WordPress Spam Battle: 3 Seconds that will Save You Hours of Time
In the hellish battle against spam, many WordPress users have adopted a highly effective trinity of anti-spam plugins:
This effective triage of free WordPress plugins has served many a WP-blogger well, eliminating virtually 99% of all automated comment-related spam. When spam first became a problem for me, I installed this triple-threat arsenal of anti-spam plugins and immediately enjoyed the results. Although Spam Karma seemed a little invasive and resource-intensive, too much protection seemed far better than not enough.
Even so, during the most recent redesign of the site, one of my goals was to lighten things up as much as possible — fewer scripts, fewer images, fewer plugins, etc. During that process, I decided to drop both Bad Behavior and Spam Karma. What a mistake that turned out to be! At first Akismet held up just fine, but it only took a few weeks before Perishable Press got hit hard: over 300 spam comments, trackbacks and pingbacks snuck through the Akismet gate. Needless to say, I was extremely upset and spent over two hours scouring the database to remove the stench.
After the attack, I decided to add Bad Behavior back into the mix, and prepare — but not activate — Spam Karma just in case. The result? I am happy to announce that I have been relatively spam-free for several months now, operating exclusively with Akismet, Bad Behavior, and one weird trick that more folks should be using: WordPress’ “Comment Moderation” and “Comment Blacklist”.
Located in the WordPress Admin Area on the Discussion screen, the Comment Moderation and Blacklist settings enable us to check for specific words and phrases whenever a comment is submitted. For example, if you add the word “sex” to the Comment Moderation list, any submitted comments that include that word will be held for moderation. Likewise, if you add “sex” to the Comment Blacklist, then any comment that includes that word will be sent to the Trash. Either way, these settings enable you to stop unwanted terms and phrases from scaring away half your visitors.
Careful with that axe..
Before going crazy by adding a bunch of unwanted words to the blacklist, keep in mind that there are legitimate reasons why words like “sex” or “gambling” might appear in a comment. Likewise for variations of words, understand that WordPress matches any and all instances of each listed string (case-insensitive). For example, if you add the term “sex” to the list, WordPress will place in moderation all comments containing any of the following matches:
..ad nauseam. This isn’t life or death, however, as comments with matched words are simply relocated to the moderation queue. No risk whatsoever. Also when crafting your own list, keep in mind these additional tips:
- The most common blacklisted terms are curse/swear words
- Also common to blacklist obvious spam phrases, like “buy viagra”
- If in doubt about a word or phrase, add it to the Moderation Blacklist
Build your comment blacklist with context in mind. For example, most of my sites are about web design and development stuff, so I’m always careful not to block any words that would make sense in that context. That means that I can safely block all medical and pharmaceutical vocabulary, all gambling and sports phrases, and so forth. Because the likelihood of any of that stuff being mentioned at say, Perishable Press, is slim to none. Likewise if say I have a site about weight loss, then I would avoid blocking medical and pharmaceutical terms, because it would make sense for visitors to use that vocabulary.
But it’s also a pain to maintain multiple lists of unwanted phrases on each site. What we want is more of a “universal” blacklist that would safe to add to any site, regardless of topic or niche. Well except for topics that are associated with tons of spam. Like drugs, gambling, porn, and other spammy things. We want to block as much of that as possible on ALL sites.
Powerful, Effective, and Automatic
At first, I didn’t bother with the Comment Blacklist. I just didn’t see the need. However, while deleting 300+ comments from that nasty spam attack, I noticed large numbers of repeated words: “cialis,” “tramadol,” and “levitra.” Apparently, my site was attacked by the pharmaceutical spam industry. In any case, I decided to take advantage of the Comment Blacklist by developing my own, generalized list. My strategy: less is more. Block the most amount of spam using the least amount of phrases.
And the results have been excellent. Using only Akismet, Bad Behavior, and the Comment Blacklist, I have been able to completely eliminate 99.99% of all comment spam. I say “99.99%” because there are spammers who can’t even spell “viagra” correctly, and so you see an occasional spam comment.
Bottom line is that adding an effective Comment Blacklist to your WordPress-powered site is gonna keep a LOT of garbage from hitting your frontend. Scaring the children. Making your site look cheap, spammy, and risky. You get the idea. It’s entirely a win-win situation: any blocked comments are held for moderation or held in the Trash bin, so you always have full control of what goes through. And so without further ado..
