As a WordPress user of over 8 years with over 100 WordPress blogs I’ve seen my fair share of comment SPAM.
Until yesterday I swore by Akismet comment SPAM plugin, have Akismet installed on all my WordPress blogs and thought it was blocking a lot of SPAM comments.
Yesterday I discovered a serious Google SEO performance issue with Akismet v3.0.
Akismet SPAM Plugin
I’ve used Akismet as a matter of course for years, one of the first plugins I activate on a new WordPress install.
Akismet Honeypot code added to comment pages:
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="b23de1ea17" /></p> <p style="display: none;"><input type="hidden" id="ak_js" name="ak_js" value="190"/></p>
I guess the second line uses the CSS ID ak_js to rename the hidden input using Jquery (all three of the JS files added are Jquery code) on the fly so smarter comment SPAM bots can’t learn the name of the hidden nonce comment input and NOT add content to it: SPAM honeypots tend to work by being hidden input forms, if a commenter manages to add content to a hidden form you know it’s a comment SPAM bot (real users can’t see the hidden form box).
During my tests using the Google PageSpeed Insights Tool I found on WordPress posts Jquery was still loading and tracked it down to Akismet 3.0.
Block Comment SPAM
Stallion Responsive has 3 types of comment SPAM prevention built in, activated under “Stallion Theme” >> “Advanced SEO” – “Block Comment SPAM ON”, below are the three methods for blocking SPAM:
X1 – Some SPAMBOTS (used for adding SPAM comments to our blogs) are poorly built and lack a HTTP_REFERER, selecting Block Comment SPAM ON will stop many of them before they post a comment.
X2 – Adds a nonce to the comments form in to stop comments being submitted remotely.
X3 – A SPAM Honey Pot in the form of a hidden (via CSS) textfield, many SPAMBOTS fill all textfields, since this one is hidden only a SPAMBOTS could fill it, all comments that trip the HoneyPot (fill the hidden text box with content) are automatically marked SPAM.
I’ve never tried running a WordPress site just with the Stallion Responsive SPAM blocking turned on, always have Akismet active as well.
This website has been running for less than a day with Akismet turned off and Stallion responsive has caught 658 SPAM comments and missed 2 SPAM comments that were added to the Pending queue for manual checking: I temporarily turned Akismet on, clicked the Check for SPAM button and it put the two comments in the Pending queue into SPAM.
As expected Akismet deals with SPAM comments better than Stallion Responsive SPAM checking, Stallion has no way to find real visitors who manually SPAM comments (the majority of SPAM comments are added automatically by SPAM bots), so it will miss manual SPAM. that being said detecting 658 SPAM comments out of 700 SPAM comments is awesome. Manual SPAM comments are the minority and Akismet will miss some of them, Akismet could have missed those two SPAM comments yesterday because it has to learn what is SPAM: also makes mistakes with false positives, especially in the make money online niche.
I can handle a few SPAM comments added to the Pending queue to prevent Akismet ruining my websites performance metrics.