How to block comment spam

Like all bloggers, I find comment spam to be a constant annoyance. There are many ways to mitigate the problems it causes however and using the following techniques means that this site is subject to almost no comment spam.

Use WordPress’ built in comment spam tools –

  • In WordPress Options -> Discussion, fill in the list of common spam words – words in this list automatically cause a comment to go into the moderation queue. I use the following list.
  • Also use the Comment Blacklist field. Populate this very carefully. Any comment containing words in this list are nuked automatically. No notification. No way to get them back. Gone. This is the list of words I have in my blacklist.
  • I have checked the “Comment author must have a previously approved comment” field as well. This is a very simple but very effective tool – regular commenter’s are able to leave comments and see them appear instantly; new commenter’s comments are held for approval and if they are not spam, their comment appears in short order and subsequent comments appear immediately.
  • And I use WordPress’ built in anti-spam plugin – Akismet.

I also have a custom .htaccess file which stops a lot of spamers cold before they reach the site at all. Excercise extreme caution with .htaccess files as they can take your entire site down. If you are not sure what you are doing, I have written a few explanatory articles on .htaccess files previously. If you are still not sure what you are doing, put the .htaccess file down and walk away very slowly!!!

Finally, I use plugins called Referrer Karma and Bad Behaviour which help significantly by stopping bots from accessing your site to leave comment spam.

Having implemented these techniques ensures that my site stays free of comment spam without having to moderate all comments and without having to implement CAPTCHAs. CAPTCHAs are those horrible badly drawn images of combinations of letters and numbers which some people put on their sites to stop spam. CAPTCHA’s are evil*. Stop using them. Now.

* The American Foundation for the blind has written many times about how difficult Captchas make browsing for blind or partially sighted people and the W3C in a report on Captcha’s said:

A common method of limiting access to services made available over the Web is visual verification of a bitmapped image. This presents a major problem to users who are blind, have low vision, or have a learning disability such as dyslexia.

15 thoughts on “How to block comment spam”

  1. For those of us who use Blogger…Captchas are the only defense we have.

    Upon your request, I removed Captchas months ago, only to be inundated with gobs of spam. In the interest of my time (at least 1 hour a day was cleaning out spam), I went back and have no problems now.

    Now, I could switch to wordpress, but that would mean having to start all over again and having to pay someone who does PHP to do my template (’cause I don’t want standard blue) and having to learn what the hell MySQL is and hoping that all of my readers pulling my non-Feedburner feed (’cause there are almost 1000 who don’t use my FB feed) switch over and leaving my archives on Blogger because there is no way to import them with my comments, etc. (we’ve tried numerous times) and the whole thing would be a mess. Blogger is simple, free and if it is only captchas I have to put up with, so be it.

    So…I hope you can forgive me, Tom, but Captchas make my life easier on blogger. All of my subsequent blogs, I have started on WordPress (but I still need to pay big $$ to a PHP designer one of these days and Chris is the only one who knows what that other stuff means). I don’t want to sound defensive. I just want you to know that it isn’t as easy as ‘Captchas are stupid and I hate them so don’t use them’.

    You join me in lobbying Blogger and we’ve got something there.

  2. Thanks for this tip Tom, in the last few days I have seen a major jump in the amount of spam comments I have been receiving on my blog.

    They have all been moved to the moderation queue but hopefully these tips will save me having to delete them from the queue every half an hour.

  3. For those of us who use Blogger…Captchas are the only defense we have.

    True Tara, and shame on Blogger for that.

    having to pay someone who does PHP to do my template (’cause I don’t want standard blue)

    Not true Tara – there are literally thousands of free WordPress templates out there for download. I use K2 with an image of a seagull I took myself as the header. 10 seconds to do. I can send you instructions if you wish. No designer required!

    having to learn what the hell MySQL is

    Again, not necessary. I have not needed to go anywhere near sql in the setup or maintenance of the WordPress blogs I manage.

    hoping that all of my readers pulling my non-Feedburner feed (’cause there are almost 1000 who don’t use my FB feed) switch over

    A simple re-direct will solve this. I did it when I switched from Blogger and I had no issues.

    leaving my archives on Blogger because there is no way to import them with my comments, etc. (we’ve tried numerous times)

    I’m surprised to hear that Tara. I imported all my Blogger posts and comments (using WordPress 1.2) with only one light hiccup which was quickly resolved

    it isn’t as easy as ‘Captchas are stupid and I hate them so don’t use them’.

