Added Two New Plugins To Increase WordPress Spam Protection

December 14th, 2006 • RelatedFiled Under

Although the WordPress plugin Akismet does a good job of stopping spam, it does occasionally generate false positives, which are hard to correct because of the sheer number of spam messages that would have to be scanned to find mistakes.

I’ve decided that it’s time to add a couple more layers of defence so that I’m not 100% reliant on Akismet, and also to make sure that fewer false positives are created. So, I’ve added the following plugins:

  • Math Comment Spam Plugin: I found this plugin via SEOpedia. Basically it asks a very simple maths question which readers have to answer before they can leave a comment i.e. prove they are human and not a robot. The questions really are simple, and avoid using annoying Captchas
  • Simple Trackback Validation Plugin: This will hopefully cut down on trackback spam by not allowing a trackback to be placed unless it has a link back to my site. If it doesn’t then it’ll get dumped in the moderation queue

Adding these plugins has provided knock-on benefits. They’ve allowed me to reduce the number of banned words that are scanned before a post is allowed, which should significantly speed up posting responses and also my server load.

Related Posts

Bookmark

  Digg it   Save This Page   Google
Enjoyed This Post? Subscribe To Get Updates!

About the Author

author photo

Everton is based in London and has worked in the internet and mobile space for over ten years now, and before that worked in corporate strategy and consulting. He has a degree in Economics from Cambridge University, and currently runs the Portal and online operations for one of the largest ISPs in the UK.

See All Posts by This Author

« Join Connected Internet’s MyBlogLog Community! Arrington Closes TechCrunch UK After Dispute With Editor »

There Are 6 Responses So Far. »

  1. 1

    Comment by Quix0r on 14 December 2006:

    I have found a german post about this math-plugin. He found out that a spammer can very easy find out a hash and the matching result. So please add a “secret key” to your wp-config.php when not already done:

    define('WP_SECRET', "wordpress-xxxxxxxx");

    By xxxxx is something random typed by your finger-random-generator… ;-) And do never every expose this to public. :) Now you just need to add this to the plug-in code where it generates the code and where it compares it with the hidden one from the form.

    If you like, add this code to the hashing parts as well:

    filemtime(__FILE__).":".filemtime(ABSPATH . "wp-config.php");

    This shall add more entropy to the hash. Finally add - when your blog support his - the number of views or reads of the current post plus title. This is much more secure against “guessing” the current hash.

  2. 2

    Comment by Everton Blair on 14 December 2006:

    Thanks Quix0r. I think I’ll give this a go this evening, as although the amount of spam getting through to Akismet has fallen by around 95%, which means I can now catch the false positives, I want to stop the 5 spam comments per hour that are still somehow getting through.

    Still it’s better than the approx. 100 per hour I was getting, which was crazy. I haven’t had any trackback spam though since adding the trackback validator which is fantastic.

  3. 3

    Comment by Ajay on 19 December 2006:

    I’m using Peter’s Antispam on my blog. Going to give Math one a shot on Techtites :)

  4. 4

    Pingback by WordPress Optimisation: Block WordPress Referral Spam » Connected Internet on 21 January 2007:

    [...] min) and trackback spam problem under control using SK2, a clever tweak on the comment form and the math comment spam plugin, I was still getting hit with hundreds of referral [...]

  5. 5

    Comment by Quix0r on 17 February 2007:

    On my blog I have now answered someone what to do next after you have created your key WP_SECRET in your wp-config.php script. Please have a look on it.

  6. 6

    Comment by Quix0r on 17 February 2007:

    Oh, and sorry for my bad english. :/

Subscribe without commenting

Post a Response

Comment Policy: Any comments are permitted only because the site owner is letting you post, and any comments could be removed for any reason at the absolute discretion of the site owner.