Aug 7 2008
ShoeMoney

Using The Wordpress Discussion Filters - Fighting Comment Spam

By ShoeMoney 67 comments

This is the 2nd post in a series on how to fight wordpress comment spam.  You can read the first post on minimum comment content here.

People ask me all the time how I maintain such a good comments/spam ratio on my blog.  The answer is pretty easy…  Lots of work and studying the patterns of spammers.  The single most powerful tool is the built in discussion filter system via moderation and blacklisting.

The discussion filters within Wordpress are some of the best tools you have to lower your liability in letting spam through. You can get to the settings by logging into your admin panel then going to settings -> then to discussions. From their you will have plenty of options which I will go through one by one.

Default Article Settings:

This really does not have much to do with fighting spam but I thought I would show it anyway since its in the same section.

E-mail me whenever:

This really will depend on how busy your blog is.  I had to give up on this a while ago.

Before A Comment Appears:

Here we go… finally something to do with the actual title of this post:

Over the years I have found the best settings for these is to make people use a name and email,  already have an approved comment (comments will sit in moderation queue until approved), and also I do not make a administrator approve every comment.  I am not out to censor anyone… just to limit spammers.  Thats not to say spammers wont come back once approved and spam but we will point out how to combat that later settings.

Comment Moderation:

Here is where some of the secret sauce comes in.  Here are my tips for using the comment moderation system.

1) I HIGHLY HIGHLY HIGHLY recommend putting a 1 in the first box.  This means any comment that has a link must be approved no matter what.

2) The moderation box allows you to specify words, emails, ips or just about anything someone would put into a comment.  I use this section to post a lot of dynamic stuff.

3) The first thing I put in this box is a list of TOR proxies.   They even have a plain list you can just copy and paste into this box.  We also put in other open proxy ips from around the web.   I am a huge supporter of the EFF and have financially contributed to them since 2004 but unfortunately the Tor network has become a great resource for spammers.   We have found that 95% of the comment spam that makes it through the Akismet plugin has a open proxy ip.

4) A good example of stuff to put in here is swear words.   I think its pretty obvious I have nothing against swear words but I would like to approve the comment with them before its posted.

5) Another good example is to put in your own companies urls.  I have found a lot of times people have posted security issues or bugs with my sites on my blog… and I like to be the first person to see those and deal with them ;)

6) There are several other things you can put in this.  Remember that whatever you put in is a broad match so try to keep it pretty specific.  Putting in common words will lead to a lot of manual approval of comments and the goal of this is to lesson admin time =).

Comment Blacklist:

The Comment Blacklist feature is very powerful and should not be taken lightly.  Every comment that matches your entry will be perminiantly deleted.  ALWAYS test a filter out first in Comment Moderation before adding it to the Blacklist so that you know what its going to catch.

Here are my tips for using the Comment Blacklist feature:

1) As you can see I currently send all comments with spam@ in the email straight to the trash.  I used this in moderation for over a year and after only false positive decided it was good to go.

2) groups.google is a great example of something that should go right to the crapper.   I am pretty sure that Akismet now gives a much higher score to comments with a  *groups.google* url in the comment fields but I can them just incase.

3) Anything that sends you BS trackbacks and pings go here.  Tired of seeing the same scraper site send you a trackback with your own content?  Put it here.  Tiered of seeing a forum or spam site with a spammy “auto ping” function that searches and pings any blog that matches the content?  Put them here.

Really you want to be very careful with this tool. As I said above its very powerful and you can not undo it.  Experiment with matching in moderation then add them to the blacklist when your sure.

Please Rate This Post: 1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
  1. FF0000
    meethere said on August 7th, 2008 at 6:03 am

    Great article..
    I get lot of spam to my blog
    Hope this will help :)

    Thanks.

    [Reply]

  2. FF0000
    wesley said on August 7th, 2008 at 6:31 am

    The tor proxy list tip is gold, thanks!

    [Reply]

  3. FF0000
    filontheroad said on August 7th, 2008 at 6:33 am

    Thanks for this tips. Hope they will help to reduce the spam i get on my blogs. Is there any site where the most common spammer IPs are published?