    I realise that Tara but it isn’t just me – I quoted the American Foundation for the Blind and the W3C as also coming out against CAPTCHAs.

    join me in lobbying Blogger and we’ve got something there

    No problem, where do I sign up/picket/Googlebomb? 😉

    Tara – seriously, if you need any help at all in moving your site to WordPress, or with a WordPress theme, let me know and I’ll see what I can do to help.

    Michele – how are you defining “implemented correctly”? I am not aware of any W3C approved standards around CAPTCHAs. Did I miss something?

    Stephen – hope the tips work out for you. Let me know how you get on.

  4. As someone who is dyslexic, you should see the spell checker go crazy trying to figure out the nonsense words become when I get tired, I agree that Captchas are a pain in the arse, and you should see the awful to read ones Six Apart use, and yet I’m still using them on Typepad as they keep a blizzard of bot created spam out of my inbox.

    Captchas are popular because there’s zero management required by the author.

    They are an imperfect solution to an imperfect problem but other solutions such as asking people to sign up for TypeKey or an other identity provider can be even more off putting and I’ve lost comments in WordPress when the spam filter tripped and placed a valid comment somewhere in amongst the 100/200 spam comments I was receiving on a regular basis.

    Having to moderate comments and parse the trash for something which suffered from an overzealous spam filter was a part of my day I decided I could do without.

  5. Tom – not entirely true. I’ve received several spam comments from this blog on threads I was subscribed to over the last year

  6. Maybe not, but I don’t think your “holier than thou” attitude to captcha helps anyone.
    For a lot of people captcha is a simple and effective means of blocking junk from hitting their blogs. I’ve seen some horrible implementations, but the simple one that Justin Mason uses works very well and probably saves him from having to deal with a lot of junk.

    Also, while you may find it easy to edit wordpress templates you’ve had plenty of experience in IT. We’ve found that a lot of bloggers have serious issues with even minor changes to their templates – even installing a new wordpress template can prove difficult for them. For a lot of wordpress users the builtin in plugins are about all they can be reasonably expected to use.

  7. Apologies if I am coming across as “holier than thou” – I’m simply trying to say that using the techniques outlined above, CAPTCHAs are not necessary for spam avoidance.

    I think I’m going a long way to help people here. Publishing my .htaccess file and my word lists so people can use them to alleviate their spam issues.

    On the template front – that comment was directed to Tara and I expressly offered her any help she needed precisely because I do realise that people can find it tricky and I don’t think it is necessary to “pay someone to do the template”.

  8. I agree with Michele on this one. Justin Mason’s small little insert my name here box is quite good in a way and I also like the add these two numbers and input the answer idea I’ve seen scripted by some people on their sites. Neither are fool proof but they’re enough to trip up the bulk of spambots.

    Captchas maybe a level of complexity too far but it’s technology which is widely available and enabled with a tick of a checkbox or a push of a radio button. The amount of people blogging via a hosted service far outweighs those running their own server so there’s only so much control a lot of bloggers have anyway. Then there’s the fact that they go with a hosted service as they don’t want to have to deal with any technical nonsense anyway. Not everyone has the ability, and then there are those who have the ability but not the time. After all of those you have the folks running their own servers. A minority in a minority.

    You interviewed Loic Le Meur and Vint Cerf if I recall, if you want something changed then you already have their email addresses.

  9. All of those things I talked about are a reality. I hang out with Matt M. I have a relationship with Chris Messina. I have had 8 different people on 8 different occasions tell me all of this after taking a look at my site.

    The truth is…Blogger is way easier. I don’t want a photo in the background. i have a completely customized template I created myself in CSS and html. Simple. I don’t want a template that others will be using.

    Anyway, I agree that anything that limits accessibility sucks. 99% of the net has accessibility limitations. I had a blind professor in university that took us into her lab one day to show us. It’s quite terrible. Tables. Images. Gif headings. Flash. Ajax (although it wasn’t around at that time, I’ve heard that it is extremely evil on text readers). Frames. Almost every layout we take for granted is terrible. Captchas represent 1% of what is wrong online when it comes to accessibility. This is not a justification, but an observation. You really should be railing against all of the above.

  10. Has amnyone used simple question and valid answer technique to block spammers eg please enter the answer to five minus two or similar techniques

Comments are closed.