Using The Wordpress Discussion Filters - Fighting Comment Spam
This is the 2nd post in a series on how to fight wordpress comment spam. You can read the first post on minimum comment content here.
People ask me all the time how I maintain such a good comments/spam ratio on my blog. The answer is pretty easy… Lots of work and studying the patterns of spammers. The single most powerful tool is the built in discussion filter system via moderation and blacklisting.
The discussion filters within Wordpress are some of the best tools you have to lower your liability in letting spam through. You can get to the settings by logging into your admin panel then going to settings -> then to discussions. From their you will have plenty of options which I will go through one by one.
Default Article Settings:
This really does not have much to do with fighting spam but I thought I would show it anyway since its in the same section.
E-mail me whenever:
This really will depend on how busy your blog is. I had to give up on this a while ago.
Before A Comment Appears:
Here we go… finally something to do with the actual title of this post:
Over the years I have found the best settings for these is to make people use a name and email, already have an approved comment (comments will sit in moderation queue until approved), and also I do not make a administrator approve every comment. I am not out to censor anyone… just to limit spammers. Thats not to say spammers wont come back once approved and spam but we will point out how to combat that later settings.
Comment Moderation:
Here is where some of the secret sauce comes in. Here are my tips for using the comment moderation system.
1) I HIGHLY HIGHLY HIGHLY recommend putting a 1 in the first box. This means any comment that has a link must be approved no matter what.
2) The moderation box allows you to specify words, emails, ips or just about anything someone would put into a comment. I use this section to post a lot of dynamic stuff.
3) The first thing I put in this box is a list of TOR proxies.  They even have a plain list you can just copy and paste into this box. We also put in other open proxy ips from around the web.  I am a huge supporter of the EFF and have financially contributed to them since 2004 but unfortunately the Tor network has become a great resource for spammers.  We have found that 95% of the comment spam that makes it through the Akismet plugin has a open proxy ip.
4) A good example of stuff to put in here is swear words.  I think its pretty obvious I have nothing against swear words but I would like to approve the comment with them before its posted.
5) Another good example is to put in your own companies urls. I have found a lot of times people have posted security issues or bugs with my sites on my blog… and I like to be the first person to see those and deal with them 
6) There are several other things you can put in this. Remember that whatever you put in is a broad match so try to keep it pretty specific. Putting in common words will lead to a lot of manual approval of comments and the goal of this is to lesson admin time =).
Comment Blacklist:
The Comment Blacklist feature is very powerful and should not be taken lightly. Every comment that matches your entry will be perminiantly deleted. ALWAYS test a filter out first in Comment Moderation before adding it to the Blacklist so that you know what its going to catch.
Here are my tips for using the Comment Blacklist feature:
1) As you can see I currently send all comments with spam@ in the email straight to the trash. I used this in moderation for over a year and after only false positive decided it was good to go.
2) groups.google is a great example of something that should go right to the crapper.  I am pretty sure that Akismet now gives a much higher score to comments with a *groups.google* url in the comment fields but I can them just incase.
3) Anything that sends you BS trackbacks and pings go here. Tired of seeing the same scraper site send you a trackback with your own content? Put it here. Tiered of seeing a forum or spam site with a spammy “auto ping” function that searches and pings any blog that matches the content? Put them here.
Really you want to be very careful with this tool. As I said above its very powerful and you can not undo it. Experiment with matching in moderation then add them to the blacklist when your sure.
(No Ratings Yet)
Loading ...- 67 Comments. What say you?
- RSS
- Delicious
- StumbleUpon
- Furl
- Digg
Great article..
I get lot of spam to my blog
Hope this will help
Thanks.
[Reply]
The tor proxy list tip is gold, thanks!
[Reply]
Thanks for this tips. Hope they will help to reduce the spam i get on my blogs. Is there any site where the most common spammer IPs are published?
[Reply]
Great post! I did learn some new things about commenting.
I use Comment Blacklist feature a lot. I have a list of common “stop” words used by spammers (like names of drugs and adults-related stuff)
[Reply]
didn’t knew about the tor proxy list. Going to use it pretty soon. Thanks
[Reply]
I have removed the email and url option from my blog so users just have to use a name, and i havent seen an increase in spam. So maybe this doesn’t have as big effect as you think.
[Reply]
An excellent guide with some great tips. The TOR proxy list was a new one to me as well and I wouldn;thave thought of blocking the google.groups either. Those steps mentioned above should deal with a large percentage of the automated spam.
[Reply]
Wow, this is very helpful to me… I had a list of tor proxies but never got it from that site… Also since my site isn’t really that popular i don’t put any on comment blacklist..
[Reply]
i think that is the tor proxy list already…
[Reply]
just the last year i got more than 45 000 spam comments
but if you install akismet and bad behaviour most wont pass it .
Thanks shoe for the more advanced protection
[Reply]
i hate spam, or generic comments…it’s nothing but dead space.
effiency - that’s what i’m about.
[Reply]
but still akismet fails sometimes at false positives ans ometimes its just consecutive
[Reply]
You know I have been slammed with spam recently. I have been looking for other ways to try and cut it down some and found this post. Thanks for the great tips. I have never even used the Comment Blacklist, so I will working on that today.
[Reply]
While Askimet seems to be doing a reasonable job for me at the moment, every little bit helps in the constant battle against spam. The proxy list is a very useful addition to the armoury.
[Reply]
I also suggest clicking the Akismet button that rechecks the queue for Spam.
[Reply]
Wouldn’t a captcha get rid of almost ALL spam?