    [Reply]

  4. FF0000
    letrodectus said on August 7th, 2008 at 6:53 am

    Great post! I did learn some new things about commenting.
    I use Comment Blacklist feature a lot. I have a list of common “stop” words used by spammers (like names of drugs and adults-related stuff)

    [Reply]

  5. FF0000
    Andrew said on August 7th, 2008 at 7:16 am

    didn’t knew about the tor proxy list. Going to use it pretty soon. Thanks

    [Reply]

  6. FF0000
    terminator69 said on August 7th, 2008 at 7:28 am

    I have removed the email and url option from my blog so users just have to use a name, and i havent seen an increase in spam. So maybe this doesn’t have as big effect as you think.

    [Reply]

  7. FF0000
    Agent Magenta said on August 7th, 2008 at 7:31 am

    An excellent guide with some great tips. The TOR proxy list was a new one to me as well and I wouldn;thave thought of blocking the google.groups either. Those steps mentioned above should deal with a large percentage of the automated spam.

    [Reply]

  8. FF0000
    Melvin said on August 7th, 2008 at 7:35 am

    Wow, this is very helpful to me… I had a list of tor proxies but never got it from that site… Also since my site isn’t really that popular i don’t put any on comment blacklist..

    [Reply]

  9. FF0000
    Melvin said on August 7th, 2008 at 7:35 am

    i think that is the tor proxy list already… ;-)

    [Reply]

  10. FF0000
    TEKFIRM said on August 7th, 2008 at 7:35 am

    just the last year i got more than 45 000 spam comments :) but if you install akismet and bad behaviour most wont pass it .

    Thanks shoe for the more advanced protection ;)

    [Reply]

  11. FF0000
    Lawrence said on August 7th, 2008 at 8:00 am

    i hate spam, or generic comments…it’s nothing but dead space.

    effiency - that’s what i’m about.

    [Reply]

  12. FF0000
    Melvin said on August 7th, 2008 at 8:11 am

    but still akismet fails sometimes at false positives ans ometimes its just consecutive

    [Reply]

  13. FF0000
    WAHM Tara said on August 7th, 2008 at 8:21 am

    You know I have been slammed with spam recently. I have been looking for other ways to try and cut it down some and found this post. Thanks for the great tips. I have never even used the Comment Blacklist, so I will working on that today.

    [Reply]

  14. FF0000
    Richard Farrar said on August 7th, 2008 at 8:22 am

    While Askimet seems to be doing a reasonable job for me at the moment, every little bit helps in the constant battle against spam. The proxy list is a very useful addition to the armoury.

    [Reply]

  15. FF0000
    Geiger said on August 7th, 2008 at 8:53 am

    I also suggest clicking the Akismet button that rechecks the queue for Spam.

    [Reply]

  16. FF0000
    Geiger said on August 7th, 2008 at 8:53 am

    Wouldn’t a captcha get rid of almost ALL spam?

    [Reply]

  17. FF0000
    jim said on August 7th, 2008 at 8:54 am

    Thanks for the plaintext IP list of open proxies, that’s going to save me a lot of time.

    [Reply]

  18. FF0000
    FunkySOuth said on August 7th, 2008 at 9:03 am

    this is interesting, i think ill bookmark this and come back to it when my blog is more popular ! ta shoe

    [Reply]

  19. FF0000
    terminator69 said on August 7th, 2008 at 9:25 am

    No, it just ensures whoever is spamming is a real person not a computer.

    [Reply]

  20. FF0000
    Tim Linden said on August 7th, 2008 at 9:45 am

    Yes - thanks, I wouldn’t have thought of that!

    [Reply]

  21. FF0000
    Michael John Grove said on August 7th, 2008 at 9:48 am

    It is strange how different website get hit differently with spam, I have managed a few blogs, and some get loads more spam hits that others. with the same settings.

    Thanks for the tips.. maybe now I can control the more prolific spam on my sites.

    [Reply]

  22. FF0000
    URL Shortner said on August 7th, 2008 at 10:26 am

    Great content. I put anything with a swear word straight to the trash. If they can’t figure out how to express themselves without swearing what is the point?

    http://ivyurl.com

    [Reply]

  23. FF0000
    Reid said on August 7th, 2008 at 11:06 am

    This is very useful information. I found that I would have spam on my blog so I took the necessary steps to delete it, and fortunately ever since then I haven’t had any spam at all! (cross fingers)

    [Reply]

  24. FF0000
    Wcnktm said on August 7th, 2008 at 11:20 am

    Great plugin, this what i am looking. Thank you for sharing this information.

