Tuesday, December 13th, 2005, 7:27 pm
WordPress Comment Spam Prevention
My personal experiences in handling comment spam are limited, as often is the case. Very few individuals have had the opportunity to test the full spectrum of any given type of software or product (a classic example are laptops, of which they are many models and manufacturers). Only an exhaustive trial, in turn, enables to give a good and comprehensive review.
As regards faults or statistics or reliability, these can rarely be accounted for unless a careful, systematic, and prolonged study is conducted. As a result, the suggestion I make will suffer from a relatively narrow scope. By all means, I am not proposing the best prevention methods for comment spam. I can merely add my 2 cents, speaking about my evolutionary experience with a few spam prevention tools, plug-ins, or paradigms. I shall also provide some links to a variety of popular tools that I am less familiar with.
I used Spaminator, which is a WordPress plug-in, for almost a year. Kitty, who is the author of Spaminator, seems to have disappeared from the blogsphere altogether. No activity as far as I can gather, but the plug-in should still be there, available as a download for WordPress version 1.2.x. Kitty was put off by WordPress 1.5 incompatibilities with her plug-in/s and switched to Drupal, albeit it has been dormant for many, many months. The big question remained: has her plug-in stood the test of time and lingered on as an effective spam ‘wall’? Was itsability to discern ham from spam and filter it accordingly eroded? Have spamming trends and techniques changed too much in the interim? Months flew by…
In due time, Spaminator began to kill genuine comments — at least ones I was informed about. One can never tell if genuine comments get rejected unless the poster bothers to contact the Webmaster. The alternative is to check hundreds of automated E-mails that act as ‘stubs’ from the operation of Spaminator.
At times I was using CAPTCHA (graphical verification numbers), but wasn’t sure to what extent it helped. I then decided to further experiment with CAPTCHA and see its direct effect on malovalent/benevolent comment numbers. When disabled, dozens/hundreds of spammy comments flowed in every day. Many were stacked in the moderation queue because they contained or matched obvious spam characteristics.
At some later stage, I began to see comments that contained links, but did not bother with anchor text. Poker sites would post links alongside names of songs and artists. When I enabled CPATCHA (in two serpate domains), the number of spammy comments verged 0. I hope it carries on this way, having been satisfied for weeks or months. As far as I can recall, this CAPTCHA implementation is weak and was sensitive to floods a few months back.
For what it’s worth, I use Coffelius’ plug-in, which I initially installed last year, but disabled at times because CAPTCHA’s have their problems too, notably blocking and hindering commenters.
Also popular among peers and especially folks who are associated with the WordPress community:
- SpamKarma (and its successor/enhancement SpamKarma 2)
- I once read about an approach which involves nothing but an Apache rule. It seems to receive a decent level of attention.
- Akismet – a collaboratory mail filtering engine. I participated in its testing phase, but was also well-aware of its shortcomings. As I also help testing the next version of WordPress, I can say that WordPress 2.0 comes with Asismet as one of the default (i.e. core) plug-ins.
It sometimes amuses me when I look back at on old method/premise I had for avoiding comment spam. I was young and innocent at the time! The Internet has become more aggressive.