Fighting and Preventing Spam
Spam can be a nuisance to anyone who runs a blog. It disrupts your comment flow and forces to you spend time moderating comment after comment. A person with experience using any blogging platform that allows for commenting can attest to this. What can you do about this problem? Most actions fall into two groups: fighting the spam after it has been created, and preventing the spam from ever reaching your posts.
First of all, what do we mean by spam? One type of spam occurs when a third party leaves a comment on your blog that includes one or multiple links to their own website and products. This unsolicited advertisement is an attempt by the commenter to gain sales via your visitors and to gain an improved rank among search engines. This type of spam can also occur utilizing trackbacks in order to trick you into thinking their link is an endorsement of your content and not a cheap trick to get their link onto your website. Another type of spam occurs when a third party will leave a comment containing nonsense in order to damage your reputation and website, and possible even try to find a way into your website.
The first step to dealing with spam is to fight it as it comes in to your site. This self-defense of your website requires varying levels of activity on your part. Using automated methods, you may need to only check for spam less frequently than the manual alternative. However, manually sifting through and sorting comments ensures better control over the discussions, and may reduce the amount of spam missed and the amount of false positives.
This is the manual method of sorting through comments that you may already be familiar with. For those that are new to WordPress, and even blogging in general, you should know how to moderate comments on your website. As a verb with an object, as used in the previous sentence, “to moderate” means “to reduce the excessiveness of,” and that is exactly what moderation involves when dealing with comments and comment spam.
The first step to moderating comments is knowing what is a valid comment and what is a spam. When in the Comments screen, look for comments that have many links, a non-human name, or overly-generic text. These are signs that a comment may be spam, and therefore require action. Look at the comment or comments in question, and see if they are related in any way to your content or previous discussions. If the comment looks out of place, or just too unusual, then it is probably spam.
To remove spam that is currently on your site, find the comment in the Comments screen and hover over anywhere in its row. Find the “spam” link underneath the comment’s text and click the link. This will send it to the spam folder and away from being displayed to your visitors. If you wish to delete the comments in your spam folder, go to the Spam page of the Comments screen and click on the “Empty Spam” button above the list of spam comments.
If you want to make sure that every comment is moderated before being seen by your visitors, check the “an administrator must always approve the comment” option under “before a comment appears” in the Discussion Settings screen.
Automated methods of moderating spam save you time and are very helpful at ensuring spam is not seen by your normal visitors. These processes run when a comment is posted and check to see if the comment contains certain elements common to many spam comments.
One of the most popular and best automated filters is Akismet. Akismet is made by the same company that makes WordPress, and as a result is quite popular and very effective. To set up Akismet with your site, grab a copy of the Akismet plugin and install it on your website. You will be prompted to enter an API key to enable functionality, so head to Akismet’s website and sign up for an account to receive an API key. The key will allow your website to connect with Akismet’s servers and use a global database when filtering your comments for spam.
There are several methods of preventing spam from ever reaching the moderation queue. They can prevent some, if not most, forms of spam if configured correctly. Some of the methods below are completely silent, meaning nobody except you will know that they were activated, while others are visible to everyone.
Enabling Restrictions & Blacklists
One of the easiest and simplest methods to prevent spam comments is to restrict who can comment and what comments may contain.
Head to the Discussion Settings screen of your WordPress site, and look at the section labeled “other comment settings.” The settings there will allow you to limit or restrict who is able to leave a comment. “Comment author must fill out name and e-mail” is a helpful setting in reducing the amount of spam, since it will not allow a comment to go through if there is no name or email, which is something that may be missed by simpler spamming scripts. In the section labeled “before a comment appears,” you can choose whether or not a comment may appear before any moderation occurs.
The two large sections below those settings are for the moderation keys and the blacklist. Entering content into the Comment Moderation box will force a comment into the moderation queue if the comment contains any of these in the comment text or meta data. Entering content into the Comment Blacklist box will immediately mark any comment containing anything in this box as spam without you doing anything. You can also disable certain people from being able to comment on your website. If you notice a particular IP address that submits a lot of spam, you can place that IP address into the Comment Blacklist box in order to mark every comment from that IP address as spam. The Codex has a list of the most common spam words, and you can copy and paste that list into either box.
Another feature added via a plugin, using a CAPTCHA with your comments will further reduce the amount of spammers able to submit comment spam. The most popular plugin that adds a CAPTCHA is SI CAPTCHA Anti-Spam, and it protects your comments, registration, login, and lost password forms from spamming scripts. In order for SI CAPTCHA to work with your theme, you need to make sure that the code indicated on its admin options page resides in the theme file that contains the comment form.
Another take on adding CAPTCHAs is the use of an Image CAPTCHA, such as implemented by the previously reviewed plugin Prove You Are Human. In order to post a comment, a visitor needs to look at nine images, compare them, and select the two that are the most similar. The similarity might be that there are two dogs, two pieces of text, two pieces of clothing, or whatever the plugin author has chosen to include.
Disable All Comments and Trackbacks
One of more drastic, but effective, measures to stop all incoming spam is to turn off the ability for anyone to comment on or send a trackback to your website. To accomplish this, head back to the Discussion Settings screen and uncheck the options under “default article settings.” This will prevent any comments, even legitimate comments, from being made on your website, so follow this advice with caution and consideration.
Promoting discussion on your website can lead to a rich community and encourage people to frequently visit your website. However, you have to be on the lookout, for an increase in popularity will usually mean an increase in people trying to leech off of your success. You need to know what to look out for, and what to do when you encounter spam on your website. With some precautionary measures, you can easily and effectively reduce the amount of spam you or your visitors can see. Built-in options and plugins will offer many great tools, but manual moderation is the only way to be sure that all of the spam is being removed from the public’s view, and that the least amount of legitimate comments are being blocked or removed accidentally.