- Internet & the Web
Best Anti-Spam Plugins for WordPress
Blocking Spam in WordPress
Anti-Spam Plugins for WordPress
WordPress is one of the most popular content-management solutions available, and of course, it's free. One of the banes of WordPress - and blogging software in general - is comment spam. Fortunately, there is a plethora of plugins available for users to help combat WordPress
Akismet - Akismet was the de facto standard spam blocker for WordPress. It was developed by "Automatic," the folks who created WordPress.com. It works by combining a proprietary algorythm with reputation-based database checks, and tests every comment. Any comments deemed by Akismet to be spam is not published but put in a spam folder, where they can be reviewed, marked as "not spam" (if you're really really sure they aren't), or just deleted.
On my 2 main blogs, Akismet has blocked over 4000 spam comments on each. At first I reviewed every comment, because I couldn't believe that at least some of these messages weren't left by legitimate fans of my writing. After a while, I conceded to myself that Akismet has been 100% accurate so far, with no "false positives" and no missed spam. I still can't bring myself to set Akismet to automatically delete spam messages over a month old. Someday there might be a legitimate post in there!
Akismet Costs - The biggest drawback to Akismet is that for blogs / sites that make money, even a little from ad programs like adsense, Akismet considers them "commercial," and expects us to pay a licensing fee. The fee is graduated based on traffic volumes and the number of sites, from $5 per month for a single, small site up to $100 per month for mutliple, high-volume sites.
Free Alternatives to Akismet
For those of us whose sites don't even pay for themselves, there are fortunately some free alternatives. Here are some of the more popular, with some pros and cons.
G.A.S.P. - GrowMap Anti-Spambot Plugin: This free WordPress plugin uses a couple of clever ideas in tandem to thwart spammers. First, it requires commenters to click a check-box before posting their comment. This assumes that spam bots won't know how to do this. It also supplies an extra field in the comment form. This is hidden from real users, so they won't put anything in it. Spam bots will detect it however, and attempt to fill it in with a value.
GASP is good at blocking spam from automated processes (ie; "bots"), but won't defeat human spammers like Akismet can. My feeling is that the spammers will develop better bots, capable of defeating GASP eventually, but we can assume that the developers of the GASP plugin will attempt to stay ahead of the game. They recommend running GASP in conjunction with the next plugin, which defeats "Trackback spam."
Simple Trackback Validation - Simple Trackback Validation: This plugin defeats most if not all Trackback spam - comments which are supposed to show bloggers where other sites have linked to them, but which abusers use to add backlinks to commercial sites or sites hosting malware. STV works by both checking that the IP address of the commenter is the same as that in the Trackback (they should be), and that the linked-to page actually does include a link to your site.
I was able to install and activate both GASP and Simple Trackback Validation right from my plugins interface within WordPress. I'm running this combination now in place of Akismet on one of my blogs as a test, and will update this hub with my findings when there is enough data to evaluate.
Image CAPTCHA example
CAPTCHA for WordPress
CAPTCHA is that annoying but effective mechanism for defeating spam bots by presenting a picture of some text, an object, or a question, and making you enter an answer in a text field. There are many CAPTCHA plugins available for WordPress comments. They are fairly good at preventing bot spam, although there are projects that use character or object recognition algorithms to defeat image CAPTCHAs.
Simple CAPTCHA - Simple CAPTCHA is probably the most popular CAPTCHA plugin for WordPress. It simply presents an image of a word or phrase, somewhat obfuscated. I personally don't like image CAPTCHAs, because the text is often difficult to make out and it takes 2 or 3 tries to get through the authentication.
wp-num-captcha - wp-num-captcha uses simple math questions, which are very difficult for spam bots to read, understand, and answer. Usually it is simple addition, like "8 + 1 = ?", where you're expected to type "9" in the entry field.
A Monetizing CAPTCHA? - Solve Media CAPTCHA is an attempt to combine CAPTCHA spam blocking capabilities with advertising revenue. The basic idea is that commenters have to answer a question about a displayed ad in order to authenticate. It could be a way to generate a little extra income, but many bloggers are turned off by the idea. One comment was something like "Great - force your commenters to read spam as an anti-spam measure." I'm not so sure it's such a bad idea though. I may try it out on one of my blogs for a while.