10 Characters for Your WordPress Blacklist
Quick WordPress tip for easily and quietly blocking a ton of comment spam. Akismet and other programs are good at catching most spam, but every now and then a bunch of weird, foreign-language spam will sneak past the filters and post live to your site. Here’s a good example of the kind of stuff that’s easy to block:
This type of spam hits in waves, with similar character patterns running throughout each batch. So you’ll see a bunch of nonsensical spam comments that vary in IP, name, email address, and so on. If other spam mechanisms fail, using WordPress’ built-in anti-spam functionality is a great way to immunize against junk like this:
We can stop that sort of garbage from scaring away visitors by adding a few lines to your Comment Moderation or Comment Blacklist (both located in your Discussion Settings). Simply add these codes to either list.
The beauty of this technique is its simplicity. WordPress uses regular expressions to scan comments for any of these characters. The comments aren’t deleted, so there’s no real risk, and the chances of someone actually using one of these characters in a real comment is slim to none. What WordPress does with matching comments depends on where you put the list:
- Added to the Comment Moderation list will result in blocked comments getting sent to the Moderation queue.
- Added it to the Comment Blacklist will result in blocked comments getting flagged as spam and sent to the Spam bin.
It’s probably safest to add these characters to your Moderation list just in case anything worthwhile happens to show up (it won’t). Once you Save your changes, forget about it. Just monitor (or don’t) your comments as usual and let WordPress’ built-in anti-spam skillz do the work.
Although an elegant and effective technique, you may want to skip using if either of the following apply:
- You have trackbacks/pingbacks enabled and displaying on your site
- You allow comments in languages that use any of the blocked glyphs
Otherwise, the list makes an excellent addition to any anti-spam strategy. Especially if you are only using Akismet, this is a great way to further improve the overall security and integrity of your site. For more information and more extensive WordPress blacklists, check these:
Note: To suggest additional characters in the comments, remember to wrap each one with a
<code> tag. Thanks :)
Great tip, I plan to incorporate it on both of my sites as soon as they are accessible again. For the second time this year, my web host is in failure mode. Grrr.
Those screenshots suggest you’re a bit overdue for upgrading. ;)
My thoughts exactly :)
For what it is worth, and I hope it helps, I use a plug-in called WP-SpamFree. Here is the link: http://www.polepositionmarketing.com/library/wp-spamfree/
I installed it a couple years ago due to a boat load of comment spam that I was getting daily. Each spam comment was over 800 words long. Akismet set them aside but I still had to deal with them.
Since I installed WP-SpamFree I haven’t had one spam comment, nor have I had even one false positive. I have had Akismet deactivated for a long time now. Spam is history for me since installing this.
Quite a good way to block unwanted comments from foreign language. Thanks Jeff for this wonderful article.
Thanks! I get a lot of Cyrillic spam. It never occurred to me that the blacklist would accept Unicode characters…
Guess, I’ve been lucky and haven’t come across these types of comment issues before. I get spam but not those odd characters.
Hi Jeff, thank you for the post. You have so much great information here on your site.
I actually have a question for you, because you are the only person I thought of right away as my problem started.
I remember one of your posts something about fake bots black list, I am not very technical at all, I only started blogging a few month’s ago.
My server has started to block my IP address almost everyday now, and sometimes several times a day. At firs they told me it was something to do with my wireless company, but today this is what they told me: Please note your IP is being blocked of enormous server activity. Please check your site for overloading scripts or minimize your web site update activity from single IP.”
So finally when they unblocked me, I saw in my 404 monitor 8 errors, which had some really weird endings together with my site address, and it was from MSIE bot.
I don’t really know anyone I can ask about this, and I don’t really know what it means overloading scripts. So now, I am just sitting around and praying it will stop happening. Any advice? Thank you Jeff
Hey Tatianna, I would be happy to look at any data you have and reply with any suggestions.. just send an email to jeff at this domain. Thanks :)
I guess it really depends on the volume of comments, but i was wondering if the baked-in system “skip validation if the user has had one comment approved already” wouldn’t work perfectly?
It forces you to validate one comment per new commenter on your blog, but then every other comment they leave is effortless.
I suppose you pushed that solution aside, and i wonder, could you tell us more about that choice?
I discuss that method over at DigWP.com:
Some great discussion in the comments as well.
My question was actually more “why don’t you use that method yourself here on PP?”. Another way to formulate it is “why did you publish this post?”.
I do use that method here at Perishable Press. I also use this method. I published this post to share the information with people who may find it useful.
Is that umm.. WordPress 1.5? Hehe.. Too bad I’m from Russia, so I sometimes get comments in Russian, can’t miss those, but anyway, great idea!
Yes it was Russian and the comment is not very nice.