Preventing Comment Spam

Tips n Tricks, Wordpress

The recent problem of spam comments bypassing the Akismet filter made me realize that its too bad to rely completely on one service.

For one I spent considerable amount of valuable time deleting comments. The other problem was created when these spam comments made their way as “subscription comments” and I got many mails from users asking me the steps to un-subscribe for the comments.


Here are some of the alternatives to prevent comment spam:

Bad Behavior

Akismet focuses only on handling Comment/Pingback/Trackback spam. Your blog might be subject to other attacks such as email harvesting, automated cracking attempts etc.

Bad Behavior, conceived in 2005 as a fingerprinting method for HTTP requests, has proven shockingly effective at identifying and blocking the kind of attacks described above. So with Bad Behavior activated, you would see far less comments filtered by Akismet. In a way Bad Behavior reduced the work load of Akismet.

Spam Karma

Shiv is of the opinion that Spam Karma is much better than Akismet. But other than Shiv, I haven’t heard of too many people voicing the same opinion. Is Spam Karma a worthy alternative to Akismet ? Opinions please 🙂

Extended Comment Options

This WordPress plug-in allows you to switch comments and/or pings on or off for batches of existing posts. Once the plug-in is activated, there is a new options page added via which you could control comments on your older posts.

As far as I am concerned, I would hate to switch off commenting on older posts. Most of my posts at least have no connection to the date it was written and hence it doesn’t make sense disabling comments !

WordPress Comment Management

Now this is one options which I completely overlooked. WordPress itself has a pretty good Comment moderation and comment blacklist feature. This can be accessed via “Discussion” on WordPress options page.

In comment moderation, you can add list of words commonly used by the spammers. If a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be held in the moderation queue. You can input one word or IP per line. It will match inside words, so “press” will match “WordPress”.

Comment blacklist does the same thing except for the fact that it marks the comment as spam rather than adding it to the “Comment Moderation” list.

Using the above 2 options, I could have easily marked/moderated hundreds of comments with text: “Nice” & “interesting”

Any other options to prevent comment spam ?

P.S. Benedict has confirmed that Akismet is back in action. Irrespective of this, I would definitely adopt the above options except using the Extended Comment options plug-in.

Comments on this entry are closed.

  • Benedict Herold Jul 13, 2007 Link

    I’m going to stay with Akismet unless there is major issue. The recent issue was manageable for me since I have the option “Comment author must have a previously approved comment” turned on always.

    BTW, I believe SK2 is worth giving a try!

  • Shivaranjan Jul 14, 2007 Link

    Bad Behavior I have not tried this may be I need to try this along with spam karma 2.

  • Anti Spam Squad Aug 3, 2007 Link

    One very easy way to dramatically reduce spam is to RENAME the PHP file that handles comments, and leave a FAKE (empty) file for the SpamBots to play with.

    SpamBots targeting Wordpress look for the comments.php file, so rename this file into something random (make sure you also rename the comments file in your WP theme). Then, create an EMPTY file called comments.php, so that the spambots go for that one and accomplish nothing.

    This renaming alone gets rid of 95% of spam, no need for other solutions. If you set WP to require moderation for any comment with more than one link, then you are 99% free of spam without any special plugins!

    Another idea is to set .htaccess file to reject anybody trying to access your comments.php (or whatever name you gave it) from a site other than yours. This is also very clever, because most Spambots try to post their crap remotely.

    There is a SpamBot race that actually mimicks a real commenter, they do what a human would do. Those will get through to the moderation queue because they have a link in the comment. But it’s no more than 5 or so a day, and it’s the same spambots everyday, they just rotate the IP they use to send their crap.

    Hope this helps, and I hope this comment gets through!