One thing all bloggers have to combat is the deluge of spam comments on their posts. This is not unique to WordPress, we had the same issues on Blogger. Daily we would have to wade through the spam box to make sure no valid comments were being falsely flagged. It only got worse when we converted over from Blogger to WordPress.
Out of the box, the WordPress comment system is a haven for spammers. They use automated programs to post comments to your blog remotely without even visiting your page! Ever wonder why Blogger’s traffic reports were much higher than Google Analytics? Blogger doesn’t have a good way to filter out the bad traffic from the good, Analytics does. According to recent data, nearly 2/3rds of all internet traffic is from bots. Individual blogs receive a higher percentage than many other sites because we’re their target market. They actively look for commenting systems so they can post their links and advertisements.
Fortunately with WordPress we have a number of good plugins to help combat spam and provide us tools for easy moderation. Believe me when I say I tested them all over the past month. We were receiving over 1,000 spam comments each and every day once we went live. At times they were coming in as fast as we could delete them. We quickly needed to do something.
Our first attempt at curtailing the onslaught was to install Askimet. Akismet checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen. While this works as advertised, all it does is flag the comment as spam; you still need to manually empty your spam folder. I don’t recall seeing any false-positives in the spam folder, but I still reviewed them all just in case. Looks like we would need something else to go with it.
We tried out a number of advertised solutions such as a “check this box to confirm you’re not a spammer” and CAPTCHA boxes. Neither seemed to slow down the bots as they could just modify their script to auto-check the box or bypass the security CAPTCHA.
We also found a promising plugin that inserted a hidden field into the form. The trick was supposed to be that if the bot entered something into it the software would know it was spam (the box was supposed to be empty). This helped some, but only reduced the traffic by about 10% since many bots knew just to ignore it.
We eventually realized that the way to address this issue is to implement something that REQUIRED a visit to the page in order to submit a comment. Why this isn’t part of WordPress to start with I’ll never know, but this is where a great solution was found.
In summary, these two lightweight plugins have done exactly what they advertise. Save yourself some time and install them both – you’ll never deal with spam again.