This is the 2nd post in a series on how to fight wordpress comment spam. You can read the first post on minimum comment content here.
People ask me all the time how I maintain such a good comments/spam ratio on my blog. The answer is pretty easy… Lots of work and studying the patterns of spammers. The single most powerful tool is the built in discussion filter system via moderation and blacklisting.
The discussion filters within Wordpress are some of the best tools you have to lower your liability in letting spam through. You can get to the settings by logging into your admin panel then going to settings -> then to discussions. From their you will have plenty of options which I will go through one by one.
Default Article Settings:
This really does not have much to do with fighting spam but I thought I would show it anyway since its in the same section.
E-mail me whenever:
This really will depend on how busy your blog is. I had to give up on this a while ago.
Before A Comment Appears:
Here we go… finally something to do with the actual title of this post:
Over the years I have found the best settings for these is to make people use a name and email, already have an approved comment (comments will sit in moderation queue until approved), and also I do not make a administrator approve every comment. I am not out to censor anyone… just to limit spammers. Thats not to say spammers wont come back once approved and spam but we will point out how to combat that later settings.
Comment Moderation:
Here is where some of the secret sauce comes in. Here are my tips for using the comment moderation system.
1) I HIGHLY HIGHLY HIGHLY recommend putting a 1 in the first box. This means any comment that has a link must be approved no matter what.
2) The moderation box allows you to specify words, emails, ips or just about anything someone would put into a comment. I use this section to post a lot of dynamic stuff.
3) The first thing I put in this box is a list of TOR proxies.  They even have a plain list you can just copy and paste into this box. We also put in other open proxy ips from around the web.  I am a huge supporter of the EFF and have financially contributed to them since 2004 but unfortunately the Tor network has become a great resource for spammers.  We have found that 95% of the comment spam that makes it through the Akismet plugin has a open proxy ip.
4) A good example of stuff to put in here is swear words.  I think its pretty obvious I have nothing against swear words but I would like to approve the comment with them before its posted.
5) Another good example is to put in your own companies urls. I have found a lot of times people have posted security issues or bugs with my sites on my blog… and I like to be the first person to see those and deal with them 
6) There are several other things you can put in this. Remember that whatever you put in is a broad match so try to keep it pretty specific. Putting in common words will lead to a lot of manual approval of comments and the goal of this is to lesson admin time =).
Comment Blacklist:
The Comment Blacklist feature is very powerful and should not be taken lightly. Every comment that matches your entry will be perminiantly deleted. ALWAYS test a filter out first in Comment Moderation before adding it to the Blacklist so that you know what its going to catch.
Here are my tips for using the Comment Blacklist feature:
1) As you can see I currently send all comments with spam@ in the email straight to the trash. I used this in moderation for over a year and after only false positive decided it was good to go.
2) groups.google is a great example of something that should go right to the crapper.  I am pretty sure that Akismet now gives a much higher score to comments with a *groups.google* url in the comment fields but I can them just incase.
3) Anything that sends you BS trackbacks and pings go here. Tired of seeing the same scraper site send you a trackback with your own content? Put it here. Tiered of seeing a forum or spam site with a spammy “auto ping” function that searches and pings any blog that matches the content? Put them here.
Really you want to be very careful with this tool. As I said above its very powerful and you can not undo it. Experiment with matching in moderation then add them to the blacklist when your sure.
May 26, 2009 at 1:03 pm
Good stuff, I “Stumbled” you. My DIGG account got messed up but I like Stumbling better anyway.
February 11, 2009 at 10:06 pm
Excellent content. Thanks very much, it was very helpful!
September 1, 2008 at 12:55 am
Nice settings!
August 27, 2008 at 9:03 am
Thanks for this great idea.. I get a lot of spam on my blog.. I hope this is going to help me out
August 26, 2008 at 2:30 am
Has this helped you combat spam? seen any changes?
August 20, 2008 at 4:21 am
Another thing that really helps fight spam on wordpress is the bad behavior plugin. You should check it out. It does way better than any other spam fighting plugin out there and is also compatible with akismet. You can check out the plugin at Bad Behavior
August 14, 2008 at 1:17 pm
RipTiger downloader helped me to save desired Google, Facebook and CNN videos for my research work this week. I would be in lost without this program!