[Reply]
Thanks for the plaintext IP list of open proxies, that’s going to save me a lot of time.
[Reply]
this is interesting, i think ill bookmark this and come back to it when my blog is more popular ! ta shoe
[Reply]
No, it just ensures whoever is spamming is a real person not a computer.
[Reply]
Yes - thanks, I wouldn’t have thought of that!
[Reply]
It is strange how different website get hit differently with spam, I have managed a few blogs, and some get loads more spam hits that others. with the same settings.
Thanks for the tips.. maybe now I can control the more prolific spam on my sites.
[Reply]
Great content. I put anything with a swear word straight to the trash. If they can’t figure out how to express themselves without swearing what is the point?
http://ivyurl.com
[Reply]
This is very useful information. I found that I would have spam on my blog so I took the necessary steps to delete it, and fortunately ever since then I haven’t had any spam at all! (cross fingers)
[Reply]
Great plugin, this what i am looking. Thank you for sharing this information.
[Reply]
Great post like usual, ive applied all the settings from post 1 and 2 and i already notice the difference.
[Reply]
Very useful tip, thanks for sharing!
I will fight spam better now.
[Reply]
Have to be very careful so no genuine comments get deleted
[Reply]
Thanks for the tips, I just beefed up my settings.
[Reply]
great post, tnx for this
[Reply]
Thank you - making changes now.
[Reply]
I like that list of TOR proxies. That was a source I didn’t have yet. I’ve long had various drug terms and such in my filter because those aren’t relevant to what I blog about, and I can always change that if the situation changes.
[Reply]
You bring it all upon yourself Shoe.
If you didn’t give away macbooks and other freestuff, you wouldn’t have this problem!
=P
[Reply]
Very helpful! Thanks for the tips!
[Reply]
Haha true- but he probably also wouldn’t have as many loyal commenters!
[Reply]
what plugin ? lol this is the core of Wordpress
[Reply]
The real value is in the info , with that you could get a lot more thn a mac and a t-shirt
[Reply]
Thanks for the tips, I guess I could also probably eliminate a lot of spam with a nice captcha.
[Reply]
i think shoe has been having these problems even before… when he started using ubd’s theme…
[Reply]
it maybe depends on the content and how popular that site is…
[Reply]
Gotta keep that spam out of our blogs ! thanks Shoe
[Reply]
I could imagine how much spam a blog like yours receives. Will there ever be a day that the spammers give up? Will there ever be a day that there is no more spam?
[Reply]
Spam takes a lot of time ….hope this post helps reduce it
[Reply]
hahaha great post
I can see the light at the end of this spam tunnel hahaha
[Reply]
Wordpress makes it easy to take care of spam. Really helpful post.
[Reply]
Thanks for your tip, in my case The Akismet caught about 50% of comments as spam, but about other 30% spams passed the filter, sometimes comments with 10 URL passed the filter too, so we have to checked it carefully. I think altogether spams comments about 90%.
[Reply]
since i have implemented those i got some increased nos. false postives.. hehe.. :-p
[Reply]
I think that there is no such site. Spammers will not allow the existence of such a site. -)
[Reply]
There is a very easy way to eliminate 100% of automated WordPress spam without using Captchas, by implementing a simple Javascript hack:
Wordpress Comment spam
[Reply]
Blacklist needed if the site is popular. I think that otherwise it could do without. -)
[Reply]
You have declared war on spam? Do not use comments! Never! -)
[Reply]
captcha is also bad for the user experience, for comments you would be having to type it way too much. From a user point of view it’s much better not to have it. Also as terminator69 said it will only stop the automated spam, not the human spam.
[Reply]
good article for this information which is very important
[Reply]
I really don’t think using an IP blocklist is at all an effective means of combatting spam. Most bot systems run on dynamic IPs, that change over time, and then a valid visitor may assume one of the IPs on their next visit to your site, and their comment gets blocked.
[Reply]
Thank you for the great article. Needed that information.
[Reply]
Great tips, I’ll try em out. I’ve been getting hundreds of spam, so I’ll do whatever it takes. Take care.
[Reply]
i really need this information, i hate spam
[Reply]
A great article from a great man…
[Reply]
I think that very little spam loved people. However, he also does not like people. -)))
[Reply]
I always prefer to personally moderate all comments, maybe cause i don’t get many, but moderating also means reading your comments, thus responding to those comments that need one. Thx for the tips anyway.
[Reply]
But, like the tor proxy list - it shows that spammers are using things not originally meant for spam. So the owners of the IPs/software may be happy to hand out the information.
[Reply]
RipTiger downloader helped me to save desired Google, Facebook and CNN videos for my research work this week. I would be in lost without this program!
It’s claimed that RipTiger can save any online video you find on the web to your desktop. If you turn on automatic downloading feature, all you need is to start watching the video. Take a look at riptiger.com
[Reply]
Another thing that really helps fight spam on wordpress is the bad behavior plugin. You should check it out. It does way better than any other spam fighting plugin out there and is also compatible with akismet. You can check out the plugin at Bad Behavior
[Reply]
Has this helped you combat spam? seen any changes?
[Reply]
Thanks for this great idea.. I get a lot of spam on my blog.. I hope this is going to help me out
[Reply]
Nice settings!
[Reply]
[...] the Sphinn Upcoming section is as spam filled as ever, Danny needs to hire Shoemoney to stop the spammers and then start a wall of shame with a feed directly into the Google [...]
[...] Using The Wordpress Discussion Filters - Fighting Comment Spam [...]