If there’s one thing that I hate even more than email spam, it’s probably comment spam. I’ve tried a lot of plugins over a lot of sites, and here is what I’ve found to be very effective.
Spam Fighting Setup
The first thing to understand about comment spam is that no 2 sites are identical. I’ve seen cases where one setup was significantly superior to another, whereas on a different site it was the reverse. And on sites being heavily targeted, sometimes multiple plugins get used.
All of the recommended approaches below are very effective against spam bots — little computer robots that wander the internet and spam blogs. However, when you get into actual humans filling out comment forms with spam, that’s where you really see the difference between comment spam fighting plugins.
- No Page Comment
- Growmap Anti Spambot Plugin
- iThemes Security
- AVH First Defense Against Spam Plugin
Comment Spam Plugins
No Page Comment
I’ve discussed No Page Comment in my post about Removing Trackbacks and Comments. Basically what this plugin does is it allows you to turn off trackbacks and comments on everything that you want to. For instance, you probably don’t want comments on media or pages. So you can turn them off for all existing items and all future items.
Growmap Anti Spambot Plugin
Growmap makes a great little plugin, it is so simple you don’t even need to look at the settings panel. Just install and activate. Once active it will add a little checkbox to your comment form that must be checked in order for the comment to post. This stops most bots and a number of lazy humans. It’s also free, which is great.
You may be sitting there wondering how effective one little checkbox is. Well, I installed it on a website that was receiving around 600 spam comments PER HOUR (Akismet was correctly marking them as spam, but that amount was clogging the database very quickly). This one little plugin reduced the site to under 100 spam comments per day. Pretty good work for one little checkbox.
Yes, a security plugin. iThemes Security plugin has an option called Reduce Comment Spam. This option cuts down on comment spam by denying comments from bots with no referrer or without a user-agent identified.
A lot of bots are pretty lazy and don’t go through the effort of detailing a lot of information about themselves. This is catching many of the bots before they even get weeded out by Growmap. Since I need a security plugin anyway, I might as well have it reduce my comment spam.
AVH First Defense Against Spam
AVH is quite similar to Akismet in its operation. AVH has links to three different databases of known spammers; Stop Forum Spam, Project Honey Pot, and Spamhaus. These three databases of known spammers work together to help protect you and your site.
Using the Stop Forum Spam and the Spamhaus databases do not require signing up for an API key. However, using Project Honey Pot does. The Honey Pot signup can be a little confusing, but once you are signed up with your API key, it’s free to use. I do recommend signing up for Project Honey Pot as it has made a difference on several sites I do admin on.
On one of the sites that I admin, they only had Akismet running and about 20-30 spam comments got through each week sitting in the queue to be moderated (not to mention the few hundred sitting in spam in each week). So I added growmap and AVH. Now there are 0 spam comments sitting in the queue to be moderated and 10-15 comments sitting in the spam section each week.
AVH is free, however if your blog is profitable, consider making a donation to help support it.
Akismet is made by the same folks who brought you WordPress, so you know it’s going to be good. Akismet is pretty easy to set up. After you install it go to the Akismet website and get your API key (free for personal sites, paid for commercial sites). Enter the API key into the plugin on your site and you are good to go.
Akismet works by keeping an index of known spammers. When a spammer posts spam on the blog of someone using Akismet, then Akismet takes note. When that spammer then tries to post on other Akismet user’s blogs it automatically detects the spam (and puts it into the Spam folder). Given that there are millions of blogs using Akismet, very little spam gets through.
The downside of Akismet is that even with correctly identifying spam, you can still end up with thousands of comments filling up your database (I recently worked on a site with an almost 500MB database — removing all of the spam brought the database down under 20MB). Using the other plugins listed here prevents a lot of spam from ever getting to Akismet, and therefore keeps your database much cleaner.
Speaking of cleaning, don’t forget to periodically give your site a good cleanup.
WP-SpamShield is a paid plugin from CodeCanyon which really just requires installation and activation.
The plugin works to help prevent spam on blog posts, contact forms, and even registration forms. So far, in the months I’ve been using this on several sites, I haven’t seen any false positives (no comments marked as spam that were legitimate humans).
I’ve found it to do better than other paid plugins like Akismet and to require less configuration than AVH First Defense against spam. In my testing virtually no spam got through.
CleanTalk is a free plugin and has a free trial for two weeks and then requires a paid license, how, ver the yearly fees are usually less than Akismet. One of the things I particularly like about their fee structure is that it scales to a larger number of sites without eating into your bank account.
CleanTalk can also be set to automatically delete spam which keeps your database clean of excess junk. And it can be enabled to work on your general contact forms on your website, even forms created by themes or other plugins, like the always popular Contact Form 7.
CleanTalk is set apart by the SpamFireWall that they have. Here is the rundown from their release notes:
SpamFireWall is an additional and free option in the anti-spam CleanTalk plugin that allows you to block spam bots before they access your website, blocking POST and GET requests from spam bots. In addition to spam bots SpamFireWall also blocks all HTTP/HTTPS requests from spam active IP addresses. It helps to block HTTP DDoS attacks, SQL attacks, scanning websites and others.
I’ve been using CleanTalk for several months now and it has been extremely effective and I haven’t had any false positives (no times where it marked something as spam and it was real valid human).
Based on my personal experience over several months with several sites, here is what I recommend:
- CleanTalk has been the most effective with the largest number of options
- WP-SpamShield has been the most effective free option
- No Page Comment setup has been worth the 5 minutes of setup every time
- iThemes Security properly setup does a great job protecting your site
Spammers will always try to create comment spam, but these plugins are an effective defense which will eliminate almost all your spam. Occasionally someone will get through, we can’t beat 100% of them 100% of the time, although you can come really close.