Skip navigation

WordPress Plugins Battling Evil

WordPress PluginsI hate to admit it, but there is evil on the web. And it is often aimed directly at bloggers.

Comment Spam WordPress Plugins

One of my greatest fears on is that Akismet will go off-line or suddenly stop working. If their servers go down, it’s nightmare hell for Lorelle.

The number of comment spam you get on your blog is not indicative of how popular your blog is. It’s an indication of how many incoming links you have coming from highly comment spammed blogs as many comment spamming web crawling bots trace links from one blog to another to spread their evil nasties.

Akismet WordPress WidgetHowever, if the number of comment spam is an indicator of a blog’s success, I think I’m one of the most popular bloggers around. 😀

I get anywhere from 300 to 2000 comment spam a day. It wasn’t always like this. In the past four months, I’ve been unable to adequately scan comment spam looking for false positives. Two days away traveling and I’m greeted with 3,000 comment spams to cruise through looking for potentially misdirected comments. It’s overwhelming. I do my best to randomly check, but reading through all the sex, porn, golden showers, casinos, mortgages, furniture sales, real estate sales, sexual enhancers, sexual stimulators, and…well, thousands of gross and disgusting comment spams just aren’t much fun to read.

Akismet catches 1,399 comment spams on my blogAkismet continues to be one of the most popular comment spam fighting tools around. One of the most important reasons why Akismet continues to be the most popular and successful is that is a team effort.

When you use Akismet to mark a comment as comment spam, the comment spam information is added to a master database. When that type of comment spam hits my Akismet-enabled blog, it will get caught because you helped the program recognize it. You helped me fight off comment spam. When I mark a comment as comment spam, you get the return benefit. We work together as a community to put an end to blog comment spam.

Akismet isn’t just for WordPress blogs. According to the Akismet Development List and Resources, Akismet works with Movable Type, Drupal, phpBB, Blojsom, Bloxsom, Geeklog, Serendipity, Nucleus, b2evolution, PunBB, Express Engine, Coppermine, Lifetype, Simple Machine Forums, and others. If we all work as a team, from a variety of sources, we might represent a very big hammer against comment spam.

Combined with Bad Behavior and Spam Karma 2 WordPress Plugins, you can put your comment spam fighting battle to rest. If one fails, you have a backup plan in place.

Bad Behavior works by “giving the finger to comment spammers” before they even get through the door. What comment spam does get through, Akismet and Spam Karma catch and hold for you.

Spam Karma 2 is one of the oldest comment spam fighting tools. It’s long been doing battle to capture and hold comment spam out of your comments until you inspect them. I’ve been using it for over three years and it continues to slap down and stop comment spam on my blogs.

Referrer Bouncer WordPress Plugin by Angsuman offers another method of stopping comment spam. It “bounces back referrer spam attempts” without an upfront configuration or mod-rewrite. Similar to Bad Behavior, the author designed it to work without you even notice it working.

The volunteers behind these brilliant comment spam fighting tools work overtime to make sure their tools stick with the battle. If you use their WordPress Plugins, consider donating some funding, or at least help by promoting their work, in order to encourage continued development.

Honestly, if these stopped working, the weight of comment spam attacks would crush almost all WordPress bloggers. Help them continue the fight.

Comment Tests, Questions, Math, and Captchas

I’d like to list the many other WordPress Plugins which offer comment filters and protectors like CAPTCHAs and tests for your readers, but they don’t work.

Sure, they make you feel like you are “doing something” against the evil onslaught of comment spam.

At first, you think they are working. The comment spam load drops off. It doesn’t matter that your readers are forced to answer inane questions (My name is Bill. What is my name?), add numbers, CAPTCHA almost impossible to read test for comment protectionor bend their eyes within their sockets to figure out what the heck are those twisted letters and numbers against a hard-to-read background. It only matters that for a short time, you might be getting less comment spam.

