WordPress Spam Battle: 3 Seconds that will Save You Hours of Time

In the hellish battle against spam, many WordPress users have adopted a highly effective trinity of anti-spam plugins:

This effective triage of free WordPress plugins has served many a WP-blogger well, eliminating virtually 99% of all automated comment-related spam. When spam first became a problem for me, I installed this triple-threat arsenal of anti-spam plugins and immediately enjoyed the results. Although Spam Karma seemed a little invasive and resource-intensive, too much protection seemed far better than not enough.

Even so, during the most recent redesign of the site, one of my goals was to lighten things up as much as possible — fewer scripts, fewer images, fewer plugins, etc. During that process, I decided to drop both Bad Behavior and Spam Karma. What a mistake that turned out to be! At first Akismet held up just fine, but it only took a few weeks before Perishable Press got hit hard: over 300 spam comments, trackbacks and pingbacks snuck through the Akismet gate. Needless to say, I was extremely upset and spent over two hours scouring the database to remove the stench.

After the attack, I decided to add Bad Behavior back into the mix, and prepare — but not activate — Spam Karma just in case. The result? I am happy to announce that I have been relatively spam-free for several months now, operating exclusively with Akismet, Bad Behavior, and one more little trick that more bloggers should be using: the WordPress spam-words blacklist.

Located in your Options/Discussion (wp-admin/options-discussions.php) admin panel, the WordPress Spam-Words Blacklist (a.k.a. the Comment Moderation Box) gives bloggers a chance to moderate comments that contain any of the words specified in the list. All such comments are not published, not deleted, but rather relocated to the “moderation” queue for further investigation. This is good, because there are legitimate reasons why someone would want to include the word “sex” in a comment.

At first, I didn’t bother with the spam-words list. I just didn’t see the need. However, while deleting 300+ comments from that nasty spam attack, I noticed large numbers of repeated words: “cialis,” “tramadol,” and “levitra.” Apparently, my site was attacked by the pharmaceutical industry. In any case, I decided to take advantage of the spam-words blacklist by developing my own, customized list.

The results have been excellent. Using only Akismet, Bad Behavior, and the spam-words blacklist, I have been able to completely eliminate 99.99% of comment spam. I say “99.99%” because there are spammers who can’ even spell “viagra” correctly. Overall, I highly recommend implementing your own customized WordPress spam blacklist. It is entirely a win-win situation: any captured comments are held for moderation so you make the final decision.

To help get you started, here is a copy of my customized list. Simply copy, paste, and click “Update Options” (or whatever it says) to enjoy immediate, carefree results. Other than updating the list with newly discovered words, no further maintenance is required. Fix it and forget it!

Personal Collection of Spam Words

soma
ambien
cialis
buycialis
hydrocodone
viagraonline
cialisonline
phentermine
viagrabuy
percocet
tramadol
propecia
xenical
meridia
levitra
vicodin
viagra
valium
porno
xanax
sex

Indeed, the previous list has served me very well, however there are many other frequently spammed words that may also be added (such as swear words, porn words, etc.). Keep in mind, however, before you begin adding words like a crazed tyrant, that WordPress matches any and all instances of each listed string. For example, if you add the term “sex” to the list, WordPress will place in moderation all comments containing any of the following matches:

  • sexy
  • sexist
  • sexual
  • sextant
  • sexiness
  • sexuality
  • heterosexual
  • unisex

..ad nauseam. In other words, any word that contains the same sequence of characters will be matched. This isn’t life or death, however, as comments with matched words are simply relocated to the moderation queue. No risk whatsoever.

With that in mind, here is another collection of commonly seen spam words, as provided via the WordPress Codex. This list is far more extensive than my list, and may be more applicable to blogs that receive a phenomenal volumes of spam. Feel free to copy & paste this list as well, either adding it to the previous list, or simply using it by itself.

WordPress Codex Collection of Spam Words

-online
4u
adipex
advicer
baccarrat
blackjack
bllogspot
booker
byob
car-rental-e-site
car-rentals-e-site
carisoprodol
casino
casinos
chatroom
cialis
coolcoolhu
coolhu
credit-card-debt
credit-report-4u
cwas
cyclen
cyclobenzaprine
dating-e-site
day-trading
debt-consolidation
debt-consolidation-consultant
discreetordering
duty-free
dutyfree
equityloans
fioricet
flowers-leading-site
freenet-shopping
freenet
gambling-
hair-loss
health-insurancedeals-4u
homeequityloans
homefinance
holdem
holdempoker
holdemsoftware
holdemtexasturbowilson
hotel-dealse-site
hotele-site
hotelse-site
incest
insurance-quotesdeals-4u
insurancedeals-4u
jrcreations
levitra
macinstruct
mortgage-4-u
mortgagequotes
online-gambling
onlinegambling-4u
ottawavalleyag
ownsthis
palm-texas-holdem-game
paxil
penis
pharmacy
phentermine
poker-chip
poze
pussy
rental-car-e-site
ringtones
roulette 
shemale
shoes
slot-machine
texas-holdem
thorcarlson
top-site
top-e-site
tramadol
trim-spa
ultram
valeofglamorganconservatives
viagra
vioxx
xanax
zolus

Once you have established a core set of blacklisted spam words, make a habit of adding new terms and novel strings to the list. As time passes, you will see the effectiveness of this remarkably simple spam-fighting technique.