The Hello World post on this blog has been getting slammed with comment spam.
The Akismet plugin (which comes with WordPress) has been doing a good job of marking it all spam, but it still is a ton of stuff to delete (unless I just delete everything in the spam folder and presume it was spam).
I wanted to find some way to stop the spam before it even got into the system.
This post talks about denying access to spam bots that do not leave a referrer — scroll down to that section and you’ll see some code to add to your .htaccess file.
https://codex.wordpress.org/Combating_Comment_Spam/Denying_Access
This seems to be the same code, with slightly different explaination
https://www.wprecipes.com/how-to-deny-comment-posting-to-no-referrer-requests
From a logical standpoint, this made sense to me. An automated browser might not send a referrer. However, adding this didn’t do anything to slow down the spam.
This article had a different way to check the referrer using a php function in the theme’s function.php file. I didn’t like the idea of putting the spam handling into the theme since I’m not set on what theme I’m going to finally use. In general, this seems to be a way to forget where you put your spam protection.
https://www.smashingmagazine.com/2009/01/07/10-killer-wordpress-hacks/
The next thing I tried also made a lot of sense. This plugin adds extra fields to the comments form that a spambot might blindly misuse. The fields are displayed so that a human won’t see them on the web page — thus they’d only be messed with by an automated spambot.
https://wordpress.org/extend/plugins/invisible-defender/
I was pretty disappointed when that didn’t work either. Note that the spams were still caught by Akismet and going straight to the spam folder and NOTHING appears on the blog itself without my approval (so if you make a comment, it won’t show up until I’ve personally read it). I still wasn’t happy though having the spam folder fill up.
My guess is that these spam comments are bypassing the above attempts because they are being manually added to my blog by some team of humans in a spam sweatshop. What a Jetsons
So I kept looking for a solution. Finally I came across Bad Behavior. This WORKS!
Between when I installed it this afternoon and now (maybe 12 hours later) it has blocked 134 access attempts. You can see the stat counter if you scroll all the way to the bottom of this page. Now there isn’t anything showing up in the spam folder — it is blocked before it gets that far. That make me happy 🙂
https://www.bad-behavior.ioerror.us/
To get added goodness out of it, I also joined Project Honey Pot which catches people who scrape the web for email addresses to spam.
So far, so good. You can keep coming back to the blog and check the bottom of and page for the Bad Behavior stats.
You must be logged in to post a comment.