Guest post by Alex Denning, a Twitter fan who runs WPShout.com, where he blogs about WordPress tips, tricks and hacks.
1. Install Akismet
This is the simple one that everyone does. Akismet comes bundled with WordPress by default and does a good job of picking up spam – for the average blogger, install Akismet and your spam problems will be sorted. The trouble is though, it just stops spam getting displayed, it doesn’t get to the root of the problem. That’s where this post comes in. We’ll start with some simple methods of stopping spam being displayed and then we’ll move onto stopping the spammers getting on your site in the first place.
2. reCAPTCHA
The reCAPTCHA plugin is one you’ve probably seen around on sites such as Facebook, Twitter and StumbleUpon. It isn’t just your average CAPTCHA (an image containing some letters that are designed so only humans can read them), it uses words from old books, so every time you enter a reCAPTCHA, you’re helping digitise books. At this point, you’re probably thinking but if I’m telling it what the words mean, does that mean I can enter anything? How does that stop spammers? The answer is simple – there are two words, one of which the CAPTCHA knows. The second, it doesn’t and you’re helping digitise it.
The plugin is simple to install, in 2.7+, just do a search for WP-reCAPTCHA and click install. You’ll need a key for the plugin to work, which you can get here. After you’ve done that, reCAPTCHA should appear on your comments’ page.
3. Ask your readers to do 1+1
The second plugin that we’re going to look at as a way of stopping spam being displaued is the ‘Math Comment Spam Protection‘ plugin. Using it, you can add a field to your blog’s comment box with a simple maths (or ‘math’ as they say in the States) question.
I’m not going to go into installing it here as there’s a comprehensive installation guide on the plugin’s website. You can see it in action on WordPress Hacks (image above).
4. Stop spam trackbacks
The final plugin that we’re going to look at is one by the same author who made the plugin above. The ‘Simple Trackback Validation‘ plugin checks if the IP address of the sender of the trackback is the same as the IP address that the trackback URL refers to, thus eliminating [lots]% of trackback spam as spammers won’t use bots running on infected machines. As the plugin’s page says, the plugin also “retrieves the web page located at the URL included in the trackback. If the page doesn’t a link to your blog, the trackback is considered to be spam. Since most trackback spammers do not set up custom web pages linking to the blogs they attack, this simple test will quickly reveal illegitimate trackbacks. Also, bloggers can be stopped abusing trackback by sending trackbacks with their blog software or webservices without having a link to the post.”
Like the ‘Math Comment Spam Protection’ plugin, there’s an installation guide on the plugin’s homepage.
5. Make users login to comment
This is something that probably won’t be a good idea for the majority of bloggers, but it will stop spam – make users login to be able to leave a comment and spammers will be stopped from commenting, but so will one time visitors. Just keep that in mind.
Under ‘Settings’. click ‘Discussion’ and then tick the box ‘Users must be registered and logged in to comment’. Then save changes and you’re done.
6. Ban spammers by IP
Now that we’ve stopped spam being displayed with the tips above, we’re going to move on to blocking spammers getting on your site in the first place. Something we’re going to be using extensively is the .htaccess file. A basic introduction that you should read first is here, and remember the golden rule of .htaccess – always have a backup. Further .htaccess reading is available here on CatsWhoCode and my own blog, WPShout.
In most situations, this tip wouldn’t be too much of a good idea; spammers will fake often their IP, but if there is one IP that is particularly bugging you, then the code below will block them from visiting your site – instert it into your .htaccess file in your blog’s root, changing the second line to include the IP that you wish to ban.