Why don’t they work? They work against stupid comment spam bots, but they don’t work against the better ones with programming abilities to bypass these test. And they certainly don’t work on the growing trend in using humans to comment spam. I think these low paid, often third-world workers, can figure out what 4+1 equals and that your name is Bill in order to meet their quota for spreading their filth around the web.

While there are a variety of comment spam protection testing and CAPTCHA WordPress Plugins out there, why waste your time when they don’t work for long. Many blog readers tell me they won’t comment when they see a CAPTCHA as they have a long history of not working and making the comment process take much longer than it should. People lose interest when they have to pass a test to leave a comment. Why punish and torture your readers?

Get the real comment spam fighters and let your real readers comment freely.

Splogs, Scrapers, and Thieves

Stop Comment Spam Buttons and BadgesAnother evil on the web comes from those who can’t do anything for themselves, including coming up with their own blog content. These creeps steal content from other bloggers and use it to stuff their blogs with illegal content to promote their money-making schemes.

The first stop on our list of evil stopping WordPress Plugins are Plugins which help you include copyright notices and legal policies in your WordPress blogs. It doesn’t stop content theft, but copyright notices and a visible legal policy help to warn potential thieves and is a great CYA (cover your ass) when you go to battle against content theft.

The Creative-Commons-Configurator WordPress Plugin sets the Creative Commons license for your blog and generates the code and icon on your WordPress blog. This is a visible alert and warning to visitors that your content is copyrighted, and what your copyright covers.

The Blog Copyright WordPress Plugin by displays a dated copyright mark on all your pages, including a date range for categories and other multi-post page views. It also offers full customization features.

Numly WordPress Plugin works with the ESN ID (Electronic Serial Numbers) provided by the Electronic Standard Book Number service. The Plugin requests the ESN and adds it to your WordPress blog as an electronic timestamp for copyright purposes.

The Disclosure Policy WordPress Plugin is a new WordPress Plugin that adds an area at the bottom of every post for you to include a copyright notice, public disclosure message, links to legal and/or comment policies, and other “messages” to help protect your blog’s content.

Copyright Protection in Your Blog Feeds

Angsuman’s Feed Copyrighter WordPress Plugin adds a copyright message to your feed to appear on all full feed posts and on splogs who scrap your site through feeds and use your content.

Other WordPress Plugins which help you add a copyright notice to your feeds include (c) Feed WordPress Plugin and the Sig2Feed WordPress Plugin.

You can also manually add a copyright notice to your blog posts, as I do on this blog, but a WordPress Plugin makes sure you never forget.

Tracking Content Theft WordPress Plugins

There are two amazingly powerful splog protection WordPress Plugins ready to help warn you when someone is stealing your content and republishing it without your permission. AntiLeech WordPress Plugin by Owen Winkler and Digital Fingerprint Detecting Content Theft WordPress Plugin by Max Power inject “digital fingerprints” into your WordPress post feeds. The WordPress Plugins then help you check the web for evidence that your blog’s content may be illegally used.

Example of digital feed copyright notice and digital fingerprint text

You can read more about how these splog-stopping WordPress Plugins work in my reviews on AntiLeech Splog Stopper: Fighting Back Against Content Thieves and Digital Fingerprints Help Track Blog Content Theft.

When you find your content has been stolen, turn to my article on What Do You Do When Someone Steals Your Content for help.

How Are You Fighting The Evil Doers of the Web?

Are you using any evil fighting WordPress Plugins I haven’t mentioned? Are you using any of these to help protect your readers and your content from the evil out there?

If we all work together, we can put an end to the slimy evil-doers on the web. Thanks for being on the team!

Related Articles

Site Search Tags: , , , , , , , , , , , , , , , , , , , , ,
Copyright Lorelle VanFossen, member of the 9Rules Network Feed on Lorelle on WordPress Subscribe

Member of the 9Rules Blogging Network


  1. Posted February 4, 2007 at 9:00 am | Permalink

    Thanks for another informative article, Lorelle! I use the Anti-spam Triumvirate of Akismet, Spam Karma 2 and Bad Behavior, which have been quite handy.

