WordPress Blog Comment Handling
I have always found my blog’s comments a great source of feedback. In many cases, readers have contributed valuable additions to the article content or pointed out errors which I subsequently fixed. However, there is a dark side to enabling others to add content to your side: spam. Here is how I am (successfully) dealing with that threat.
Moderation
The first and most important setting for fighting spam is moderation. At the end of the day, only you (i.e. a human) can decide if a comment is spam or ham. Also, in countries like Germany, you as the site owner are responsible for its content. You want to make sure to weed out anything legally questionable. The relevant WordPress setting to enable is “Before a comment appears comment must be manually approved”:
Captchas
I have used the WP-reCAPTCHA plugin for a while, but there were issues with SSL support. Much more importantly, captchas help against machines, not humans. And even that protection is dubious as some captcha systems seem to have been broken (i.e. can be solved by software). Additionally, spammers seem to employ real humans for filling out comment forms. So captchas are probably not as effective today as they used to be. And in terms of user experience captchas suck.
Akismet
Getting rid of the captchas had a surprisingly little effect on the number of spam comments I actually have to deal with thanks to Akismet, a cloud-based spam detection service operated by Automattic, the people behind WordPress itself. The only thing you have to do is to sign up for an API key and enable “Silently discard the worst and most pervasive spam so I never see it.” With that configuration, I only get the occasional spam comment. Because of my moderation settings those spam comments never appear in public and I can delete them whenever I find the time.
Issue: Akismet Has Detected a Problem
I recently got an Akismet notification on my WordPress comment page saying
Akismet has detected a problem. Some comments have not yet been checked for spam by Akismet. They have been temporarily held for moderation and will automatically be rechecked later. Please check your Akismet configuration and contact your web host if problems persist.
As it turned out the reason for that were some really long comments in either Mandarin or Cantonese (I could not tell) which Akismet apparently could not deal with, maybe because of its length. Simply marking that comment as spam was not enough to resolve the issue, but once I manually deleted the spam comments the problem was gone.
Happy blogging!
5 Comments
Hi Helge,
I second that, Akismet combined with manual comment moderation does wonders, I used it like that for over 18 months or so without one spam message getting through (it managed to stop over 125.000). A few months ago I started using the Disqus plugin to handle my comments section which also works very well, with the proper configuration in place of course. It may take a bit longer to load (sometimes), but it looks and works awesome, at least that’s what I think.
Regards,
Bas.
Yes, Disqus is a good alternative. I am not using it because I like to keep “my” content on my site. When Disqus shuts down or decides to demand (too much) money for their services I am not affected.
Nice post Helge. Forcing review is good idea – I had so much trouble with WordPress SPAM on my personal website/blog, that I removed the blog and de-installed WordPress. Amazing(?) part was that SPAM posts continued to show up even when I turned off all comments and removing these everyday became a headache I wasn’t willing to endure. My conclusion was that a single author blog, doesn’t have enough scale to justify the effort of maintaining the site. You are making it work, so I’ll continue to bug you to the how…
I find WordPress really easy to manage. What you were experiencing almost sounds like a malware infection.
Thanks Helge! I will check it out for my new WordPress page.