Here we go:

1. Akismet – a very popular plugin which comes by default with wordpress. To use it, you need to signup for a wordpress acount and get an API key for your website.
2. Defensio – A wordpress plugin that helps you filter your comments and also provides rss feed for both accepted and ‘spammed’ comments.
3. Simple CAPTCHA – Adds turing text to your comment area to eliminate automated comments
4. Challenge – Adds a challenge to your comments area, the regular stuff being additions and multiplications
5. Referrer Bouncer – You don’t need to do anything to use it. Just activate it.
6. Email Immunizer – Simply converts all your emails on your website to numeric references to prevent email colecting
7. WPBayes – Implements the spam filtering with the Naive Bayesian technique, which means it marks the comments as spam or not based on your previous decisions. To be honest, I didn’t use this one
8. Spam Karma 2 – This one assigns a karma score based on multiple factors like the age of the post, the email, if there’s a link inside, etc, etc.
9. WP Spam Hitman – It fights agains wordpress spam using a series of patterns. That’s all I know about it, please test it and let me know if it’s a good one.
10. Did you pass Math – Does the same thing as the one at point #4.

Well.. I think 10 tools are enough to keep you away from spam comments. Test them and use the one(s) you like the most.

- Peter

A variety of anchors are used by spammers: images, regular link text and even whole paragraphs.

The smiley WordPress spam techinique

WordPress spam usually comes in this format: “nice post, thanks” and a link at the end of the post with a smiley ( :) ) as the anchor. Many wordpress owners won’t notice the comment has a link because it’s hidden by that smiley, as wordpress parses the smiley text into an image. The html looks like this:

"Nice post, thanks <a href="http://spamdomain.com"> : ) </a>

It’s quite easy to spot it. Everytime someone posts a comment on my blog I’m getting an email with a notice (I don’t remember if that’s default, but there’s an option for it in the settings menu, just look for it and you’ll find it). Since my email is powered by yahoo, I see the html because yahoo transforms it into regular text (for the same purposes, html is not allowed if not properly set) and I can see it’s spam.

Another clue would be the comments admin area of WordPress. Depending on your blogs css version and settings, links are underlined (I assume this is happening for most WordPress versions). Therefore, you can check for smileys in the comment before you approve it and see if they point to some external link.

How to block WordPress Spam

Fortunately, protection against wordpress spam is available. There are many ways to fight against it and, depending on your imagination, you can come up with more.

1. Disallowing multiple consecutive submissions – You won’t see too often users to reply to their own posts. Well … spammers will do it. So a possible solution would be to check if the current user IP is not the same with the last one and if a specific time period has passed. However, this can block multiple users behind the same proxy and using the same public IP. It’s up to you if you use this or not
2. Keyword blocking – this can be one of the most effective ways to block wordpress spam. You will eliminate spam simply by banning names of popular pharmaceuticals or casino games etc. for instance, “viagra”.
3. Nofollow – it’s added by default in the newer WordPress distributions. When a search engine finds the nofollow tag applied to a hyperlink, it breaks the process, so even if you link to some external URLs, they won’t be considered as links by the search engines. Google announced in 2005 that hyperlinks with rel=”nofollow” attribute would not influence the link’s target ranking in the search engines index. Yahoo and MSN also respect this tag.
4. Validation (CAPTCHA) – a method used to detect robots. Before a form is validated, a random text verification is required to the end-user.
5. Disallowing links in posts – simply, would cut any link posted in a comment by the user or simply transform it into regular text.
6. Redirects – instead of displaying the direct link to the actual target, it would display a link to a script on the same server that redirects to the correct URL.

These are few ways to protect your blog against WordPress Spam. In case I missed something, you can post a comment and tell me (make sure you don’t include any link, lol =) ). In a future post I’ll name few plugins that would help you fight against WordPress spam.

- Peter