    A nasty form of splogging which I’ve noticed is where a splog site would (1) scrape an excerpt of an article I wrote, (2) claim that they wrote it(!), and (3) also include a link back to my site (not as a trackback) which is labeled as “orginal author/source.” It’s downright disturbing. Strangely, Antileech doesn’t seem to work in those cases, after adding their domains and IPs. Wonder why…

  2. Posted February 4, 2007 at 9:11 am | Permalink

    Thanks for the mention of Disclosure Policy Plugin Lorelle. It is targeted more for disclosure than protecting you content.
    If you are syndicating your content, your disclosure should go with it in some way, for your own legal protection.

  3. Posted February 4, 2007 at 2:47 pm | Permalink

    Thanks for the sig2feed plug. 🙂

    Again, as Andy mentions, sig2feed is also aimed more at providing a disclosure method, or more simply a link back to the original author, rather than preventing spam.

    I’ve noticed a disturbingly huge increase in both trackback and direct input comment spam.. neither of which ye olde captcha, maths tests or ‘simple question’ type ideas will stop.

    The numbers of splogs that now use trackbacks to inject spam (which is effectively a ‘valid’ method as far as blog engines are concerned) is also massively on the rise. And pretty hard to combat, as anti-trackback spam plugins won’t stop perfectly valid trackbacks.

  4. Posted February 5, 2007 at 5:10 am | Permalink

    Is my website considered as splog?

  5. Posted February 5, 2007 at 12:58 pm | Permalink

    Lorelle, as always, you do a great job of giving the rest of us *really* useful information that makes our blogging easier.

    I was wondering if you have found an easy way to keep up with updates to the plugins you use. When I upgraded to WP2.1, I spent a lot of time checking on the status of the plugins I rely on. I first visited the WP site and checked my list against their list of 2.1-compatible plugins. Then I visited the site of every plugin I use to see if they had an updated version or to check on the status of plugins that didn’t make it on the compatibility list. This time, I did create a special set of bookmarks for my plugins so that I can more easily follow up on them. But I wondered if there’s a site that not only tracks plugins but also tracks updates to plugins? I would love to know your strategy for staying current on plugins.

  6. Posted February 5, 2007 at 7:54 pm | Permalink

    Andy: The Disclosure Policy Plugin is much more than just a disclosure, it’s a great way of adding copyright information. Your Plugin offers another options for people to get their legal information and policies visible on their WordPress blogs. It’s wonderful.

    As for spam, that’s a different issue than copyright. Don’t confuse the two, folks. Copyrights and splogs go together, comment spam is a different issue, but all are evil ickies on the web.

    Dan: I listed information on staying on top of WordPress Plugins in Where to Find WordPress Plugins, including the Update Manager WordPress Plugin which checks the database for updates. It doesn’t work with all WordPress Plugins yet, but hopefully it will soon as Plugin authors update their Plugins and information in the database there.

    Other than that, I click on the link to the Plugin author’s page from the Plugin panel and see if they have an update listed on that page. The authors who don’t list updates on their site in a sensible and obvious way make this process difficult, so I dig in and do some searching. It’s a pain, but hopefully there will more automation with the process with things like this new Update Manager.

    Titor: YES.

  7. Posted February 5, 2007 at 11:39 pm | Permalink

    Lorelle can I use that as a quote on the disclosure policy plugin homepage with a nice link back maybe to here?

    Btw you might also like the feedburner feedflares I have started to create (they are so simple)

  8. Posted February 6, 2007 at 1:51 am | Permalink

    I’ve recently written a plugin that examines your Bad Behavior logs and your spam queue and closes down comments and trackbacks altogether to IP addresses that are misbehaving. It also lets you reject comments outright if they have too many hyperlinks or BBCode links (which WordPress doesn’t use, but which crops up in a huge percentage of spam nonetheless).

