Latest TweetsVerify any search engine or visitor via CLI Forward-Reverse Lookup perishablepress.com/cli-forwar…
Perishable Press

WordPress Spam Battle: 3 Seconds that will Save You Hours of Time

In the hellish battle against spam, many WordPress users have adopted a highly effective trinity of anti-spam plugins:

This effective triage of free WordPress plugins has served many a WP-blogger well, eliminating virtually 99% of all automated comment-related spam. When spam first became a problem for me, I installed this triple-threat arsenal of anti-spam plugins and immediately enjoyed the results. Although Spam Karma seemed a little invasive and resource-intensive, too much protection seemed far better than not enough.

Lighten up..

Even so, during the most recent redesign of the site, one of my goals was to lighten things up as much as possible — fewer scripts, fewer images, fewer plugins, etc. During that process, I decided to drop both Bad Behavior and Spam Karma. What a mistake that turned out to be! At first Akismet held up just fine, but it only took a few weeks before Perishable Press got hit hard: over 300 spam comments, trackbacks and pingbacks snuck through the Akismet gate. Needless to say, I was extremely upset and spent over two hours scouring the database to remove the stench.

Comment Blacklist

After the attack, I decided to add Bad Behavior back into the mix, and prepare — but not activate — Spam Karma just in case. The result? I am happy to announce that I have been relatively spam-free for several months now, operating exclusively with Akismet, Bad Behavior, and one weird trick that more folks should be using: WordPress’ “Comment Moderation” and “Comment Blacklist”.

Located in the WordPress Admin Area on the Discussion screen, the Comment Moderation and Blacklist settings enable us to check for specific words and phrases whenever a comment is submitted. For example, if you add the word “sex” to the Comment Moderation list, any submitted comments that include that word will be held for moderation. Likewise, if you add “sex” to the Comment Blacklist, then any comment that includes that word will be sent to the Trash. Either way, these settings enable you to stop unwanted terms and phrases from scaring away half your visitors.

Careful with that axe..

Before going crazy by adding a bunch of unwanted words to the blacklist, keep in mind that there are legitimate reasons why words like “sex” or “gambling” might appear in a comment. Likewise for variations of words, understand that WordPress matches any and all instances of each listed string (case-insensitive). For example, if you add the term “sex” to the list, WordPress will place in moderation all comments containing any of the following matches:

  • sexy
  • sexist
  • sexual
  • sextant
  • sexiness
  • sexuality
  • heterosexual
  • unisex

..ad nauseam. This isn’t life or death, however, as comments with matched words are simply relocated to the moderation queue. No risk whatsoever. Also when crafting your own list, keep in mind these additional tips:

  • The most common blacklisted terms are curse/swear words
  • Also common to blacklist obvious spam phrases, like “buy viagra”
  • If in doubt about a word or phrase, add it to the Moderation Blacklist

Build your comment blacklist with context in mind. For example, most of my sites are about web design and development stuff, so I’m always careful not to block any words that would make sense in that context. That means that I can safely block all medical and pharmaceutical vocabulary, all gambling and sports phrases, and so forth. Because the likelihood of any of that stuff being mentioned at say, Perishable Press, is slim to none. Likewise if say I have a site about weight loss, then I would avoid blocking medical and pharmaceutical terms, because it would make sense for visitors to use that vocabulary.

But it’s also a pain to maintain multiple lists of unwanted phrases on each site. What we want is more of a “universal” blacklist that would safe to add to any site, regardless of topic or niche. Well except for topics that are associated with tons of spam. Like drugs, gambling, porn, and other spammy things. We want to block as much of that as possible on ALL sites.

Powerful, Effective, and Automatic

At first, I didn’t bother with the Comment Blacklist. I just didn’t see the need. However, while deleting 300+ comments from that nasty spam attack, I noticed large numbers of repeated words: “cialis,” “tramadol,” and “levitra.” Apparently, my site was attacked by the pharmaceutical spam industry. In any case, I decided to take advantage of the Comment Blacklist by developing my own, generalized list. My strategy: less is more. Block the most amount of spam using the least amount of phrases.

And the results have been excellent. Using only Akismet, Bad Behavior, and the Comment Blacklist, I have been able to completely eliminate 99.99% of all comment spam. I say “99.99%” because there are spammers who can’t even spell “viagra” correctly, and so you see an occasional spam comment.

Bottom line is that adding an effective Comment Blacklist to your WordPress-powered site is gonna keep a LOT of garbage from hitting your frontend. Scaring the children. Making your site look cheap, spammy, and risky. You get the idea. It’s entirely a win-win situation: any blocked comments are held for moderation or held in the Trash bin, so you always have full control of what goes through. And so without further ado..

Universal Comment Blacklist

Use this “Universal” Comment Blacklist “as-is”, or as a starting point to craft your own powerful blacklist. Simply copy, paste, and click “Save Changes” (or whatever it says) to enjoy immediate, carefree results. Other than updating the list with any newly discovered spam words, no further maintenance is required. Fix it and forget it!

