WordPress spam protection and blacklists

The battle against comment and trackback spam is one that can never really be won, as the tactics and countermeasures are constantly shifting.  In the past couple of days, however, I feel like I’ve won a major tactical victory because there have been no spam comments in the moderation queue.

First I made some changes to the root .htaccess file using the 4G Blacklist and 4G Referrer Blacklist provided by Perishable Press.

Then I installed the AVH First Defense Against Spam plugin, and I can’t say enough good things about it.  For the past few days,  AVH and Akismet are the only two anti-spam plugins I’ve been using and so far, nothing has snuck by AVH to make it into the Akismet queue yet.  Here’s why I think AVH is more effective than any other WP anti-spam plugin:

1) It will check the visitor’s IP against a local whitelist, blacklist, and the Stop Forum Spam and Project Honey Pot databases.  (You’ll need API keys from both, though.)  If the visitor’s IP is identified as a spammer then AVH will not serve the blog’s content and optionally display an “Access has been blocked” screen indicating that the visitor has been blacklisted.  By not loading the site for spammers, your stats are cleaner and you save a bit of bandwidth.

2)  The notification emails AVH generates to the blog owner include not only the blocked comment, but also the reason for it being blocked.  This is such an elementary feature it’s a wonder more anti-spam tools don’t include it.  You no longer have to puzzle over innocuous-looking comments in the spam queue and try to figure out why they got tagged as spam.  A reason will be provided right at the top of the message indicating the failure mode, such as ” An attempt was made to directly access wp-comment-post.php“.  Humans using a browser will never load the comment PHP script directly, so there’s no longer any ambiguity about the nature of the commenter.

3)  The blog owner has the option (either in the notification email or via the comment moderation panel), to add the spammer’s IP to the local blacklist, and—if one has the proper API key—the option to register the spammer in the Stop Forum Spam database with a single mouse-click.  If you do this you’ll be making life easier for other blog and forum owners, too.

Previously I used to blacklist spammers in WordPress’ own native blacklist, and also in the site’s root .htaccess file—which is not something you can edit quickly and easily while on the go.  With AVH, being able to blacklist and report spammers just by clicking on links in the email notifications is a major plus; it’s something you can do from a very light platform like a mobile phone or tablet device, and it doesn’t take a lot of time or typing.

My site has a relatively small audience and so I am not inundated with comments (spam or otherwise) at the best of times; but AVH First Defense Against Spam has taken all the hassle out of managing even the very small amount of spam that I get, and I highly recommend it.

Category: Web/Tech
You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.