If you check my comments you will find very little comment spam. That’s because I use a number of methods to reduce a spammer’s chance of getting through. You can divide these techniques into 3 categories. Plugins, Settings, and Policies.
Plugins: The endless source of plugins are what makes WordPress the content management system of choice. Three of my plugins are spam related.
- Bad Behavior: My first line of defense is to block the bots. Bad Behavior does a wonderful job with this and catches over 1000 attempts a week.
- Askimet: It comes preinstalled with WordPress and works wonderfully.
- NoFollow Free: I set this plugin to remove the nofollow tag after three posts. This way someone has to actually be a regular reader to get a dofollow link. When someone writes 3 comments at once, I know exactly what they are up to and can make a decision on the spot.
Settings: This refers to variables you can check off in the WordPress control panel. Some sites run differently, so don’t blindly change these on your blog if you aren’t sure what settings you want.
- Turn off registration. - I don’t have any registered users except myself.
- Enable Comment author must fill out name and e-mail – Obvious.
- Enable Comment author must have a previously approved comment – This is the one that catches most spam.
- Disable “Allow link notifications from other blogs (pingbacks and trackbacks.”- Too many spammers copy my posts hoping for some sort of autolink.
Policies: This is the decision making policy that decides what is spam. I don’t post these rules because spammers know they are spamming. Argument and debate is pointless with them. Look no further than people arguing in circles on Entrecard what is and is not spam.
- If you add an extra link to your comment, it had better be super useful and not spam. - Occasionally I will delete the link if the comment was very good, and maybe add a lecture as well.
- If your comment is in a foreign language, it gets deleted.
- If you post 3 comments at once to make them dofollow, I raise my standards on what is and isn’t spam.
- If you post on a very old post, it had better be super relevant. Again, standards are raised for these. Spammers love commenting on old posts that are already indexed.
- I check all blogs linked to in comments. You could write the most beautiful post in the world, but if you link it to a “payday loan site”, your comment gets deleted. Yes, I do make rare exceptions, like when I post about a marketing affiliate and someone from a shady “make money online” blog posts. I’m more lenient when the blog matches the topic. But never think for a moment landing pages or made for AdSense Blogspot blogs are welcome.
- If your comment causes an error report in my webhost dashboard, you get IP Banned.
Now, there are plenty of trolls out there who will call me a power hungry Web Nazi. Luckily, their posts probably won’t get through. 2,453 comments have made it to my blog. That’s after I went back and weeded out old spam from when I first started blogging. Sure, I know there are a few questionable sites linked to authors, but for the most part spam has been eliminated, and the attempts have decreased as well. What methods do you use to combat spam?
I use the same plugins you have (I downloaded them after reading through your plugin list you had published earlier). For me, Akismet and Bad Behavior have worked extremely well.
I am not a stringent as you, but I do monitor each comment placed on my blog, and remove the nofollow tag after 10 comments.
A Web Nazi? Nah. Everyone has a right to manage their blog their own way.
I use all the above with the exception of No Follow Free as I didn’t know about it. It will be installed forthwith, however. I do try to give my commenters the dofollow attribute but only after they’ve proven their worth.
If you are a web nazi, then so am I. Seems like pretty good company I’m keeping.
ê¿ê
Nice Post. It’s good to know how the other half lives.
Beamer
Great article!
I was wondering why these buttheads who spam me only comment on really old posts. I had decided to start deleting the comments anyway, but now I know why.
What they do is they get a script, then they google all articles that match a combination of keywords. Then their script leaves the same comment on all blogs matching that keyword. This way your post on Halloween gets something posted on it like “Great post about Halloween, it really is my favorite holiday”. Even funnier, when you check their blog, they use another script to make believe they linked back to you. Just say no to spam.
I use a combination of the DoFollow Plugin, Askimet, and the Simple math plugin that makes people add the numbers. I have not had much trouble with comment spam so hopefully it’s a winning combination.
My layers of protection:
A custom autoban script.
