Tips to stop blog comment spam on WordPress blogs

I enjoy publishing my blogs using WordPress. A few short months after switching to WordPress from Blogger, I began to get a steady trickle of comment spam. Just plain garbage not related to any of my articles. These comments contain URLs for porn, prescription medication, online casinos, loan providers, insurance providers and more. Some just have random characters and a URL, while others might have eight rows of URLs.

Still others include fake compliments in broken English, such as “Great site. I like you say. Go pornpalace123.xhfshds.com.”

I get annoyed and frustrated because I would like legitimate reader feedback and I don’t want to turn off real visitors who see these junk links. So my writing hobby also requires constant vigilance.

Also, this nonsense messes with my traffic stats. I want to have reliable numbers, not artificially inflated with spammer visits.

What’s most bizarre is that the guys/gals posting this crap don’t know that comment spam is no longer effective in improving their Web site’s natural search results, because it’s typically not relevant and the no-follow tag tells the major search engines not to index hyperlinks in comments. These spammers are not following current Search Engine Optimization methodology and tactics. I guess they didn’t get the memo at the last Spammer-con.

Tips for WordPress blog publishers:

• Regularly update the Comment Moderation filter with keywords you want to screen for and temporarily hold in a queue for your review.
• Regularly update the Comment Blacklist filter — extreme foul language or comment spam subjects like casino, prescription names, sex acts, etc.
• Temporarily block IP address ranges that repeatedly post spam over time. (Warning! Only advanced users should consider this extreme tactic.)
• Install a plug-in that challenges the comment poster to either answer a math problem or type in the text displayed in an image. That helps slow down automated spambots.
• Activate Akismet plug-in to move possible comment spam into a queue for your review.
• Install and activate Bad Behavior plug-in to block known spammers from accessing your blog.

I regularly update the built-in WordPress Comment Moderation filter (“Options > Discussion”) with various keywords and domain names to help flag comment spam and put it in a review queue.

While I’m doing that, I also update the Comment Blacklist with every dirty word and spelling/misspelling variation I find in comment spam.

At times I’d turn off the comments function for a few days to see if I could make the spammers give up and move on. But after I turned the function on again, the spam returned quickly. Presumably automated spam bots are the cause.

I tried implementing a challenge mechanism that requires the comment poster to type in the letters/numbers displayed in a unique image. But that didn’t have much affect and broke unexpectedly a few times.

I activated the WordPress Akismet plug-in about 3 months ago. Since then, Askimet has caught 977 and 351 spam posts on Chaos365.com and NewMediaSandbox.com, respectively. It automatically puts comments in it’s own queue (“Manage > Akismet Spam”) and I review to confirm there are no legitimate reader posts. What’s nice about this tool is that it draws from a library of data to help flag possible spam posts. Then when I submit what I consider to be spam, it combines with other user-provided data so all users benefit.

Akismet has caught 977 spam for you since you first installed it.
You have no spam currently in the queue. Must be your lucky day.

Suddenly, the first week of November I got several hundred spam messages in my Akismet queue in less than a weeks time. I decided it was time to find a tool to block spammers before they could even post.

I’ve carefully used the Comment Blacklist to restrict specific IP address ranges that repeatedly abuse my blog. I’ve even updated .htaccess file a few times. But realizing that IP addresses may change, I edit these only temporarily as a short-term solution to try to make spammers/spam bots move on.

Obviously, this is becoming to much work. I needed an automated solution. The plug-in I found is called Bad Behavior. It essentially prevents identified spammers from accessing the blog. Period.

I installed Bad Behavior on a Sunday morning on my two primary blogs. By Friday morning (5 days later), it reported that it had blocked 2,381 access attempts on Chaos365.com and 198 access attempts on NewMediaSandbox.com. I can check (“Options > Bad Behavior”) to see how many attempts are reported for the past 7 days.

In the same period since installing Bad Behavior, each day I also checked the Akismet plug-in to see if anything is in my queue awaiting confirmation and I am happy to report it has been zero each day for both blogs.

There are other popular WordPress plug-in solutions, such as Spam Karma, that work well for many bloggers. But your best strategy to get started should be trial and tweak, and add on additional tactics carefully. Research these solutions I’ve mentioned (Akismet, Bad Behavior, Spam Karma), check out other options available at WordPress.org, and decide what may be right for you. Just don’t activate too many simultaneously because you might create unexpected conflicts that could prevent legitimate visitors from accessing or contributing to your Web site.

In summary, WordPress owners should:

• Carefully identify keywords not related to your blog content that you want to moderate or block altogether.
• Install and activate the latest Akismet and Bad Behavior plug-ins.
• Fine tune as necessary so you keep the good posts in and the garbage out.
• Keep publishing!

I hope you find this useful.
Good luck!
-Roland