It’s claimed that RipTiger can save any online video you find on the web to your desktop. If you turn on automatic downloading feature, all you need is to start watching the video. Take a look at riptiger.com
August 13, 2008 at 8:44 am
But, like the tor proxy list – it shows that spammers are using things not originally meant for spam. So the owners of the IPs/software may be happy to hand out the information.
August 11, 2008 at 5:37 am
I always prefer to personally moderate all comments, maybe cause i don’t get many, but moderating also means reading your comments, thus responding to those comments that need one. Thx for the tips anyway.
August 10, 2008 at 5:07 am
I think that very little spam loved people. However, he also does not like people. -)))
August 9, 2008 at 6:54 am
A great article from a great man…
August 9, 2008 at 4:27 am
i really need this information, i hate spam
August 9, 2008 at 12:47 am
Great tips, I’ll try em out. I’ve been getting hundreds of spam, so I’ll do whatever it takes. Take care.
August 8, 2008 at 5:59 pm
Thank you for the great article. Needed that information.
August 8, 2008 at 2:06 pm
I really don’t think using an IP blocklist is at all an effective means of combatting spam. Most bot systems run on dynamic IPs, that change over time, and then a valid visitor may assume one of the IPs on their next visit to your site, and their comment gets blocked.
August 8, 2008 at 1:28 pm
good article for this information which is very important
August 8, 2008 at 7:58 am
captcha is also bad for the user experience, for comments you would be having to type it way too much. From a user point of view it’s much better not to have it. Also as terminator69 said it will only stop the automated spam, not the human spam.
August 8, 2008 at 7:14 am
You have declared war on spam? Do not use comments! Never! -)
August 8, 2008 at 7:07 am
Blacklist needed if the site is popular. I think that otherwise it could do without. -)
August 8, 2008 at 7:07 am
There is a very easy way to eliminate 100% of automated WordPress spam without using Captchas, by implementing a simple Javascript hack:
Wordpress Comment spam
August 8, 2008 at 6:34 am
I think that there is no such site. Spammers will not allow the existence of such a site. -)
August 8, 2008 at 4:37 am
since i have implemented those i got some increased nos. false postives.. hehe.. :-p
August 8, 2008 at 3:57 am
Thanks for your tip, in my case The Akismet caught about 50% of comments as spam, but about other 30% spams passed the filter, sometimes comments with 10 URL passed the filter too, so we have to checked it carefully. I think altogether spams comments about 90%.
August 8, 2008 at 2:36 am
Wordpress makes it easy to take care of spam. Really helpful post.
August 8, 2008 at 1:32 am
hahaha great post
I can see the light at the end of this spam tunnel hahaha
August 7, 2008 at 10:16 pm
Spam takes a lot of time ….hope this post helps reduce it
August 7, 2008 at 10:01 pm
I could imagine how much spam a blog like yours receives. Will there ever be a day that the spammers give up? Will there ever be a day that there is no more spam?
August 7, 2008 at 6:00 pm
Gotta keep that spam out of our blogs ! thanks Shoe
August 7, 2008 at 5:19 pm
it maybe depends on the content and how popular that site is…
August 7, 2008 at 5:19 pm
i think shoe has been having these problems even before… when he started using ubd’s theme…
August 7, 2008 at 4:38 pm
Thanks for the tips, I guess I could also probably eliminate a lot of spam with a nice captcha.
August 7, 2008 at 3:33 pm
The real value is in the info , with that you could get a lot more thn a mac and a t-shirt
August 7, 2008 at 3:31 pm
what plugin ? lol this is the core of Wordpress
August 7, 2008 at 3:21 pm
Haha true- but he probably also wouldn’t have as many loyal commenters!
August 7, 2008 at 3:19 pm
Very helpful! Thanks for the tips!
August 7, 2008 at 2:12 pm
You bring it all upon yourself Shoe.
If you didn’t give away macbooks and other freestuff, you wouldn’t have this problem!
=P
August 7, 2008 at 1:52 pm
I like that list of TOR proxies. That was a source I didn’t have yet. I’ve long had various drug terms and such in my filter because those aren’t relevant to what I blog about, and I can always change that if the situation changes.
