Hi Ashley!
I’m positive you’ve discussed this recently, but I can’t seem to find the post. So sorry!
Basically, spam comments are slipping through the Akismet spam filter more and more lately. I had 11 that I had to delete recently, just from the last week alone! What else can I do to protect my blog from spam comments?
Thanks so much!
Meredith
Hey Ashley,
I tried searching through your site but couldn’t find anything answering this topic. If you already have though and give me a link, that’d be great. I don’t want you to have to repeat yourself!
When we started Oh, the Books! we used Jetpack comments and would only get an occasional SPAM comment here or there, but had to turn off that plug-in because it was causing problems for some bloggers who were trying to comment (as you know). Since we have switched to WordPress’s native commenting system, our SPAM has gone wild. In March we had 206 SPAM comments, and so far in April we have 1891 SPAM comments. That’s a huge jump!
My question:
Do you have recommendations for WordPress users when it comes to managing SPAM comments? Is there a certain plug in or commenting system you would recommend? Do you have a certain method of sorting through it yourself? It would be quite easy to just hit the “Empty SPAM” button, but I’m always worried I’ll end up deleting a real comment.Thanks!
Asti
I know exactly what you mean, girls! Akismet worked flawlessly for me for several years, but in recent months anywhere from 5-15 spam comments have been getting through every day. It was SO annoying! I dealt with it for a few weeks and then finally I decided, “I’m going to stop this!” I’ve been testing my new method for a few weeks now and between my new methods and Akismet, all spam has been eliminated!
I went from:
- 200-600 spam comments posted and caught by Akismet every day.
- In recent months: 5-15 spam comments NOT caught by Akismet every day that needed to be marked as spam manually.
To:
- 0 spam comments being posted (since August 30th).
- About 10 spam trackbacks (those are not covered by this method—Akismet handles those though).
Step 1: Install Stop Spam Comments
comment_form() to display the comment fields. If you install it but your theme DOESN’T use comment_form(), legit users won’t be able to leave comments!There’s a very simple, lightweight plugin called Stop Spam Comments. Now, most spammers are bots who have JavaScript disabled. So with that in mind, here’s how the plugin works:
- When a person clicks on the comment field, JavaScript creates a new hidden input field. But since bots have JavaScript disabled, this input field never gets created for them.
- When the comment is submitted, the plugin checks to see if the hidden field exists. If it doesn’t exist, the comment doesn’t go through.
There’s even a fallback for REAL people who have JavaScript turned off so that they can still comment. But the number of “real” people who have JavaScript disabled is like 1%.
This plugin is SO simple, but it does a great job eliminating spam comments!
Step 2: Adding an extra hidden field (optional/advanced)
To be extra secure, I decided to take this one step further. I created a new text input, hid it with CSS (so real people can’t see it), then when the comment gets submitted I check to see if that field has any content. If it does, then the comment doesn’t get submitted.
The reason this works is because bots just look at the HTML on the page. So if something is hidden with CSS, they don’t know it. In order to get their comments through, spammers fill out EVERY field. So, most spammers would fill out this fake field and then they would fail the spam check.
All you have to do is paste this code into your theme’s functions.php file:
comment_form() to display the comment fields.
<?php
// Adds a new text field to the comment form
add_filter('comment_form_default_fields', 'ng_antispam_comment_field');
function ng_antispam_comment_field($fields) {
$fields['ng_twitter_handle'] = '<input type="text" id="ng_twitter_handle" name="ng_twitter_handle" placeholder="Your twitter handle">';
return $fields;
}
// Gets executed when the comment is being processed
add_filter('preprocess_comment', 'ng_process_comment_antispam');
function ng_process_comment_antispam($commentdata) {
// If this is a trackback or pingback, return
if ($commentdata['comment_type'] != '') return $commentdata;
// If the secret field is filled out, do not process the comment
if (!empty($_POST['ng_twitter_handle'])) {
wp_die('You\'re a fugly spammer!');
}
return $commentdata;
}
?>
I called the field ng_twitter_handle to make it sound legit (just in case the spammers try to be smart!).
Now it’s also very important that you add this CSS to your theme to hide the field for legit users. If you don’t hide it, real people will see it and try to fill it out.
#ng_twitter_handle {
display: none;
}
Thanks for this Ashely. I’ve found that lately Akismet hasn’t been as effective as it used to be. I’ve implemented your step 1 but not step 2 as editing php files scares me and I’ve yet to try that. Hopefully even step 1 will help though.
Fingers crossed. π
what is ur idea about slider captcha?
search it in wordpress plugins.
I see no reason to use it when this method will work just as well but not be noticeable to real users whatsoever (whereas CAPTCHA requires them to perform an action).
So far, my spam has been pretty good. Only one gets through every couple of days. But I get like 500 a day. That’s crazy to me.
Yeah it’s pretty nuts.
