of the package. I got paranoid so I added plugins to help me deal with MY paranoia not the comment spam!
Three Step Solution to Stopping Comment Spam
Luckily for WordPress users, and other blogging or CMS software, most of the filtering out of comment spam is done by the program or comment spam plugins. WordPress does an amazing job catching comment spam without any add-ons, but spammers work overtime to get in the door so you might consider adding some reinforcement.
Many people choose to stop comment spam by using an authorizing image tool or plugin. Near the comment form, a box with letters and/or numbers will be visible and they require the user to type what they see in the box in order to “authorize” their comment. For the most part, these work, but they don’t always work and they put a burden on the user to “see” the characters and type them in correctly. This can be frustrating.
Other comment spam tools allow you to set certain words, called Spam Words, to filter out comments with those words in them. This works for a time, but the comment spammers are smart. For example, you may have the word “viagra” set as a spam word. While you are seeing the word “viagra” in those quotes, this is how I am really spelling it:
& #118; & #105; & #97; & #103; & #114; & #97;
Or they will use a word like “fiôricët” and hide the “o” and “e” from filters because those are replaced with character codes for the foreign letters of “o” with circumflex and “e” with diaeresis symbols as
fi & #244;ric & #235;t. See the little characters above the letters? Comment spammers are wickedly cunning and it’s up to you, the site administrator, to be a little smarter by using smarter tools to prevent comment spam.
With WordPress, I personally use a three-fold approach to dealing with comment spam.
- Stop Them at the Door with Bad Behavior
- The Bad Behavior comment spam plugin for WordPress literally gives the finger to comment spammers when they come knocking. It stops the robot spammers before they get in. The program works so effectively, you might think it isn’t working, so there is the Bad Behavior Stats WordPress Plugin that can be posted on your site or on your WordPress Administration Panels to let you know how many access attempts have been made over the past seven days.
- Nail Them with Spam Karma 2
- The WordPress comment spam catcher Spam Karma 2 is better than ever at filtering any comment spam that gets through, adding the bad robots to the blacklist, and giving you powerful control over your comment spam filters. It’s overwhelming and intimidating. For the most part, I leave it set to it’s defaults and it does the job. You can read through the documentation if you want to understand how it works – or just let it work. And work it does!
- Watch the Comment Spam Filters and Plugins Work
- Okay, so maybe I’m a bit of a control freak, but I want to know what spam is being caught and I’m worried about good comments getting grabbed by the spam catchers. ColdForged’s Paged Comment Editing Plugin for WordPress allows me to click a link to see the caught spam in my database. I can then look through and decide what is really spam and what needs to be moved back into the good spam category and release it onto the site.
With a good Comment Policy and a clear plan in your head about what kinds of comments are worth keeping or deleting, you can rest a little easier. It also means you have less work to do because the work has been done. Now you can concentrate on providing great content that will attract good comments and leave the rest of the work to the comment spam filters and your comment policy guidelines – and your clear conscience.
It’s been many years since I wrote this, and up until two years ago, this was my policy, a three-tiered WordPress Plugin process to help cut down the amount of comment spam I’ve had to handle.
Today, I rely upon Akismet almost exclusively. It is a peer-to-peer, crowd sourcing comment spam filtering process that learns by everyone marking spam as spam, and deleting the rest that isn’t, and editing the questionable comments. Among all the blogs I manage, I get 500 to 3,000 spam comments every day and I couldn’t survive without Akismet blocking out 98% of those, leaving me with just a few spammers trying their hand at new techniques. I mark them as spam and Akismet learns.