  9. Posted February 6, 2007 at 3:38 am | Permalink

    I knew you would have an answer for a smarter way to keep up with plugins! Thanks, Lorelle!

  10. Posted February 6, 2007 at 3:43 am | Permalink

    Andy: Of course. And I’ll check out your feedburner flares Plugin. I will writing about all kinds of feed Plugins soon.

    James: I didn’t find a page about your Plugin on your site. Could you provide a link? And explain what BBCode links are for those who don’t know? Thanks.

  11. Posted February 6, 2007 at 4:52 am | Permalink

    It’s the latest version (1.3 alpha 1) of my Comment Timeout plugin. Sorry, perhaps I need to make it a bit clearer on my home page 🙂

    BBCode is a simplified markup language that is used on a lot of forum systems. It’s where you see [url=some url] or something like that all over the place in your comment spam. I find that about two thirds of spam comments contain it, but the only time you ever see it in a legitimate comment is when someone is trying to explain what BBCode is. WordPress doesn’t actually use it, so any comments on WordPress blogs that have it are almost certainly spam.

  12. Posted February 6, 2007 at 7:35 am | Permalink

    Thanks, James, for helping us better understand what this is. An article will be out today that may help you publicize your WordPress Plugin better, so stay tuned.

  13. Posted February 8, 2007 at 2:04 am | Permalink

    Great roundup! I didn’t know about the existence of plugins that can track content theft.

    I disagree with the statement that the plugins which implement javascript or captcha tests do not work, but I have explained all this in a post, a trackback of which has been sent to this post of yours.

    Thanks for all the info and also for including my CC plugin in this round-up 🙂

  14. Posted February 21, 2007 at 11:18 am | Permalink

    WP-BAN is missing from that list! Kill Spam before it even gets the chance to cause even one SQL query. Ban the IP or IP ranges. All spammers get is a single simple page telling them that they are banned.
    And you know what? Having completely banned 1354 attempts to spam in one week feels good! 😀

  15. Posted December 30, 2007 at 12:14 am | Permalink

    Is there a solution out there for “Registration Spam”?

  16. Posted December 30, 2007 at 11:23 am | Permalink

    @ Don:

    See Fighting Registration Spam in WordPress and pay close attention to the improvements in the next versions of WordPress as they are working on this issue.

  17. Posted March 4, 2009 at 1:16 pm | Permalink

    Lorelle, I love “bend their eyes within their sockets to figure out what the heck are those twisted letters and numbers against a hard-to-read background”! How true. CAPTCHAs are definitely an accessibility issue for many individuals.

    • Posted March 4, 2009 at 4:55 pm | Permalink

      LOL – That is what it feels like, doesn’t it. I do hate captchas and am so glad they are dead.

  18. Posted March 5, 2009 at 4:00 pm | Permalink

    But are CAPTCHAs dead? In today’s Viddler newsletter, “Some of the more notable features include API updates, Captcha on forums, updated Vidgets, and much more.” I have not yet checked to see what these CAPTCHAs are like. I’m scared to!

    • Posted March 6, 2009 at 5:13 pm | Permalink

      Captcha’s are still used for registration but for blog comments, they are completely useless, and dead. Unfortunately, too many think they still work.

  19. Posted April 25, 2010 at 1:24 pm | Permalink

    Just wanted to thank you for the last hour or so reading here. At a new site, I noticed a different kind of comment spam. At the fracas blog, I receive tons of typical spam, just as you’ve described here, and askimet does catch most of it, but at this new site, I’m suddenly receiving comment copy spam, where a legitimate comment is quickly copied and reposted. Askimet is catching some of that, but not enough. I was thrown, because since it’s real comments being copied, you don’t automatically recognize it as spam unless you’ve read the real comment and remember what was said. Having guest authors, I don’t always follow the comment conversations between them and the people who come to read them… and leave personal comments to the guest author so this makes it difficult to pick up on what’s real and what’s spam.

