If you have a wordpress blog and are receiving thousands of spam comments, and many are not recognized as spam by akismet, you should add an extra mechanism to protect your blog and save yourself a lot of time (wasted on reviewing obvious spam). Read on.
Configure your Discussion Settings
I assume you want to allow your readers to comment… if not, then you may find this page in the Dashboard very useful: Settings > Discussion
- Allow people to post comments on new articles: if you do not want to receive comments at all, check this option. You can override it per post (when you write/edit a post, click at the top right on “Screen Options” > “Discussion” and see a tab appearing under your post, showing these 2 options:
- Allow comments
- Allow trackbacks and pingbacks on this page
- Users must be registered and logged in to comment: this probably works only for a private blog
- Comment must be manually approved: this is a must for me. In case a spam comment is not detected, it won’t be shown to the public.
- Comment author must have a previously approved comment: this is also a good option I activate. I want to have full control on my blog.
Actively fight spam
WordPress comes with a plugin called Akismet. In order to use it, you must sign up for an Akismet API key, Do it! Then go in the Plugins page, click on Settings (in the Akismet tab) insert the key and activate the plugin.
Akismet, in the last months, was for many users not effective anymore. It doesn’t detect many obvious spammy comments as spam. Every week I get at least 30-50 comments in chinese or arabic, full of spammy links. I don’t understand why akismet doesn’t detect them as spam… Well, you need to add some extra protection, like a captcha or another plugin.
How to install a WordPress plugin: Browse to your Plugins page, click on “Add new” and search for it, find it in the WordPress Plugin Directory and install it from there, with a few clicks. Else you can also install it manually by downloading it from the author’s page, unzipping it and copying the contents in your WordPress installation, under /wp-content/plugins/
2 WordPress Plugins that will make your life easier
Captcha control: for my blog I’m using a plugin called FunCaptcha, it works very well and it’s very easy user friendly (much better than some standard captchas, difficult to understand). The user must rotate a picture by clicking it a several times, or select something. Try the example in the author’s website. You must register to the author’s website and get a public and private API keys. This is very easy. This plugin is excellent: since I’m using it I receive practically 0 spam comments.
Cookie control: there is also a plugin called Cookies for comments. What the plugin does is very simple. It will add a cookie to the user’s browser and check if the cookie exists when the comment is entered. If it doesn’t, it may be a paranoid user who deactivated cookies, or a spammer. As the majority of users doesn’t deactivate cookies, and I have no time to deal with the paranoids, I simply accept the default option provided by the plugin to automatically mark as spam all comments that didn’t pass the cookie check. This plugin does exactly what I said: marks as spam the spammy comments. The problem is that you will still receive hundreds or even thousands of spams that you must manually delete by clicking the “Empty Trash” button.
Conclusion: use FunCaptcha.
Clean up thousands of comments marked as spam
I don’t know how, but my little blog was spammed with more than 100’000 thousands comments (wasting more than 600 MB of hosting space…). The Empty Spam button doesn’t work in this case, I guess because PHP is going out of memory. So if you find yourself in the same situation, you need to manually clean up your database comments (and meta) tables yourself. This is quite easy, just run these 2 queries (I had to save them in a txt file as my host doesn’t let me save this post for security reasons). Then optimize the 2 tables.
That’s it. I hope that akismet will improve the spam detection, but it seems to me that extra measures have to be taken. Spammers get smarter (or the tools they use get smarter…) and we have to update our countermeasures to protect our blogs and the internet…