Comment and trackback spam, content theft, splogs, are constant threats to the consistency of the blog content and also a common headache of bloggers. Recently, Lorelle published a list, or better a review, of plugins that prevent spam from reaching the public pages of a WordPress blog. As usual, her article is great, but there are some things I would like to comment on.
First of all, I would like to thank Lorelle for including my Creative Commons Configurator plugin in the “Plugins against Splogs, Scrapers, and Thieves” section of the review. Apart from this article, her blog contains tons of valuable information about WordPress and blogging in general and I am happy that my plugin was featured in a plugin-roundup there.
Second, I have to disagree with her statement that the plugins which force commentators to answer logical questions or plugins that implement captchas do not work, meaning that these plugins offer no real and constant protection compared to content filtering plugins like Akismet. Regardless of the fact that there are many kinds of spambots, each with different abilities, and that blogs are not hit by the same spambots, so each blogger’s experience may differ from the others, we have to agree that these tests, implemented either with javascript or with warped images, target only those of-limited-capabilities spambots. But, this is the majority of the spambots. This is not a result of any research, but a logical conclusion, which is explained below.
It would take a person, who has an understanding about HTML forms, only one line of code in order to send a comment spam to a WordPress blog. If this line is put inside a loop that iterates over a file with target blog URIs, then you have a spambot in 4-5 (maximum) lines of code. Allow me to believe that millions of computer users worldwide have the knowledge to implement something as simple as that.
A plugin that implements a test with javascript automatically prevents all of these stupid bots, like the one above, from submitting comments to your blog. My personal experience with such a plugin (actually I have written this one, but you will find many others), has shown that javascript tests combined with a content filtering plugin like Akismet offer the maximum protection from comment spam.
From the time you imlement such a combined protection scheme in your blog you will notice a tremendous decrease in comment spam. On the other hand, trackback spam will not be affected, since it is impossible to implement any javascript/captcha tests when a client submits a trackback. In order to fight this type of spam, you will have to rely on a content filtering plugin and also you might need to take a look at the Trackback spam (page down) that offer protection against trackback spam.
Evil-Fighting WordPress Plugins by George Notaras is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Copyright © 2007 - Some Rights Reserved
You make a good point against the CAPTCHAs and such. And they do work, but often for not very long. With the growing industry of hiring human comment spammers, CAPTCHAs and tests tend to do more to torture readers than actually help, since human comment spammers can easily bypass these.
The true test of how far we can go to fight off comment spam is by targeting the source. Right now we are in fire fighting mode rather than prevention. As soon as the fire is under control, we need to turn our attention to the source.
Thanks for the kind words and the great work you do helping the WordPress community!
Oh, one more thing. I never see the “read and accept” privacy checkbox until after I hit the submit. It might be wise to move it above the comment box or make it a little bolder since the faded gray is hard to see right off. Thanks.
Hi Lorelle,
I learned about the hired spammers from your writings, I had no idea that such a phenomenon existed. :-)
Also, I don’t think it’s such a big deal for a commentator to answer a simple math question, eg 1+2. OK I agree that it is annoying having to answer math questions, tick checkboxes etc. The biggest annoyance is captchas. I hate them too, but I understand the bloggers that implement them for protection. :-)
I would say that the main source of spam for my blog is trackback spam. Akismet does a great job, but I think of implementing a plugin specific for trackback spam, so that I don’t have to search through huge lists of “marked as spam” trackbacks in order to check if I should approve them or not.
You are right about the “read and accept” privacy checkbox. Maybe it should be together with the other required fields of the form.
Thanks for your comment :-)
This is for my own future reference to check whether the comments marked as spam are from comment-spam or trackback-pingback-spam, so to judge if javascript trick works…
SPAM from comment-spam:
SPAM from trackback/pingback-spam: