Fighting WordPress Spams

Of course the most popular plugin for protecting WordPress blogs from spamming is Akismet. Yes it is simple to use, famous, and easy to get.

But in my opinion, if you’re running an unknown blog like mine, you should discard Akismet and choose a more clever one. Akismet blocks non-spam comments now and again, and it’s difficult to rescue them from within the thousands of spams. Some day you will suddenly find a regular comment by your friend in the spams and realize that. It’s the same situation when using Spam Karma or Bad Behavior. They all block regular comments by some probability.

So stay away with the plugins which recognize spams by using machines’ intelligence. I need a plugin that will block all spam bots but will never block a human being.

Usually, the spam bots are not clever enough to emulate a browser (except the human spammers, of course). So why not use some simple JavaScript to confirm the commenter is not a machine?

I first tried WordPress Hashcash. It blocks all bots and never blocks a human. But it needs a database table to function right. I don’t like this.

Then I found bcSpamBlock, which seems an ideal solution for me:

  1. It ensures only comments by human pass through the validation.
  2. It doesn’t need a database table.
  3. It rejects the spam in the “preprocess_comment” filter, which means the spam won’t be saved to the database, making the database always clean. Too many comment_ID’s we’ve wasted on spams! (Yes I’m an idealist :) )

There are some human spams which will bypass the plugin but I have the time to delete them.

Wait, still there are trackback spams! bcSpamBlock does have a simple way to check trackbacks, but I disabled this feature and used the Simple Trackback Validation plugin. The ideas to validate trackbacks are identical, but the latter is more reliable.

So the final solution becomes bcSpamBlock + Simple Trackback Validation.

When bcSpamBlock is famous enough, there must be a way for bots to analyze the keys and simulate a human (I’ll try this). But for now it’s enough for me.