Order allow,deny Deny from 100.100.100. Allow from all
7. Ban spammers by IP, on a massive scale
You’ve blocked a single spammer. Well done. Now, with help from Perishable Press, you can block thousands of spammers – Jeff from Perishable has compiled a number of blacklists, from which you can pick and choose which you want to implement into your .htaccess file. The latest blacklists, the ‘fourth generation’ can be accessed below:
- ‘The Perishable Press 4G Blacklist’
- ‘4G Series: The Ultimate Referrer Blacklist, Featuring Over 8000 Banned Referrers‘
- ‘4G Series: The Ultimate User-Agent Blacklist, Featuring Over 1200 Bad Bots’
8. Deny comment posting to no referrer requests
Another .htaccess trick and the final comment spam stopping technique we’re going to look at is denying comment posting to no referrer requests – in other words, if the comment isn’t actually coming from your site, then it gets blocked. Make sure you change the url in line four to your blog.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]Source – WordPress Recipes.
9. Stop content theives
Spammers don’t just limit themselves to spamming your comments – often they’ll steal your content too. This next trick will stop spammers who steal your content via RSS. Once you’ve found a site stealing your content, first thing to do is find out the site’s IP address. A search for ‘ping [site name, ie catswhocode.com]‘ should give you a result. Once you’ve got that, head over to the offending site and find their RSS feed. Then, open up your .htaccess file and add the following lines:
RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^69.16.226.12
RewriteRule ^(.*)$ http://newfeedurl.com/feedChange the IP in line two with the IP of the offending site and the url in line three with the offending site’s feed.
Source - WPShout/ SEO Black Hat
10. Stop spammers stealing your images
Now that we’ve stopped spammers from stealing your content via RSS, now it is time to combat those who just copy and paste your articles onto their site. Yes, this isn’t technically stopping spam, but it is helping combat the spammers.
You’ve got two options if people are hotlinking your images – watermark or .htaccess. We’ll look at both, and I’ll leave you to decide which is better. First up, watermarking. The foolproof method is to watermark your images before you upload them, which you can do with some simple software – FastStone Photo Resizer is a great tool that I’d thoroughly recommend. What’s more, it’s free! The second option is to install phpThumb and create a shortcode that resizes and watermarks your image. Copy and paste the following code into your functions.php file, having uploaded phpThumb to your theme’s folder, uploaded a watermark and changed the URLs. You can also change the width that images will be resized to (it’s currently 590).
<?php function imageresizer( $atts, $content = null ) {
return '<img src="/THEMEURL/phpthumb/phpThumb.php?src=' . $content . '&w=590&fltr[]=wmi|/images/watermark.gif|BR"Â alt="">';
}
add_shortcode('img', 'imageresizer'); ?>With the code integrated, now when uploading a picture, upload it in the normal way, then go into HTML mode and copy the image url, then delete the image and then paste the image URL between [img] and [/img].
Of course, you can also easily disable hotlinking by going into your .htaccess file and pasting the following (changing lines three and five – five will display and alternate image – send it to something blank, or perhaps an ad for your site?):
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
#RewriteRule \.(gif|jpg)$ - [F]
RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/advert.jpg [R,L]
Wrapping up
So there we are. Ten lovely ways to stop spam in WordPress, in roughly 1323 words. Got any tips to share? Leave a comment below, of course!
My name is Jean-Baptiste Jung and I'm the man behind Cats Who Code. I started to use the Internet back in 1998 and started to create websites three years laters in 2001.
58 Comments
I think Akismet is pretty much all you need.
Hello,
I don’t agree i think that a few of the above methods are more than needed in today’s world i put my blog back online after 6 months of down time and i am getting 200% more spam than i ever did before even with askimet enabled.
Rich
Known most of them.
Nice post!
regards.
quicoto,
Though most of them are known people ignore it during wordpress setup. I have seen many of client event activated Akismet. I am pretty much sure that Alex’s effort will encourage bloggers to use these tricks.
Useful post, I’ll try it.
Thanks
I’m off to implement number 9 right now. Recently discovered a relentless scraper stealing entire articles and removing all links. The worst kind of scum!
#9 is a great idea – wish I’d known that a couple of months back
I have a couple of ideas to add –
install Bad Behavior: it complements Akismet beautifully and stops spammers before they actually get to leave the comment, so you don’t have hundreds of spam comments to scan for the odd false positive.