    [Reply]

  25. FF0000
    jared said on August 7th, 2008 at 11:30 am

    Great post like usual, ive applied all the settings from post 1 and 2 and i already notice the difference.

    [Reply]

  26. FF0000
    pickupjojo said on August 7th, 2008 at 12:10 pm

    Very useful tip, thanks for sharing!
    I will fight spam better now. :)

    [Reply]

  27. FF0000
    Rajaie AlKorani said on August 7th, 2008 at 12:47 pm

    Have to be very careful so no genuine comments get deleted

    [Reply]

  28. FF0000
    Bryn Youngblut said on August 7th, 2008 at 12:47 pm

    Thanks for the tips, I just beefed up my settings. :)

    [Reply]

  29. FF0000
    OnlineGodfahter said on August 7th, 2008 at 12:50 pm

    great post, tnx for this :)

    [Reply]

  30. FF0000
    River Girl said on August 7th, 2008 at 1:44 pm

    Thank you - making changes now.

    [Reply]

  31. FF0000
    Stephanie said on August 7th, 2008 at 1:52 pm

    I like that list of TOR proxies. That was a source I didn’t have yet. I’ve long had various drug terms and such in my filter because those aren’t relevant to what I blog about, and I can always change that if the situation changes.

    [Reply]

  32. FF0000
    Bulbboy said on August 7th, 2008 at 2:12 pm

    You bring it all upon yourself Shoe.

    If you didn’t give away macbooks and other freestuff, you wouldn’t have this problem!

    =P

    [Reply]

  33. FF0000
    Erica DeWolf said on August 7th, 2008 at 3:19 pm

    Very helpful! Thanks for the tips!

    [Reply]

  34. FF0000
    Erica DeWolf said on August 7th, 2008 at 3:21 pm

    Haha true- but he probably also wouldn’t have as many loyal commenters!

    [Reply]

  35. FF0000
    TEKFIRM said on August 7th, 2008 at 3:31 pm

    what plugin ? lol this is the core of Wordpress :)

    [Reply]

  36. FF0000
    TEKFIRM said on August 7th, 2008 at 3:33 pm

    The real value is in the info , with that you could get a lot more thn a mac and a t-shirt

    [Reply]

  37. FF0000
    Emarketing said on August 7th, 2008 at 4:38 pm

    Thanks for the tips, I guess I could also probably eliminate a lot of spam with a nice captcha.

    [Reply]

  38. FF0000
    Melvin said on August 7th, 2008 at 5:19 pm

    i think shoe has been having these problems even before… when he started using ubd’s theme… ;-)

    [Reply]

  39. FF0000
    Melvin said on August 7th, 2008 at 5:19 pm

    it maybe depends on the content and how popular that site is…

    [Reply]

  40. FF0000
    Nick Throlson said on August 7th, 2008 at 6:00 pm

    Gotta keep that spam out of our blogs ! thanks Shoe

    [Reply]

  41. FF0000
    Andrew said on August 7th, 2008 at 10:01 pm

    I could imagine how much spam a blog like yours receives. Will there ever be a day that the spammers give up? Will there ever be a day that there is no more spam?

    [Reply]

  42. FF0000
    WebTrafficROI said on August 7th, 2008 at 10:16 pm

    Spam takes a lot of time ….hope this post helps reduce it

    [Reply]

  43. FF0000
    Omar said on August 8th, 2008 at 1:32 am

    hahaha great post

    I can see the light at the end of this spam tunnel hahaha :)

    [Reply]

  44. FF0000
    JumboCasher.com said on August 8th, 2008 at 2:36 am

    Wordpress makes it easy to take care of spam. Really helpful post.

    [Reply]

  45. FF0000
    Berry said on August 8th, 2008 at 3:57 am

    Thanks for your tip, in my case The Akismet caught about 50% of comments as spam, but about other 30% spams passed the filter, sometimes comments with 10 URL passed the filter too, so we have to checked it carefully. I think altogether spams comments about 90%.