Hi Ashley! Is the widget you suggested part of Book Host? I’ve been having problems with spam as well. Thanks for your advice π
The Stop Spam Comments plugin is available on Book Host. π
You’re always a stop ahead π
So far I haven’t had problems with spam getting through akismet, but I’m bookmarking this post in case I need to do something different in the future π
Oh wow I was wondering if it was just me! I used to get none and now I get like 10 a day I need to manually mark as spam (and it’s been going up). One thing that could help too, last time this happened to me about 6 months ago, I tagged Akismet on a complain tweet and they had me email them my plugin key/ID of whatever you call that (and I have the free one, too), and they did something to it that made it much better! Sounds like they need to do that regularly though since my problem is back. I’ll be giving this a try! Thanks! π
If you want to use this method you’ll have to make some adjustments to your theme since yours doesn’t use the
comment_form()code. If you want me to swap that for you, let me know. Otherwise you just need to edit the comments.php file in the Xpresso Reads theme directory and delete everything between:and
Then, in between those, just enter in:
Ooh ok thanks! I’ll have hubby look at it and if he breaks it I’ll let you know! Lol!
I recently installed Conditional Captcha, though I’m not quite as impressed with it as I hoped, since I’ve still had a couple spam comments slide through. (It’s also captcha, and even if it is conditional, I’m not a fan.) I looked at my theme’s comment.php file, and to my untrained php eyes, it looks like Thesis makes up its own complicated php.
Ugh that’s why I hate theme frameworks. Rather than using all the normal WordPress code they make overly complicated code that barely uses default WordPress functions so you have to learn all THEIR stuff instead.
I have no words for your greatness and timing (tee, hee!) I can’t believe what’s been sneaking through lately!!!! I’d been putting off investigating (pure laziness) but now you’ve gone and done the work for me… again! Thanks, girl!!
My pleasure! π
THANK YOU!! I will try this plugin. Hopefully between both plugins this crazy spam stuff will stop.
Well that code stuff is like another language for me but its nice to know im not the only one suffering from spam. I have to delete 400-800 comments in my spam mailbox every day and lately about 10-20 of them make it through. So annoying, especially since its usually for the same couple of posts.
Will you be releasing your plugin soon?
Which plugin?
I’ve been sick of dealing with these spam comments too! Thanks for this tutorial and plugin link =)
No problem! π
You are amazing!! I thought Akismet had this under control until a few spam comments starting showing up this month. Thank you for all these tips you give us!!!
My pleasure. π
Is the Tweak Me theme compatible with this plugin?
Yes, provided that you have the latest version. π If you read the changelog for the most recent update, it talked about switching to use
comment_form()code.I’ve noticed a crazy increase in the amount of spam comments that Akismet caught, but none have broken past that filter so far. Still, I’ve gone and activated that plug-in from Step 1. Fingers crossed! Down with spam! π
Thank you so much, Ashley! I thought that I am the only one who is having this problem. Every week, I usually accumulate 1K-1.5k spam comments which is alarming and frustrating because what if there are real comments in there that I wasn’t able to unspam?
I already installed the stop spam comments. But I would also like to do step #2. When you said insert the code on “themeβs functions.php file”, does it refer to the “Theme Functions (library/functions.php” for the Tweak Me Theme? If it is, where should I paste it? At the very bottom, after the footer credits coding?
And regarding the #ng_twitter_handle {
display: none;
} code, where should I paste it? On Theme Options>Custom CSS?
Thank you so much for the help!
Putting it in library/functions.php or functions.php are both fine. π
And yes, the CSS code goes in Theme Options > Custom CSS!
Thank you so much for the help, Ashley. Already done it.:D
I use Disqus, so I don’t get much spam, but there’s been a bit slipping through lately. Do you know if I still use this even if I’m overriding normal WP comments with Disqus?
No this method won’t apply to Disqus because that uses a completely different, external form.
OMG Thank you so much! I’ve been having serious problems with this lately too. More and more spam gets through and since I’m not doing good keeping up with my comments (what else is new, right?) they sit on the page for days, which I hate even more! Before I do all this – you said it won’t work with all themes. I’m assuming your Tweak Me theme should be good, right? Or do I need to do a work around? Don’t want to break anything! You’re awesome!
Tweak Me is compatible! π
I just use the Akismet and maybe I don’t get enough comments for it to be a big issue. I have had a slight increase, but if it is a big issue, Akismet might update.
Thank you so much for this post! I’ve had such terrible spam issues since installing CommentLuv! I was tempted to delete the plugin but then I came across this post.
Thank you, thank you, thank you! π
Thanks for this post. I’m going to try this. I get 100-200 Spam Comments a day. Hopefully this works.
Have you ever thought about publishing an ebook
or guest authoring on other websites? I have a blog centered on the same
subjects you discuss and would really like to have you share some stories/information. I know my viewers would appreciate your work.
If you are even remotely interested, feel free to shoot
mme an e-mail.