Universal Comment Blacklist
Use this “Universal” Comment Blacklist “as-is”, or as a starting point to craft your own powerful blacklist. Simply copy, paste, and click “Save Changes” (or whatever it says) to enjoy immediate, carefree results. Other than updating the list with any newly discovered spam words, no further maintenance is required. Fix it and forget it!
byob soma loan visa debt poker hotel paxil ambien cialis casino dating rental holdem adipex booker biotin flowers freenet cumshot adderall gambling roulette dermology lorazepam buycialis citalopram cephalaxin vicoprofen antibiotic hello dear doxycycline cialisonline leading-site slot-machine carisoprodol stock prices green energy praziquantel link exchange ghost writing ottawavalleyag climate change work from home cyclobenzaprine discreetordering virtual assistance investment advice job description sleeping pills aceteminophen legal advice prescription augmentation phentermine thorcarlson jrcreations credit card macinstruct hydrocodone enhancement gamearsenal cisbusiness law advice employment retirement estibascon madererias suoisetggn collagenix relax tone mastercard healthcare super bowl data entry make money free essay trade hut oxycontin oxycodone appliance baccarrat blackjack hair-loss ringtones insurance duty-free seks shop relaxtone sheepskin hair loss kesehatan martapura asics gel garantias prestamos heartburn autistic mzageksa burberry tramadol cymbalta lunestra fioricet percocet propecia mortgage pharmacy dutyfree ownsthis aviation strappon hospital medicine diarrhea baldness mattress tartrate zolpidem rivotril creampie myfxbook consumer zulemama tradehut ketapang huarache ogrforum leggings erection esofagus terbaru addidas tentang elahmad samsung origami cananza masakan makanan ramalan chinois appelle brokoli extenze terkini bru83er baofeng eyelash antenna houdini dropcam lesbian lexapro valtrex titties xenical vicodin ephedra lipitor meridia levitra shemale bowling bunkbed thyroid karaoke replica texasma shooter naughty suicide osmosis massage brokers finance boycott berita wanita lebron dewasa payday opshop lyrica herpes cinsel viagra incest breast cyclen valium hqtube ultram clomid alsaud rafcam komodo disney gossip hoodie hermes warezs zensur tenodi camsex troika autism xrumer poilo rolex urine lorex hekto vioxx zolus pussy porno bitch penis pills anime naked xanax hagna hansa yuhan sisme bebek gansa gogus buyut ulcer zayif chung yaesu celeb vegas cream loans nike wart yuan nude bdsm male porn dick cock tits fuck shit anal oisg sex ass gay
Indeed, the Universal Comment Blacklist is quite robust and has served me very well. Before adding to your own site, I recommend scanning through the list and removing any terms that you think might be used in actual user comments on your site. Then going forward, if you ever catch some tricksy spam making it through the blacklist, take a moment and add its keyword to the list.
Over time, your Comment Blacklist will evolve to a mighty barrier through which no spam shall pass.
Just found this “official” blacklist in the WordPress Codex. Feel free to copy & paste this list as well, either appending it wholesale to the Universal Comment Blacklist, or using an online tool to combine the two lists into one while removing any redundant terms. That said, here is the Codex list:
-online 4u adipex advicer baccarrat blackjack bllogspot booker byob car-rental-e-site car-rentals-e-site carisoprodol casino casinos chatroom cialis coolcoolhu coolhu credit-card-debt credit-report-4u cwas cyclen cyclobenzaprine dating-e-site day-trading debt-consolidation debt-consolidation-consultant discreetordering duty-free dutyfree equityloans fioricet flowers-leading-site freenet-shopping freenet gambling- hair-loss health-insurancedeals-4u homeequityloans homefinance holdem holdempoker holdemsoftware holdemtexasturbowilson hotel-dealse-site hotele-site hotelse-site incest insurance-quotesdeals-4u insurancedeals-4u jrcreations levitra macinstruct mortgage-4-u mortgagequotes online-gambling onlinegambling-4u ottawavalleyag ownsthis palm-texas-holdem-game paxil penis pharmacy phentermine poker-chip poze pussy rental-car-e-site ringtones roulette shemale shoes slot-machine texas-holdem thorcarlson top-site top-e-site tramadol trim-spa ultram valeofglamorganconservatives viagra vioxx xanax zolus
Once you have established a core set of blacklisted spam words, make a habit of adding new terms and novel strings to the list. As time passes, you will see the effectiveness of this remarkably simple spam-fighting technique.
Thanks for the tips! I was getting some curious trackback spam the other day from ideahustle dot com.
It looked like a wordpress linkspam blog, and I can only guess that it was trying to trackback posts on my blog in order to boost its own pagerank. That’s my guess at least.
Much of the spam referred to in the article is exactly that type of spam. And, while I have seen plugins designed specifically to fight trackback/pingback spam, I find the spam-words blacklist plenty effective at stopping nearly all of it. Even better, the spam-words list is built-in, so installing yet another plugin is not required.
I didn’t know the WordPress Codex has a list of spam words. They should have just include the words by default…
Thanks for the link :D
**I meant they should have just included the spam words by default in WordPress.
Yes, or at least a link to the Codex list ;)
Very Interesting post! Thank you for such interesting resource!
PS: Sorry for my bad english, I’v just started to learn this language ;)
Your, Raiul Baztepo