How to Prevent Comment Spam

by on 08/20/2009 in Security, WordPress

If you own a self hosted blog and you are using WordPress as your blog platform, this post may shed some light on how to combat comment spam.

We all dislike spam and even most of us don’t like the edible kind. If you are using Akismet as your spam blocker you are smart, but there’s more you can do to stop some of those pesky spammers who just know how to get around the system.

Akismet blocks comments based on IP, content and commenter email – See development. There’s just one problem, spammers can use proxy servers to disguise their IP (Internet Protocol). Internet Protocol (IP) is a protocol used for communicating data across a packet-switched internetwork using the Internet Protocol Suite, also referred to as TCP/IP. An IP address looks like this – 999.999.999.999.

Note: It’s very important to mark these posts as spam and not delete them. This will help aid and identify spammers and the Akismet database.

Spammers use proxy servers to mask their IPs thus fooling Anti-Spam tools from blocking the IP from posting. There are more ways to make it difficult for these spammers to post comments.

WordPress Configuration

In addition to having Akismet installed, you should also download and install the plug-in WP-SpamFree Anti-Spam.

In the WordPress Admin Console click on the WP-SpamFree link under Settings. There you will find an option called “Allow users behind proxy servers to comment?” deselect this option. This will prevent would be spammers that use proxies to post a comment.

Go to the Discussion link under Settings and do the following;

  • Select – An administrator must always approve the comment
  • Deselect – Comment author must have a previously approved comment

This will prevent those pesky spammers from posting links in the URL field to non relevant websites that they’re trying to promote by commenting on dofollow blogs. You must have seen some of these comments, see below.

  • Great article, I bookmarked your blog
  • Thanks for sharing I will tell my friends

The tougher you make it for the spammer to comment, the more likely they will move on.

21 Responses to “How to Prevent Comment Spam”

  1. Joanie

    Aug 20th, 2009

    Luckily, I haven’t had too many issues with comment spam (yet!). Most of those hitting my blog get caught with akismet because they’re not smart enough not to include 20 links in the comment. ;-)

    Another thing I’ve done is disallow comments on posts over X days old. A lot of my comment spam is directed at posts that are months old. I suppose they think I’ll be less likely to spot it that way.

    Great article, I’ll tell my friends. (couldn’t resist)
    .-= Joanie´s last blog ..50 Ways to Improve Your Health =-.

    • Frank J

      Aug 20th, 2009

      Joanie,

      I forgot about that one with the x days to shut off comments. Mine is set to 30.

      Good one!

  2. David

    Aug 20th, 2009

    How does that anti-spam plugin filter out spam? Does it look to see if there is a X_FOWARDED_FOR header or does it also have a database of know proxies – like Tor?

    IMO, probably one of the best ways to reduce spam would be to change the wp-comment.php file to something else as spam apps post to that URL.

    I have thought about blocking comment from people that have [seo] or [web design] in the comment name to block manual spam attempts as those are the most common.
    .-= David´s last blog ..Supply and Demand for SEO in the UK =-.

    • Frank J

      Aug 20th, 2009

      David,

      All good suggestions and ones I will add to a follow article.

      Thank you

  3. Gennice

    Aug 20th, 2009

    Oh this is something that I should definitely do, and as fast as possible.

    I’m just tired of amount of spam that I receive on my blog. I hope it diminishes after applying these two… :)

    Thanks Frank!
    .-= Gennice´s last blog ..If Websites Were Like People =-.

    • Frank J

      Aug 20th, 2009

      Gennice,

      I take this serious as I average about 8 comments per post and some days a lot more. This could be a pain and time consuming going through nonsense comments.

  4. Kikolani

    Aug 20th, 2009

    I need to look at my comment moderation again. I think some people have taken advantage of the automatic approval once a comment has been approved before by putting in one awesome comment, and then nothing but crap thereafter. Thanks for the reminder!

    ~ Kristi
    .-= Kikolani´s last blog ..WordPress Thesis Theme Customization Part Four A: Custom Coding =-.

