Top

Tips to stop blog comment spam on WordPress blogs

November 17, 2006 by  

I enjoy publishing my blogs using WordPress. A few short months after switching to WordPress from Blogger, I began to get a steady trickle of comment spam. Just plain garbage not related to any of my articles. These comments contain URLs for porn, prescription medication, online casinos, loan providers, insurance providers and more. Some just have random characters and a URL, while others might have eight rows of URLs.

Still others include fake compliments in broken English, such as “Great site. I like you say. Go pornpalace123.xhfshds.com.”

I get annoyed and frustrated because I would like legitimate reader feedback and I don’t want to turn off real visitors who see these junk links. So my writing hobby also requires constant vigilance.

Also, this nonsense messes with my traffic stats. I want to have reliable numbers, not artificially inflated with spammer visits.

What’s most bizarre is that the guys/gals posting this crap don’t know that comment spam is no longer effective in improving their Web site’s natural search results, because it’s typically not relevant and the no-follow tag tells the major search engines not to index hyperlinks in comments. These spammers are not following current Search Engine Optimization methodology and tactics. I guess they didn’t get the memo at the last Spammer-con.

Tips for WordPress blog publishers:

  • Regularly update the Comment Moderation filter with keywords you want to screen for and temporarily hold in a queue for your review.
  • Regularly update the Comment Blacklist filter — extreme foul language or comment spam subjects like casino, prescription names, sex acts, etc.
  • Temporarily block IP address ranges that repeatedly post spam over time. (Warning! Only advanced users should consider this extreme tactic.)
  • Install a plug-in that challenges the comment poster to either answer a math problem or type in the text displayed in an image. That helps slow down automated spambots.
  • Activate Akismet plug-in to move possible comment spam into a queue for your review.
  • Install and activate Bad Behavior plug-in to block known spammers from accessing your blog.

I regularly update the built-in WordPress Comment Moderation filter (“Options > Discussion”) with various keywords and domain names to help flag comment spam and put it in a review queue.

While I’m doing that, I also update the Comment Blacklist with every dirty word and spelling/misspelling variation I find in comment spam.

At times I’d turn off the comments function for a few days to see if I could make the spammers give up and move on. But after I turned the function on again, the spam returned quickly. Presumably automated spam bots are the cause.

I tried implementing a challenge mechanism that requires the comment poster to type in the letters/numbers displayed in a unique image. But that didn’t have much affect and broke unexpectedly a few times.

I activated the WordPress Akismet plug-in about 3 months ago. Since then, Askimet has caught 977 and 351 spam posts on Chaos365.com and NewMediaSandbox.com, respectively. It automatically puts comments in it’s own queue (“Manage > Akismet Spam”) and I review to confirm there are no legitimate reader posts. What’s nice about this tool is that it draws from a library of data to help flag possible spam posts. Then when I submit what I consider to be spam, it combines with other user-provided data so all users benefit.

Akismet has caught 977 spam for you since you first installed it.
You have no spam currently in the queue. Must be your lucky day. 🙂

Suddenly, the first week of November I got several hundred spam messages in my Akismet queue in less than a weeks time. I decided it was time to find a tool to block spammers before they could even post.

I’ve carefully used the Comment Blacklist to restrict specific IP address ranges that repeatedly abuse my blog. I’ve even updated .htaccess file a few times. But realizing that IP addresses may change, I edit these only temporarily as a short-term solution to try to make spammers/spam bots move on.

Obviously, this is becoming to much work. I needed an automated solution. The plug-in I found is called Bad Behavior. It essentially prevents identified spammers from accessing the blog. Period.

I installed Bad Behavior on a Sunday morning on my two primary blogs. By Friday morning (5 days later), it reported that it had blocked 2,381 access attempts on Chaos365.com and 198 access attempts on NewMediaSandbox.com. I can check (“Options > Bad Behavior”) to see how many attempts are reported for the past 7 days.

In the same period since installing Bad Behavior, each day I also checked the Akismet plug-in to see if anything is in my queue awaiting confirmation and I am happy to report it has been zero each day for both blogs.

There are other popular WordPress plug-in solutions, such as Spam Karma, that work well for many bloggers. But your best strategy to get started should be trial and tweak, and add on additional tactics carefully. Research these solutions I’ve mentioned (Akismet, Bad Behavior, Spam Karma), check out other options available at WordPress.org, and decide what may be right for you. Just don’t activate too many simultaneously because you might create unexpected conflicts that could prevent legitimate visitors from accessing or contributing to your Web site.