    I’d been reading for a solution and had found at another site, people insisting the use of CAPTCHA was necessary. Having read here though, I felt I should thank you for having this here. Indeed, I’d rather find a real solution than just think I’m doing something by using CAPTCHA if it’s not really effective.

    I may write something at my own site about all of this. Is is ok to quote from you (with link and credit of course)?

    Thanks again.


  20. Mark
    Posted April 24, 2011 at 4:18 am | Permalink

    The problem with Akismet is that it and their users easily and wrongfully blacklists countless of domains of which doesn’t deserve the permanent life time ban. Akismet has become a new sort of Internet police that can easily be used to black list ones competitors.

    The fact is that it doesn’t take much to get on this ban list, and when some blog owner has decided that you belong there? Well there isn’t anything that you can do. Akismet won’t answer your requests. It’s a complete missuse of power from bottom to top.

    In my view, Akismet has the same status as all the crappy spam filters we see in email accounts. You still have to treat the spam folder as your inbox. Important mails end up in the spam folder every other day. What’s the point of a spam folder when you still have to treat it as an inbox and sort through all those mails in order to not miss any wanted mails?

    The same applies to Akismet. Even on the local level the blog owners doesn’t have any power to white list a domain. What I mean is as simple as follows. If a blog owner finds a comment in the spam folder which he doesn’t think belong there and white list it, the domain will still be black listed even on the local level. So the next time that person comments on the blog it will still count as spam, even though the owner has explicitly marked it as okay on his blog.

    • Posted April 24, 2011 at 10:50 am | Permalink

      Wow, having worked with Akismet from the very beginning in testing, you are giving them much more credit than they deserve. Akismet does reply to inquiries. I’ve had my own account end up in their queue on and off over the early years, but now, they have a validating system that protects much of this kind of misbehavior. Whitelists and blacklists are old fashioned methods, and not representative of the method Akismet now uses. Before condemning, why not take a little initiative and learn a little more about how it works.

  21. Lesa
    Posted January 30, 2012 at 1:10 pm | Permalink

    Interesting how things have changed since this post was originally written in 2007. For instance, WordPress plugins are now easily kept updated right from your WP dashboard. But also, some things haven’t changed much at all. In particular, comment spam is still a big problem. Akisment remains one of the biggest, most well-known players in the anti-spam arena. Spammers have gotten tricky and come up with new ways to fool you into leaving their comments on your site so what is spam isn’t always obvious. Akisment does do a great job of helping those new to the world of blogging learn to recognize what is spam and what isn’t. That being said, what I don’t like about it is that you have to manually clean out your spam filter.

    Much of the comment spam is left by spam bots, small computer programs that crawl the web and create comments, not by real people. For this reason, I use the Growmap Anti-spambot Plugin (GASP) on my site. It works by creating a checkbox that only the spam bots can see (humans don’t see it at all) and since a checkboxes are irresistible to bots, when that box is checked, GASP knows it was a bot — and the comment is never sent to your inbox, not even the spam folder. Therefore it controls spam without requiring CAPTCHCA (which is still used widely).

    Personally, I’d rather have to manually approve/disapprove a handful of spam comments left by real people than take the time to delete thousands of spam comments left by bots. But that’s just my personal preference.

    • Posted January 31, 2012 at 11:47 pm | Permalink

      Actually, the majority of comment spam found on many sites today is created by human spammers, not bots. They can get through the hoops many set up like that Plugin you are talking about, to easy spam a site. CAPTCHAs have been banned by the industry for a long time as totally ineffective, as that Plugin is due to the huge number of human spammers. Akismet is our best friend when it comes to truly using crowd sourcing to battle comment spam. I haven’t found anything better in all the years I’ve been at this. Thanks!

