31 Mar 07

WordPress spam prevention

Everyone hates spam, except I suppose the spammers themselves. I’ve had trouble with spam for years but I finally seem to be winning the battle.

My first layer of protection on this WordPress site is Akismet. When a new comment, trackback, or pingback comes to the site it is submitted to the Akismet web service which runs hundreds of tests on the comment and returns a thumbs up or thumbs down.

When the plugin catches something as spam it saves it in the database for 15 days in case I want to check it out manually and then automatically deletes it.

It has been known for Akismet to make false identifications. I used to scan the captured spam to check and as the numbers skyrocketed this became rather cumbersome.

I then installed the Bad Behavior plugin as an extra guard. It is a set of PHP scripts which prevents spambots from accessing the site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. Bad Behavior blocks spambots with a short error message, so most of them don’t even make it through.

On the footer of this site you will see a note saying how many spam attempts have been blocked — 1371 in seven days as I write this.

Despite these two powerful spam fighters I was still having to screen 30 or 40 messages a day in Akismet.

I then added Ravens’ Antispam plugin and it’s reduced the attacks to zero. It uses javascript in a clever way I can’t explain to fool the spambots. Apparently bots can’t read javascript. If a user comes here without a java-enabled browser they will need to complete an extra text input field to make a comment.

It’s a war of attrition but for the moment I’m winning thanks to the smart people in the WordPress community.

These articles might be of interest:

• Bad behaviour
• Mollom spam killer
• Word Press upgrade

Tags: internet, spam, WordPress

Leave a comment

Name (required)

Mail (will not be published) (required)

Website

Notify me of followup comments via e-mail