And also Comment Timeout – I find most spammers leave comments on older posts, so closing comments after a couple of weeks or a few days after the last comment on a thread also reduces the potential for spam.
Good “stop spam” tips never go out of fashion. Many new bloggers struggle with spam and just putting a couple of the tips on list into use goes a long way. Start with Akismet, that’s a given and continue with the simple trackback validation plugin. I’m running the Hashcash along with those and these three have worked wonders for me so far. I’ll get around ip blocking and .htaccess hacks if things start to go out of control.
@Jeff – Kyle Eslick said to me a while back that he didn’t mind people scraping as he saw it as flattering that they see the content of his blog good enough to scrape!
Please see and use the AntispamBee – a simple, anonymous and registration-free antispam plugin for WordPress antispambee.com.
useful tips, Thanks!
Great post!
I have found the simplest way to stop spam, and one which also adds a useful feature which should be part of WordPress already, is simply to install a preview plugin and require all users to preview their comments before posting. Thus, once a comment is written, the only button available is Preview rather than Post/Submit—the latter only becomes available once the preview is displayed. It works a charm, and it’s really helpful for getting people to take a second to think about what they’re writing, and check it for obvious errors, too.
Just install Akismet and you’re done. Recaptcha is good, but I think that is not very user friendly, consider a blog targeting kids, they’ll find the captcha a bit hard.
Stop Spam Tackbacks is useful. There are a lot of spam trackbacks on my site. May want to give this a try.
I always thought Akismet is all you need. Thanks for these useful tips
Akismet, captchas, IP blocks and mandatory login?.. This post should be called “How to stop comments forever”. Bots won’t care, but harassed readers will.
Thanks for the post, I found using Akismet cuts down spam quite a bit but isn’t 100%, and won’t help with things like content stealing so it’s good to have a few more things in the arsenal.
I use Akismet you also have some nice tip that I hadn’t really come across (not very techie me)
I installed AntiSpam Bee and been using it for months. No annoying captcha, no manual moderation, it simply works in eliminating automated spam comments
My review about it here
http://www.michaelaulia.com/blogs/fight-against-spam-round-iv-antispam-bee-enters-the-war.html
But of course 1-2 spam will still go through but that’s when Akismet comes in
I also use AntiSpam Bee because Aksimet alone does not block enough spam and I do not like captchas.
Its been a common concern observed in most of the bloggers.Spam is one of the factors thats been a worry to all. This is a useful article for most of the bloggers.But, Akismet as you said is not that effective as per my experience.I still receive ample spams on a regular basis.
Is there a better alternative known to you?
Anyways, I must appreciate the efforts you have taken for the nice write up.Thanks again for that.
Nice list of Spam protection plugins for WP. I think, the most use among the list is Akismet, reCAPTCHA and Math comment spam protection. However, I’ve read before that Akismet isn’t that effective, but still useful in some cases.
Excellent post. I am not a big fan of the captcha usage as it tends to reduce comments. I should try the htaccess methods as scraping of my feed is increasing day by day.
Thanks for the tips, but I don’t quite agree with 2, 3 and 5 because these also get in the way of real commenters, and may reduce the number of legitimate comments that you get.
great recommendation for the tips. I will do it on my web.
Thanks for this list. I use NoSpamNX in my site which is pretty good at blocking.
Nice article. Akismet and the math questions get rid of 99.9% of spam, in my experience. It also helps if you set your blog to manually approve comments, though that takes more time to manage.
Hey Alex,
Extremely useful and informative post. I will certainly apply most of it. Many tips that you mentioned in your post are new to me, and incorporating them will definitely prove helpful in preventing spams. thanks a lot for this wonderful compilation…
I use only Akismet for stopping spam. I used Captcha plugins before but I think it discourages commenting. Some captcha are too hard to read!
These are great ways if you have an already active blog, but for people just starting out their blog, you might be discouraging initial activity on your site. Of course, the smaller the blog, the less spam you get, so I guess it just scales at the end of it all.
