Comment on WordPress Comment SPAM by SEO Dave.
The problem with WordPress comment SPAM is two fold.
First with popular comment SPAM measures (Akismet for example) the comment SPAM is still added to the WordPress database. This domain is currently receiving up to 1,000 SPAM comments a day which means every day 1,000 comments are added to the database, the resources used to add a SPAM comment is a waste of server resources: with many host setups you will find MySQL access can be a bottleneck that reduces a sites performance.
I don’t know how much of a performance hit 1 SPAM comment requires, but it’s pretty obvious stopping 1,000 database entries a day (365,000 a year) is a good thing to aim for, so stopping the SPAM comments from being added to the database in the first place is a desirable outcome.
Second webmasters have to regularly delete the comment SPAM from their SPAM folder, this takes time and if you don’t want to miss any real comments a LOT of time.
If you run Akismet for example you will find Akismet SPAM filtering is not perfect, it does add comments to the SPAM folder by mistake. In the Internet marketing community there is a fine line between promoting a website and comment SPAM, some Internet marketers skate the grey line between reasonable promotion and comment SPAM. Akismet can’t tell the difference between an Internet marketer who isn’t a comment SPAMMER per se, but some blog owners are marking their comments as SPAM: Akismet is like a crowd source vote of who is a comment spammer, if enough blog owners mark your comments as SPAM as far as Akismet is concerned comments associated with your email address are all SPAM.
I guess you could damage another users email address by comment SPAMMING using their email address: I’ve had my comments marked as SPAM on sites I own and I never comment SPAM, barely ever comment on other sites. If you run Akismet on a popular WordPress blog you might have thousands of comments added to the SPAM folder and have no idea if a few are real comments, only way to know for sure is manually check thousands of comments! I don’t have time for checking thousands of comments, I delete the SPAM and hope none are real comments, I’ve almost certainly deleted some good comments over the years.
Solved all the above problems in Stallion Responsive 8.1.
Stallion includes 5 SPAM protection measures:
1 – HTTP_REFERER check.
This basically checks if the commenter is using a browser, if not they get an error message: no comment added to database.
2 – Adds a nonce to stop comments being submitted remotely.
Similar to the above, basically it’s a unique code to check the commenter is on the site and not posting using SPAM software. If not on the site they get an error message: no comment added to database.
3 – Two SPAM HoneyPots, these are form fields real users can’t add content to, but SPAM bots tend to fill them tripping the SPAM honeypot. Had this feature since Stallion Responsive 8.0, but in 8.1 rather than adding the comment to SPAM the commenter gets an error message: no comment added to database.
4 – SPAMMERS tend to post long URLs in the author URL box, if a URL is longer than X characters (you set X: default 60) it’s marked SPAM: the comment is added to the SPAM folder so you can manually check it.
5 – 10 duplicate field checks, if a SPAM bot adds the same content to two fields it generates and error message: no comment added to database.
The benefit of the error messages over being added to SPAM if a real commenter accidentally trips a SPAM measure (adding the same content to two fields for example) they receive a message what the issue is an advice to go back and fix it.
Some SPAM bots are smart enough to avoid some of the SPAM filtering above, but highly unlikely to avoid them all.
That being said I’ll be looking for automated SPAM comments that get through the above filters and see how and find a fix. For example if a SPAM bot is built well and the spammer isn’t too dumb their comments will be in the moderation queue waiting for approval or deletion.
BTW the above checks are made on ALL comments, there is no white listing (like WordPress core previously approved comments option) which means even if a SPAMMER managed to add a manual SPAM comment you approved so they could SPAM your site** the above checks will checks all their new comments.
** One way to SPAM a site would be post a quality comment to a popular blog, wait for the owner to approve, if they have the previously approved comments option set the user can now post anything they want as a comment with no checks.
If you’d like to see one of the new SPAM filters in action write a comment below and set the author name and the comment title with the same content, add some text and submit the comment. You’ll see an error message two or more fields are the same and go back and fix it, if you were a SPAM bot you wouldn’t go back.