    • David

      Aug 20th, 2009

      That is a popular one. Another one that caught a lot of people out a while back is that top commentors plugin used to decide the top commentor based on name. So you could just Google to find sites using the plugin and then comment using the name of one of the top commentors and your URL would replace that of the one in the sidebar top commentors bit.

    • Frank J

      Aug 21st, 2009

      Kristi,

      It is best to just moderate all. You are right in saying they provide a quality comment than all hog wash thereafter.

  5. David Leonhardt

    Aug 21st, 2009

    It’s funny. I think the spammers figure that “Great post! Keep it up.” will flatter me enough to approve their comments. I just dopn’t know what planet they live on. Honestly, I could care less what site they link to (other than a couple red-flag niches) as long as they add something of value to the discussion. But you still need to moderate, because only a human can judge the quality of a post. You know what else, and maybe it’s just me, but if their contribution is good enough, I don’t care if their name is just a keyword phrase. But if their comment is borderline, I tend to disapprove those without real names. I wonder if others take the same approach.
    .-= David Leonhardt´s last blog ..Want a link on a throw-away domain? =-.

    • Frank J

      Aug 21st, 2009

      David,

      Right on! I enjoyed reading some of your SEO related blog articles as well.

  6. Gerald Weber

    Aug 21st, 2009

    Akismet works very well most of the time. However I don’t like to require an administrator to always approve every comments. If you actively manage your blog and someone leave a ridiculous comment like. Nice post, thanks. It’s easy enough to simply delete these. In my opinion it takes away from commenting experience for commentators when they don’t get to see their comments appear on the blog. I personally get kind of annoyed when I got to a blog and leave a well thought out comment and it goes to moderation and I don’t get to see it or at least not for awhile. I also like to use bad behaviour in conjunction with Akismet. This works by analysing the http request to see if it looks spammy or not. It prevents most automated spam robots from ever visiting your site and thus cuts down on overall comments spam. I also like and use spam free. :-)
    .-= Gerald Weber´s last blog ..How to Free Your StumbleUpon Inbox From “SPAM” Shared Messages =-.

    • Frank J

      Aug 21st, 2009

      Gerald,

      By not allowing an admin to approve each time, it’s easy for someone to fool you with a quality comment the first time than BS thereafter.

  7. abdullah

    Aug 22nd, 2009

    this post is a real help for me
    i am using akismet on my blog but still get new ridiculous advertising comments everyday…
    i hope this second tool combined works not just twofold…
    .-= abdullah´s last blog ..Sony and Toshiba are the Weakest in business : Acer CEO expresses. =-.

  8. Hicham

    Aug 22nd, 2009

    Frank, I should consider checking this plugin!

    I am impressed by how commentators are trying to fool my blog with link-dropping, non-relevant comments, spam (of course) and all that stuff you face since you own a ‘self hosted blog’. Even if I am moderating comments -for that purpose only- I do get comments that seems relevant but when reading them carefuly, I find nothing but holy crap!
    .-= Hicham´s last blog ..Lockerbie: Who deceived Who? =-.

    • Frank J

      Aug 22nd, 2009

      Hicham,

      I find it entertaining when a commenter tries to get under the radar by posting a quality comment the first time than spam thereafter.

      • Hicham

        Aug 23rd, 2009

        Indeed Frank, this is what I am for “quality comment” that add to the post and enrich all of us. Another importat reason for moderating rather than ‘thanks, great post, nighty night’ :D
        .-= Hicham´s last blog ..Egypt @ Digital Age =-.

  9. […] Four A: Custom Coding Blogging Is Not Just About Money – It Is Also A Great Way To Chase Dreams How to Prevent Comment Spam Thesis Customization – Display Scheduled Posts Thesis Floating Icons – Find out how I did […]

  10. Donace

    Sep 5th, 2009

    argh yep spammers are the bane of any webmaster; I had to tackle it a lot on my blog since it became do-follow.

    I actually tested out many setups and have actually talked about it at length here:

    http://thenexus.tk/how-to-stop-comment-spam/
    http://thenexus.tk/blog-comment-spam-prevention/
    .-= Donace´s last blog ..Mafia Wars Collections and Items =-.

    • Frank J

      Sep 5th, 2009

      Donace,

      Thank you for your comment and the references to your comment spam articles.