Thanks for the tips, but I don’t quite agree with 2, 3 and 5 because these also get in the way of real commenters, and may reduce the number of legitimate comments that you get.
Awesome article. Akismet is a really helpful tool.
Great tips especially for newbies like me. I will keep this in mind and use it in my site. Thanks.
Having worked with WP a long time my opinion is more or less that 1. is enough. Even though it saves the spam (for a time) it keeps it out of my comment boxes. I love the day I discovered Akismet.
Useful and informative tips as always!
Hey, thanks for these tips. I have several blogs that are getting loads of icky spam comments every day. Its the same people sending the same messages. They seem to think that if they keep sending them, I will just give in and approve them or something lol. I’m definitely going to try these, thanks
reCAPTCHA is the best by far, imho. Had some serious spam issues on one of my older sites, and all I knew of was to hold the comments until I`d moderated them. Was a real pain in the butt, I must say, I had to look over ALL the comments because maybe 2 or 3 of the 50-100 were actual comments, and good ones. reCAPTCHA really made it all easier for me..
Great list of plugins to stop spam but i personally use the Akismet and It’s the best plugin to stop spam for me. Really helped me stop spams in my blog. Akismet knows how to identify a spam from not a spam.
This is the EXACT thing I`m looking for! I`ve got a site that`s been up for only a few weeks, and spam has already become a major problem. I have noe idea how they do it, but I keep getting spam comments that`s gotta be automated. What, do they use a program to find new websites or something? Cuz I wouldn`t have put my link on my site, I still have a big fat zero in PR.
Love it. Especially #9 and #10. Nice to have SOMETHING you can try to do and protect what is being stolen.
That being said, if you publish your feed via Feedburner, #9 isn’t really going to work is it?
Nice list but I think Akismet is alone enough for spam comments.
That was a useful list of tricks.I feel comment moderation will also be a useful trick to stop spamming. I have found it useful.
Thanks for the great resource. I’ve used Akismet and reCaptcha but your other suggestion will definitely come in handy.
New to wordpress – Great article!
Math Comment Spam Protection & Simple Trackback Validation really keep the spammers away. Unfortunately the server on which my new blog is hosted doesn’t support them and the technicians are still working at it.
Beware of Perishable Press’s list. You could end up blocking legit visitors to your blog.
Nice post thanks for the tips some extra one that were new to me
Unfortunately, two of the described plugins had their last update about 10 years ago, tested for Wordpress 2.2.2.
Are they still being maintained?
Peter
Thanks for the article.
It really helped me out, as I was getting 20+ spams.
with Akinet and reCAPTCHA should be enough to prevent them, rigth?
l like the article, need to try all that see if it works
but l know that works good for comments
It’s like the cops and robbers. As the cops get smarter and invent new things to catch the bad guys, the bad guys reinvent ways to get around the cops. I really hope the war on SPAM is over soon but then again, a lot of people would lose alot of money if SPAM completely vanished.
Strange notice about reCaptcha – sometimes when you enter not valid letters (1 or 2) – script still thinks you are not the bot.
(not tested with with 3 or more mistaken letters)
Thanx for sharing this info on spammers. I forgot all about akismet. Hopefully, all I need to do is activate that plugin and put in the API…
Would it make a difference to the content that has already be lifted, or would it just prevent them from using your rss feed to steal content in the future? You cans also set the number of times someone has to comment before a link is added with the linkylove plugin.
Great article. have you ever thought of adding more images to keep us readers more interested just in case we’re visual learners? Just my two cents. I’ve added you on my blogroll.
Just by activating Akismet reduces my spam to almost zero. I just wish the API key was provided when wordpress installs!!
Askimet is a must plugin for every wordpress blog. In addition one can use math comment or re-captcha plugin to avoid spam.
This is very informative. I’ve been using some of these apps like Akismet and reCaptcha and they have been very helpful in reducing spam.