August 7, 2008 at 1:44 pm
Thank you – making changes now.
August 7, 2008 at 12:50 pm
great post, tnx for this
August 7, 2008 at 12:47 pm
Thanks for the tips, I just beefed up my settings.
August 7, 2008 at 12:47 pm
Have to be very careful so no genuine comments get deleted
August 7, 2008 at 12:10 pm
Very useful tip, thanks for sharing!
I will fight spam better now.
August 7, 2008 at 11:30 am
Great post like usual, ive applied all the settings from post 1 and 2 and i already notice the difference.
August 7, 2008 at 11:20 am
Great plugin, this what i am looking. Thank you for sharing this information.
August 7, 2008 at 11:06 am
This is very useful information. I found that I would have spam on my blog so I took the necessary steps to delete it, and fortunately ever since then I haven’t had any spam at all! (cross fingers)
August 7, 2008 at 10:26 am
Great content. I put anything with a swear word straight to the trash. If they can’t figure out how to express themselves without swearing what is the point?
http://ivyurl.com
August 7, 2008 at 9:48 am
It is strange how different website get hit differently with spam, I have managed a few blogs, and some get loads more spam hits that others. with the same settings.
Thanks for the tips.. maybe now I can control the more prolific spam on my sites.
August 7, 2008 at 9:45 am
Yes – thanks, I wouldn’t have thought of that!
August 7, 2008 at 9:25 am
No, it just ensures whoever is spamming is a real person not a computer.
August 7, 2008 at 9:03 am
this is interesting, i think ill bookmark this and come back to it when my blog is more popular ! ta shoe
August 7, 2008 at 8:54 am
Thanks for the plaintext IP list of open proxies, that’s going to save me a lot of time.
August 7, 2008 at 8:53 am
Wouldn’t a captcha get rid of almost ALL spam?
August 7, 2008 at 8:53 am
I also suggest clicking the Akismet button that rechecks the queue for Spam.
August 7, 2008 at 8:22 am
While Askimet seems to be doing a reasonable job for me at the moment, every little bit helps in the constant battle against spam. The proxy list is a very useful addition to the armoury.
August 7, 2008 at 8:21 am
You know I have been slammed with spam recently. I have been looking for other ways to try and cut it down some and found this post. Thanks for the great tips. I have never even used the Comment Blacklist, so I will working on that today.
August 7, 2008 at 8:11 am
but still akismet fails sometimes at false positives ans ometimes its just consecutive
August 7, 2008 at 8:00 am
i hate spam, or generic comments…it’s nothing but dead space.
effiency – that’s what i’m about.
August 7, 2008 at 7:35 am
just the last year i got more than 45 000 spam comments
but if you install akismet and bad behaviour most wont pass it .
Thanks shoe for the more advanced protection
August 7, 2008 at 7:35 am
i think that is the tor proxy list already…
August 7, 2008 at 7:35 am
Wow, this is very helpful to me… I had a list of tor proxies but never got it from that site… Also since my site isn’t really that popular i don’t put any on comment blacklist..
August 7, 2008 at 7:31 am
An excellent guide with some great tips. The TOR proxy list was a new one to me as well and I wouldn;thave thought of blocking the google.groups either. Those steps mentioned above should deal with a large percentage of the automated spam.
August 7, 2008 at 7:28 am
I have removed the email and url option from my blog so users just have to use a name, and i havent seen an increase in spam. So maybe this doesn’t have as big effect as you think.
August 7, 2008 at 7:16 am
didn’t knew about the tor proxy list. Going to use it pretty soon. Thanks
August 7, 2008 at 6:53 am
Great post! I did learn some new things about commenting.
I use Comment Blacklist feature a lot. I have a list of common “stop” words used by spammers (like names of drugs and adults-related stuff)
August 7, 2008 at 6:33 am
Thanks for this tips. Hope they will help to reduce the spam i get on my blogs. Is there any site where the most common spammer IPs are published?
August 7, 2008 at 6:31 am
The tor proxy list tip is gold, thanks!
August 7, 2008 at 6:03 am
Great article..
I get lot of spam to my blog
Hope this will help
Thanks.