Warning! The following list contains all sorts of nasty stuff, like swear words and worse. Please do not read if you are underage or easily offended.
byob
soma
loan
visa
debt
poker
hotel
paxil
ambien
cialis
casino
dating
rental
holdem
adipex
booker
biotin
flowers
freenet
cumshot
adderall
gambling
roulette
dermology
lorazepam
buycialis
citalopram
cephalaxin
vicoprofen
antibiotic
hello dear
doxycycline
cialisonline
leading-site
slot-machine
carisoprodol
stock prices
green energy
praziquantel
link exchange
ghost writing
ottawavalleyag
climate change
work from home
cyclobenzaprine
discreetordering
virtual assistance
investment advice
job description
sleeping pills
aceteminophen
legal advice
prescription
augmentation
phentermine
thorcarlson
jrcreations
credit card
macinstruct
hydrocodone
enhancement
gamearsenal
cisbusiness
law advice
employment
retirement
estibascon
madererias
suoisetggn
collagenix
relax tone
mastercard
healthcare
super bowl
data entry
make money
free essay
trade hut
oxycontin
oxycodone
appliance
baccarrat
blackjack
hair-loss
ringtones
insurance
duty-free
seks shop
relaxtone
sheepskin
hair loss
kesehatan
martapura
asics gel
garantias
prestamos
heartburn
autistic
mzageksa
burberry
tramadol
cymbalta
lunestra
fioricet
percocet
propecia
mortgage
pharmacy
dutyfree
ownsthis
aviation
strappon
hospital
medicine
diarrhea
baldness
mattress
tartrate
zolpidem
rivotril
creampie
myfxbook
consumer
zulemama
tradehut
ketapang
huarache
ogrforum
leggings
erection
esofagus
terbaru
addidas
tentang
elahmad
samsung
origami
cananza
masakan
makanan
ramalan
chinois
appelle
brokoli
extenze
terkini
bru83er
baofeng
eyelash
antenna
houdini
dropcam
lesbian
lexapro
valtrex
titties
xenical
vicodin
ephedra
lipitor
meridia
levitra
shemale
bowling
bunkbed
thyroid
karaoke
replica
texasma
shooter
naughty
suicide
osmosis
massage
brokers
finance
boycott
berita
wanita
lebron
dewasa
payday
opshop
lyrica
herpes
cinsel
viagra
incest
breast
cyclen
valium
hqtube
ultram
clomid
alsaud
rafcam
komodo
disney
gossip
hoodie
hermes
warezs
zensur
tenodi
camsex
troika
autism
xrumer
poilo
rolex
urine
lorex
hekto
vioxx
zolus
pussy
porno
bitch
penis
pills
anime
naked
xanax
hagna
hansa
yuhan
sisme 
bebek
gansa
gogus
buyut
ulcer
zayif
chung
yaesu
celeb
vegas
cream
loans
nike
wart
yuan
nude
bdsm
male
porn
dick
cock
tits
fuck
shit
anal
oisg
sex
ass
gay

Indeed, the Universal Comment Blacklist is quite robust and has served me very well. Before adding to your own site, I recommend scanning through the list and removing any terms that you think might be used in actual user comments on your site. Then going forward, if you ever catch some tricksy spam making it through the blacklist, take a moment and add its keyword to the list.

Over time, your Comment Blacklist will evolve to a mighty barrier through which no spam shall pass.

Update

Just found this “official” blacklist in the WordPress Codex. Feel free to copy & paste this list as well, either appending it wholesale to the Universal Comment Blacklist, or using an online tool to combine the two lists into one while removing any redundant terms. That said, here is the Codex list:

-online
4u
adipex
advicer
baccarrat
blackjack
bllogspot
booker
byob
car-rental-e-site
car-rentals-e-site
carisoprodol
casino
casinos
chatroom
cialis
coolcoolhu
coolhu
credit-card-debt
credit-report-4u
cwas
cyclen
cyclobenzaprine
dating-e-site
day-trading
debt-consolidation
debt-consolidation-consultant
discreetordering
duty-free
dutyfree
equityloans
fioricet
flowers-leading-site
freenet-shopping
freenet
gambling-
hair-loss
health-insurancedeals-4u
homeequityloans
homefinance
holdem
holdempoker
holdemsoftware
holdemtexasturbowilson
hotel-dealse-site
hotele-site
hotelse-site
incest
insurance-quotesdeals-4u
insurancedeals-4u
jrcreations
levitra
macinstruct
mortgage-4-u
mortgagequotes
online-gambling
onlinegambling-4u
ottawavalleyag
ownsthis
palm-texas-holdem-game
paxil
penis
pharmacy
phentermine
poker-chip
poze
pussy
rental-car-e-site
ringtones
roulette 
shemale
shoes
slot-machine
texas-holdem
thorcarlson
top-site
top-e-site
tramadol
trim-spa
ultram
valeofglamorganconservatives
viagra
vioxx
xanax
zolus

Once you have established a core set of blacklisted spam words, make a habit of adding new terms and novel strings to the list. As time passes, you will see the effectiveness of this remarkably simple spam-fighting technique.

Jeff Starr
About the Author Jeff Starr = Creative thinker. Passionate about free and open Web.
Archives
6 responses
  1. Thanks for the tips! I was getting some curious trackback spam the other day from ideahustle dot com.

    It looked like a wordpress linkspam blog, and I can only guess that it was trying to trackback posts on my blog in order to boost its own pagerank. That’s my guess at least.

  2. Jeff Starr

    Sounds familiar..
    Much of the spam referred to in the article is exactly that type of spam. And, while I have seen plugins designed specifically to fight trackback/pingback spam, I find the spam-words blacklist plenty effective at stopping nearly all of it. Even better, the spam-words list is built-in, so installing yet another plugin is not required.

  3. I didn’t know the WordPress Codex has a list of spam words. They should have just include the words by default…

    Thanks for the link :D

  4. **I meant they should have just included the spam words by default in WordPress.

  5. Jeff Starr

    Yes, or at least a link to the Codex list ;)

  6. RaiulBaztepo March 28, 2009 @ 1:12 pm

    Hello!
    Very Interesting post! Thank you for such interesting resource!
    PS: Sorry for my bad english, I’v just started to learn this language ;)
    See you!
    Your, Raiul Baztepo

[ Comments are closed for this post ]