    [Reply]

  46. FF0000
    Melvin said on August 8th, 2008 at 4:37 am

    since i have implemented those i got some increased nos. false postives.. hehe.. :-p

    [Reply]

  47. FF0000
    Dick said on August 8th, 2008 at 6:34 am

    I think that there is no such site. Spammers will not allow the existence of such a site. -)

    [Reply]

  48. FF0000
    Software Projects said on August 8th, 2008 at 7:07 am

    There is a very easy way to eliminate 100% of automated WordPress spam without using Captchas, by implementing a simple Javascript hack:

    Wordpress Comment spam

    [Reply]

  49. FF0000
    Dick said on August 8th, 2008 at 7:07 am

    Blacklist needed if the site is popular. I think that otherwise it could do without. -)

    [Reply]

  50. FF0000
    Dick said on August 8th, 2008 at 7:14 am

    You have declared war on spam? Do not use comments! Never! -)

    [Reply]

  51. FF0000
    Agent Magenta said on August 8th, 2008 at 7:58 am

    captcha is also bad for the user experience, for comments you would be having to type it way too much. From a user point of view it’s much better not to have it. Also as terminator69 said it will only stop the automated spam, not the human spam.

    [Reply]

  52. FF0000
    mikel said on August 8th, 2008 at 1:28 pm

    good article for this information which is very important

    [Reply]

  53. FF0000
    Justin Cook said on August 8th, 2008 at 2:06 pm

    I really don’t think using an IP blocklist is at all an effective means of combatting spam. Most bot systems run on dynamic IPs, that change over time, and then a valid visitor may assume one of the IPs on their next visit to your site, and their comment gets blocked.

    [Reply]

  54. FF0000
    Jeff Finch said on August 8th, 2008 at 5:59 pm

    Thank you for the great article. Needed that information.

    [Reply]

  55. FF0000
    Her Ticking Clock said on August 9th, 2008 at 12:47 am

    Great tips, I’ll try em out. I’ve been getting hundreds of spam, so I’ll do whatever it takes. Take care.

    [Reply]

  56. FF0000
    Mario said on August 9th, 2008 at 4:27 am

    i really need this information, i hate spam

    [Reply]

  57. FF0000
    Josh Vojtkievic said on August 9th, 2008 at 6:54 am

    A great article from a great man… :)

    [Reply]

  58. FF0000
    Dick said on August 10th, 2008 at 5:07 am

    I think that very little spam loved people. However, he also does not like people. -)))

    [Reply]

  59. FF0000
    Kabatology said on August 11th, 2008 at 5:37 am

    I always prefer to personally moderate all comments, maybe cause i don’t get many, but moderating also means reading your comments, thus responding to those comments that need one. Thx for the tips anyway.

    [Reply]

  60. FF0000
    Le Melon said on August 13th, 2008 at 8:44 am

    But, like the tor proxy list - it shows that spammers are using things not originally meant for spam. So the owners of the IPs/software may be happy to hand out the information.

    [Reply]

  61. FF0000
    Lilu_Gabriel said on August 14th, 2008 at 1:17 pm

    RipTiger downloader helped me to save desired Google, Facebook and CNN videos for my research work this week. I would be in lost without this program!
    It’s claimed that RipTiger can save any online video you find on the web to your desktop. If you turn on automatic downloading feature, all you need is to start watching the video. Take a look at riptiger.com

    [Reply]

  62. FF0000
    Static Brain said on August 20th, 2008 at 4:21 am

    Another thing that really helps fight spam on wordpress is the bad behavior plugin. You should check it out. It does way better than any other spam fighting plugin out there and is also compatible with akismet. You can check out the plugin at Bad Behavior

    [Reply]

  63. FF0000
    terminator69 said on August 26th, 2008 at 2:30 am

    Has this helped you combat spam? seen any changes?

    [Reply]

  64. FF0000
    SEO Tricks said on August 27th, 2008 at 9:03 am

    Thanks for this great idea.. I get a lot of spam on my blog.. I hope this is going to help me out

    [Reply]

  65. FF0000
    Dustin Cucciarre said on September 1st, 2008 at 12:55 am

    Nice settings!

    [Reply]

  66. Things we learned this week said on August 8th, 2008 at 6:59 am

    [...] the Sphinn Upcoming section is as spam filled as ever, Danny needs to hire Shoemoney to stop the spammers and then start a wall of shame with a feed directly into the Google [...]

  67. [...] Using The Wordpress Discussion Filters - Fighting Comment Spam [...]

What do you think? Join the discussion...

How do I change my avatar?

Go to gravatar.com and upload your preferred avatar.