In summary, WordPress owners should:

  • Carefully identify keywords not related to your blog content that you want to moderate or block altogether.
  • Install and activate the latest Akismet and Bad Behavior plug-ins.
  • Fine tune as necessary so you keep the good posts in and the garbage out.
  • Keep publishing!

I hope you find this useful.
Good luck!
-Roland

Comments

10 Responses to “Tips to stop blog comment spam on WordPress blogs”
  1. Pozycjonowanie says:

    Someone else below asked this already.
    I am getting nailed with Spam in my website for our blog website. Is there anyway to stop this? If not, there really isn’t any point in leaving it up and active. Any help will be greatly appreciated.

    Thanks Keep up the good work. Greetings from Poland

  2. Hi, thanks for reading.
    Fighting blog spam is a lot of trial and error. As I mentioned in the article above, try these steps:
    * Regularly update the blog’s Comment Moderation filter with keywords you want to screen for and temporarily hold in a queue for your review.
    * Regularly update the Comment Blacklist filter — extreme foul language or comment spam subjects like casino, prescription names (and misspelled versions), sex acts, etc.
    * Temporarily block IP address ranges that repeatedly post spam over time. (Warning! Only advanced users should consider this extreme tactic.)
    * Install a plug-in for your blog software that challenges the comment poster to either answer a math problem or type in the text displayed in an image. That helps slow down automated spambots.

    All the above helped me a great deal.
    Hope some of that helps you to. Good luck!
    -Roland

  3. WordPress users, maybe you’ll find this tip helpful.

    I was setting up a new domain and Web site using WordPress and activated the “Bad Behavior” plug-in to block content spammers. But when I tried to submit the new URL to Yahoo Site Explorer, I kept getting “Unreachable URL” error message.

    It was annoying because I knew the URL was resolving properly. Plus, I submitted the URL to Google Site Map and verified my site without a problem.

    Here is the solution… Temporarily deactivate the “Bad Behavior” plug-in. Then go to Yahoo Site Explorer and submit the URL and feeds (it works!), put the Yahoo authentication file on the server. Then activate the Bad Behavior plug-in again when the site has been verified.

    Hope you find this useful.

  4. Update: This is regarding my previous comment about Yahoo Site Explorer authentication abd temporarily deactivating the Bad Behavior plug-in. I submitted the problem/suggestion to Yahoo and a employee responded with this:

    by employee Lakis | Sat Dec 30 00:06:44 2006
    This will not work. We reauthenticate approximately once a week. So after a week, when we will re-authenticate your site, we will try to get the authentication file, fail and un-verify you.

  5. nytexan says:

    Thanks for the post, I found it very helpful. I do have a question that may seem very elementary but here it goes. Today I plugin Bad Behavior and I am concerned that it may be blocking some real visitors. I have been looking in the php log and many blocked entries seems real. How do I know if there are real people getting blocked. Thanks.

  6. Roland says:

    Thanks for stopping by. Installing “Bad Behavior” is an aggressive measure. Hopefully, legitimate visitors are not blocked.

    But the reality is you have to evaluate the return on investment to you. How much is your time worth? How much stress can you tolerate?

    Applying such a tactic frees up your time to concentrate on publishing good content. Manually combating the scum of the Web consumes your free time and adds unnecessary stress.

    Good luck!

  7. Bobby says:

    SpamKarma2 did the Job for me better than akismet, which deletes comments even if they are not spam, and i couldnt figure it out how to moderate spam comments catched by akismet, so i recommend Spamkarma to everyone who has Problems with Spammers.

  8. tyger says:

    Great article. I’ve got Bad Behavior, Akismet and Referrer Karma running. Now that I’m done reading, I was thinking about heading over to that enlargement site I read about in the previous post, but I just went through that reduction surgery, so I’ll skip it for now.
    Would spammers spam if it didn’t pay off? Someone must be clicking on all that crap and someone must be making money somewhere. It just seems like so much work to go through…..

  9. Roland Reinhart says:

    Thanks for stopping by and catching that “enlargement” comment spam. As a habit I try to check my comments daily to make sure nothing obnoxious got past the automated defenses, but occasionally something does. It won’t last long though. As a matter of policy, I delete spammy comments so the other readers don’t have to get exposed to that garbage. Take care. -R

  10. Roland says:

    FYI, Spam Karma is no longer being supported by the developer, according to his blog post:
    http://unknowngenius.com/blog/archives/2008/07/14

Bottom