Fighting Comment Spam

I recently made some changes to the way comments get posted. For a long time I had been using the Comment Authorization plugin to help fight comment spam, and make people verify their email address. But, as it turns out, that plugin isn’t totally compatible with WordPress 2.0x. I thought it was, but I didn’t realize it was preventing the Comment Author cookie from being written. If you’re unfamiliar with this… wordpress writes a cookie when you leave a comment. That’s why your info is already in the form fields when you come back, after leaving a comment. The cookie is also used by the Subscribe to Comments plugin. Without it, that feature gets broken.

I needed that cookie to be written for something else I’m doing (I’ll explain more in a followup post). So, I had to disable to Comment Authorization plugin until a new version is available.

The next plugin I tried was the Did You Pass Math plugin. It places a small, simple math question into the comment form, to weed out the bots. The plugin worked really well, and I was going to stay with it, but I discovered what I view as a bug. If you didn’t answer the math question, you were taken to a screen that tells you that you must answer the question in order to post you comment. You then use your browser’s back button to get back to the form. But, when you went back to the form, it was now blank. You had to type your comment all over again. That would really bug me if I spent a lot of time composing my comment, and now it’s gone. So, I ditched that plugin.

Currently, I’m using the Akismet plugin / service to fight comment spam. It seems to be working really well, but I did catch one legitimate comment that it had marked as spam. So, if you make a comment and it doesn’t get posted, let me know.

5 thoughts on “Fighting Comment Spam”

  1. Thanks for switching, at least… While I did see the reasoning behind the previous system (mail verification), it always somewhat bugged me…

  2. This is an unfortunate side affect of WordPress I think, unfortunately the feedback mechanism it gives plugin developers for communicating failure seems fairly crude (or at least, i haven’t figured out how to do it :)

    Using the K2 theme and the K2 version of the plugin gives good feedback within the comments page using AJAX. See

    But K2 is a pretty aggressive theme (more a mod than a theme)

  3. I agree the DYPM plug-in does work really well, on 2 counts — with K2 at least. For the commenter it is less involved than using a CAPTCHA. For the site owner it is effective: I’ve not had a single spam in my Askimet queue since switching DYPM on; that speaks for itself.

  4. The best way to stop spam would be to spend some time in moderating the comments persoanlly rather than relying on any captchas. You can go to the other extreme of not allowing anyone to comment – but then the whole essence of sharing information is lost. At least Yahoo and MSN rewards the commentators with relevant backlinks, so that is a reward which many spammers like to go for.

Leave a Comment