Project Honey Pot
.htaccess
Akismet
If a bot scrapes without using my robots.txt, it gets banned and I get an email. Project Honeypot provides a similar script, but it doesn’t auto ban. Fortunately, no bots have gotten past my first layer to even show up here. I will probably remove it, though it does provide some very interesting data like Suspicious IPs Near Your Current IP…
Lets just say that /403.shtml gets hit a LOT…
My .htaccess is a mess. You don’t want to know
All my settings are pretty much the same, but I always allow all comments without moderation.
I will check out NoFollow Free though, it sounds pretty cool. Thanks for the great post as always!
Ok so I only recently installed the two plugins BadBehaviour and Nofollow and have been surviving on Akismet for quite some time (along with most of the ‘settings’ suggestions you have posted here. Except that I do allow trackbacks and pingbacks.
So far, so good. I’ve only installed BB because I’m a plugin whore and I wanted more plugins – I haven’t had that much of a problem with spam getting through Akismet. But of course, I’m pretty sure I don’t get as much traffic as you My dear turnip.
So, what I’m trying to say in a really longwinded way is: I’m glad you wrote this because it gives me confirmation that I took a step in the right direction towards combating spam (in case I do get more traffic).
Cheers!
Justin: I hate those capture-it programs in any form. These days spammers are hiring teams of cheap labor who can also do simple math. Half the time I can’t read them and I’m not a bot. Simple math is ok, but I dislike the extra step.
Nukeit: Bad behavior allows you to link into project honeypot, if you go through the free signup. I haven’t tried it yet.
Fragile: I’m glad you’re glad!
I downloaded bad behavior the other day but forgot to install it
I use most of the same things you do. I did add a captcha recently.. even though I hate them, I hoped (and hoped correctly) that it would help. I actually got tired of deleting spam that Akismet caught and this seems to have done the trick.
I am also deleting comments, now, that have links to commercial or business sites that are not relevant. They piss me off and instead of going in and replying to the comment and removing the link, I’ve gotten lazy and I just mark the whole comment as spam and delete it. Sorry, I have little patience anymore!
I just added the Project Honeypot Blacklist integration with BadBehavior. I’ll let you know if I run into any issues. It was free and easy.
Finally worked out some plugin issues and got BB playing nice on my site. It caught 7 suspicious activities in an hour so I think I may have its sensitivity set too high. You may want to lower it on yours if you start seeing a huge increase since you likely have a higher volume.
Wouldn’t want to block legit traffic
I.ve used it for 10 months. Just yesterday I turned the honey pot on. No legit user ever had an issue.
Fortunately, I haven’t had to deal with the issue too much. That may be one of the perks of a blogger blog. Spammers may not want to bother with what some don’t consider “real blogs.” Or maybe I don’t use the “right” key words.
I used to have the captcha enabled, but it seemed to cause problems for folks running the McAfee internet security suite. I think something in the firewall was blocking the image, but I’m not sure.
Regardless, I got rid of the captcha and replaced it with simple comment moderation. I don’t have or publish strong policies.
If a comment includes a relevant link, I’ll likely let it go through. If there’s not much connection, or it is clearly spamming, I’ll nuke it. How strict that screening process is really depends on my mood that day. A few spam comments have probably gotten through, but it hasn’t been a major issue.
Freedom of the press is great, but the improtant thing to remember is that it belongs to those that own the press.
I use Akismet, and have comment moderation enabled. I never heard of bad behaviour though so I may look into that. I am going to implement some of your spam stopping steps.
I’m going to have to try out that NoFollow Free plugin although I’d probably set the threshold a bit higher. I’ve got several older post pages that are PR4 now and I’m sure they would be hit hard by repeat spammers.
One annoying trend I’ve seen lately is the same spammer hitting the same posts over and over again with a script running through proxies. I had one post have over 100 comments added to it within about 30 minutes. Fortunately I had moderate new commentators turned on so no comments of theirs got posted but it was quite annoying.