I was getting hit with spam pretty hard on this site, and my other site, ITsVISTA. I have Akismet installed, which does catch it all, but unfortunately it also catches many of my trackbacks. When you have a list of hundreds of spams in Akismet, it’s no longer practical to hunt through and find the false positives. What to do?
I’d heard that renaming the comments script would help stop most of this automated spamming, but it proved not to be true in my case, the spam was still flowing. Of course I could limit comments to registered users only, but I found that greatly limits the number of people willing to comment. So, I decided I needed to install a challenge system that can tell if you are human.
I looked at the captcha methods (a graphic of a distorted word that the user has to type in) that were available for Wordpress, but didn’t like the requirements for special graphics software on the server. Then I found Math Comment Spam Protection Plugin. This lightweight plugin challenges the user with a simple math problem to prove that they are real. It simply adds an extra field for the user to fill out, and asks for the answer to a question such as ‘Sum of 1 + 4?’. I customized mine to say ‘What is 1 + 4?’, which seemed even easier (some may not understand the word sum, say that 10 times fast!).
How does it work?
This plugin does not require JavaScript or cookies. It uses a special encryption function; the result of the question is being passed via a hidden field. The result is being compared with the value entered by the visitor – after encrypring this value as well.
It’s easy to install, just copy the file, activate it, and then be sure to go to the option page and save the options. I didn’t do the save options thing the first time on my ITsVISTA site and their was an error message on my pages. The options page allows you to specifies what numbers to include in the challenge, and if you want the number written out, or in numerical format. If you’re concerned about the math capabilities of your audience, you can even remove the higher numbers and keep the problems as simple as possible (maybe just have problems that use 1, 2 and 3). Once activated, their is some code you place in your comments form that ads the extra line. It’s easy and the instructions are clearly laid out.
Since installing this plugin on my two sites, I have recieved NO SPAM. I haven’t yet had problems with trackback spam, so for now I am disabling Akismet so I don’t have to worry about it catching my legitimate trackbacks. I’m sure if someone wants to hack around this, it’s possible, and of course it doesn’t stop annoying comments from real people, but for sites that just get automated spam, this is an excellent way to stop it dead in its tracks.
January 4th, 2007 at 11:52 pm
Before you get too excited, understand that this doesn’t work, and it works against you.
It doesn’t work because comment spammers know how to get around it. It also doesn’t work because now there are people hired to comment spam and they can figure out how to add.
More importantly, it forces your readers to jump through difficult hoops to leave comments. I once had to go through 6 rounds of answering addition numbers and even though it was as simple as 2+2 and 6+10, my right answers weren’t “right” as far as the plugin was concerned. I gave up, throughly ticked as I wanted to leave a comment. It is also difficult for those with eye problems and the match challenged. So why torture your readers?
Honestly, want to get rid of comment spam, use the right tools and spare your readers. People have been trying this for a couple years and it doesn’t work.
January 5th, 2007 at 9:51 am
I’m sure you’re right, for high traffic blogs. Until my traffic increases to 5 digits per day, it wouldn’t be worth anyones time to find a way around it or do it by hand. Once I build my readership to that level, I will have different problems to deal with. Looking at the article you sighted, I haven’t tried Bad Behavior or Spam Karma, so maybe they will be good options, but as I mentioned, Akismet is eating my trackbacks, so it’s not a working solution for me at any traffic level.