28 Trackbacks/Pingbacks

  1. […] Protection in Your Blog Feeds Lorelle on WordPress make a good point about putting copyright to your feed to protect your content being theft. You can […]

  2. […] content and also a common headache of bloggers. Recently, Lorelle published a list, or better a review, of plugins that prevent spam from reaching the public pages of a WordPress blog. As usual, her […]

  3. […] doorstep so to speak, I wandered over to the lady who knows all, Lorrelle on WordPress, to find the article I read a month or so ago and found what I was looking […]

  4. […] easily be searched for, identifying illegal use of your content. You can read more about these in WordPress Plugins Battling Evil, AntiLeech Splog Stopper: Fighting Back Against Content Thieves, and Digital Fingerprints Help […]

  5. […] WordPress Plugins Battling Evil […]

  6. […] most are familiar with fighting the evil of comment spammers, to help you prepare for possible hacking or problems on your WordPress blog, here are some […]

  7. […] to live without, but there are a few that no WordPress blog should ever be without. Among those are comment spam plugins, and the […]

  8. […] a little. They use new techniques, new IP addresses, some method that slips by Akismet and other comment spam fighting tools. Your Comments Panel overflows with comment spam. After marking 10 or 20 as comment spam, your […]

  9. […] WordPress Plugins Battling Evil […]

  10. […] WordPress Plugins battling evil […]

  11. […] in the message that you wish to appear at the end of every post. If you use WordPress, there are several plugins to help you do this job. I am not as familiar with TypePad, and I could not find any information on […]

  12. […] Activate Comment Spam Protection: If you haven’t, activate Akismet or choose another comment spam fighting tool. […]

  13. […] WordPress Plugins Battling Evil […]

  14. […] what wordpress is already doing to help you […]

  15. […] fand ich im Internet einige WordPress-Plugins mit Schutz- und Tracking-Mechanismen, wie (dieser Tipp kommt von Michael), doch den Datenklau verhindern sie nicht. Diebe wissen das. […]

  16. […] WordPress Plugins Battling Evil […]

  17. […] a link to a reference article they wrote or a direct link to their own blog’s URL, which some WordPress Plugins for feeds and copyrights inject automatically into blog feeds. Including at least one intrasite link in every blog post is a […]

  18. […] plugins for WordPress(.org) users: WordPress Plugins Battling Evil […]

  19. […] the past, we’ve tried attacking spam blogs by stopping the spread of their blog comments via tools like Akismet and demanding that services like Google’s Blogspot clean up the splog abuse on […]

  20. […] Update: In a thread discussing the stolen feeds, Trish Collins provided two links to Lorelle at WordPress on how to deal with content theft issues – here and here. […]

  21. […] fand ich im Internet einige WordPress-Plugins mit Schutz- und Tracking-Mechanismen, wie (dieser Tipp kommt von Michael), doch den Datenklau verhindern sie nicht. Diebe wissen […]

  22. […] fand ich im Internet einige WordPress-Plugins mit Schutz- und Tracking-Mechanismen, wie (dieser Tipp kommt von Michael), doch den Datenklau verhindern sie nicht. Diebe wissen […]

  23. […] WordPress Plugins Battling Evil […]

  24. […] WordPress Plugins Battling Evil […]

  25. […] WordPress Plugins Battling Evil […]

  26. […] WordPress Plugins Battling Evil […]

  27. […] blogs, especially high volume and traffic blogs, have to deal with the issues of comment spam, so WordPress Plugins Battling Evil offers great tools and resources for stopping the flow of evil on the blog. International audiences […]

  28. […] There are so many things you can do with comments, from live commenting, various types of comment lists, threaded comments, silent (whispered) comments, count counting, comment scoring, and more. For information on handling comment spam, see WordPress Plugins Battling Evil. […]

Post a Comment

Required fields are marked *

%d bloggers like this: