Added Two New Plugins To Increase WordPress Spam Protection
December 14th, 2006 • Related • Filed Under
Although the WordPress plugin Akismet does a good job of stopping spam, it does occasionally generate false positives, which are hard to correct because of the sheer number of spam messages that would have to be scanned to find mistakes.
I’ve decided that it’s time to add a couple more layers of defence so that I’m not 100% reliant on Akismet, and also to make sure that fewer false positives are created. So, I’ve added the following plugins:
- Math Comment Spam Plugin: I found this plugin via SEOpedia. Basically it asks a very simple maths question which readers have to answer before they can leave a comment i.e. prove they are human and not a robot. The questions really are simple, and avoid using annoying Captchas
- Simple Trackback Validation Plugin: This will hopefully cut down on trackback spam by not allowing a trackback to be placed unless it has a link back to my site. If it doesn’t then it’ll get dumped in the moderation queue
Adding these plugins has provided knock-on benefits. They’ve allowed me to reduce the number of banned words that are scanned before a post is allowed, which should significantly speed up posting responses and also my server load.
Bookmark & Share
Related Posts
- How To Reduce WordPress Trackback Spam
- Guide To Reducing WordPress Trackback Spam And Comment Spam
- Testing New Beta Comment Guard Plugin - Please Help
- Useful WordPress Tweaks And Plugins
- I Need Help With Spam Karma
- I Hate Capthcas - My New Blogging Enemy #1
- Eliminate Wordpress Comment Spam Without A Plugin!
Comment by Quix0r on 14 December 2006:
I have found a german post about this math-plugin. He found out that a spammer can very easy find out a hash and the matching result. So please add a “secret key” to your wp-config.php when not already done:
define('WP_SECRET', "wordpress-xxxxxxxx");By xxxxx is something random typed by your finger-random-generator…
And do never every expose this to public. 
Now you just need to add this to the plug-in code where it generates the code and where it compares it with the hidden one from the form.
If you like, add this code to the hashing parts as well:
filemtime(__FILE__).":".filemtime(ABSPATH . "wp-config.php");This shall add more entropy to the hash. Finally add - when your blog support his - the number of views or reads of the current post plus title. This is much more secure against “guessing” the current hash.
Comment by Everton Blair on 14 December 2006:
Thanks Quix0r. I think I’ll give this a go this evening, as although the amount of spam getting through to Akismet has fallen by around 95%, which means I can now catch the false positives, I want to stop the 5 spam comments per hour that are still somehow getting through.
Still it’s better than the approx. 100 per hour I was getting, which was crazy. I haven’t had any trackback spam though since adding the trackback validator which is fantastic.
Comment by Ajay on 19 December 2006:
I’m using Peter’s Antispam on my blog. Going to give Math one a shot on Techtites
Pingback by WordPress Optimisation: Block WordPress Referral Spam » Connected Internet on 21 January 2007:
[...] min) and trackback spam problem under control using SK2, a clever tweak on the comment form and the math comment spam plugin, I was still getting hit with hundreds of referral [...]
Comment by Quix0r on 17 February 2007:
On my blog I have now answered someone what to do next after you have created your key WP_SECRET in your wp-config.php script. Please have a look on it.
Comment by Quix0r on 17 February 2007:
Oh, and sorry for my bad english. :/
Comment by Cheryline on 12 August 2008:
spammers are very adapt to the new technologies and always try to find a way to hack your system and get their message across. You always have to stay above them at all times.