35 Trackbacks
[...] Top 10 ways to stop spam in WordPress Share and Enjoy: [...]
[...] post: Top 10 ways to stop spam in WordPress Related Posts:Wordpress Tips – Mark Comments as SPAM Automatically by IP AddressTech Stop | New [...]
[...] more here:Â Top 10 ways to stop spam in WordPress Share and [...]
[...] Ten ways to stop spam in WordPress covers the basics and includes a few new tricks I didn’t know. [...]
[...] In: Wordpress plugins 1 Sep 2009 Go to Source [...]
[...] In: Wordpress plugins 1 Sep 2009 Go to Source [...]
[...] Posted by Alex Denning on Aug 31, 2009 | 17 comments [...]
[...] Top 10 ways to stop spam in WordPress Here is a list of 10 different ways to fight against Spam in WordPress, through plugins and good practices. (tags: wordpress spam tutorial) Leave a Reply Click here to cancel reply. [...]
[...] a recent post to the CatsWhoCode.com site Alex Denning takes a look at ten ways you can help stop those dreaded [...]
[...] a recent post to the CatsWhoCode.com site Alex Denning takes a look at ten ways you can help stop those dreaded [...]
[...] over to the source article and get some links to additional resources ~ Top 10 ways to stop spam in WordPressSHARETHIS.addEntry({ title: "Top 10 ways to stop spam in WordPress", url: [...]
[...] Las 10 mejores formas para parar el Spam en WordPress – Cats who Code. [...]
[...] Top 10 Ways to Stop Spam in WordPress [...]
[...] Так вот, Ñ Ñовершенно недоумеваю зачем поÑтоÑнно изобретать велоÑипеды, еÑли один клёвый велик уже ÑущеÑтвует и очень [...]
[...] Wordpress: Top 10 ways to stop spam in WordPress [...]
[...] Top 10 ways to stop spam in WordPress [...]
[...] Top 10 ways to stop spam in WordPress [...]
[...] Top 10 Ways to Stop Spam in Wordpress [...]
[...] .htaccess to Protect Your Feed – Check out this post at Cats Who Code Top 10 Ways to Stop Spam in WordPress for details. It is #9. Basically, you use .htaccess to block the IP of the site scraping your feed. [...]
[...] Top 10 ways to stop spam in WordPress [...]
[...] Top 10 ways to stop spam in WordPress [...]
[...] i engellemenin 10 yolu ingilizce: http://www.catswhocode.com/blog/top-10-ways-to-stop-spam-in-wordpress Türkçe : http://nettuts.bir.tc/2009/09/14/spami-durmanin-10-yolu/ 0 people like this post. [...]
[...] Official Link [...]
[...] Official Link [...]
[...] 24ã€Top 10 ways to stop spam in WordPress [...]
[...] itulah tujuh cara yang dapat dilakukan untuk melawan spam. Tip ini Tarqy ambil dari 10 cara melawan spam, mudah-mudahan [...]
[...] du billet de Alex DenÂning, Top 10 ways to stop spam in WordÂPress 1. InsÂtalÂler [...]
[...] article about stopping spam on Wordpress’ blog. Article is from catswhocode.com and is called “Top 10 ways to stop spam in WordPress”. Everything’s fine. We should fight with all kind of spammers. However… not all the [...]
[...] Top 10 ways to stop spam in WordPress – Cats who Code [...]
[...] you can read more at cats who codes [...]
[...] info: Cats who Code AKPC_IDS += [...]
[...] and was trying to avoid using CAPTCHA) and as always I am sharing my knowledge. Useful Links: http://www.catswhocode.com/blog/top-10-ways-to-stop-spam-in-wordpress http://technicallyeasy.net/2009/07/stop-spam-with-project-honey-pot/ [...]
[...] Top 10 ways to stop spam in WordPress [...]
[...] 10 Way to Stop Spam in WordPress [...]
[...] Traduction du billet de Alex Denning, Top 10 ways to stop spam in WordPress [...]