In the hellish battle against spam, many WordPress users have adopted a highly effective trinity of anti-spam plugins:
This effective triage of free WordPress plugins has served many a WP-blogger well, eliminating virtually 99% of all automated comment-related spam. When spam first became a problem for me, I installed this triple-threat arsenal of anti-spam plugins and immediately enjoyed the results. Although Spam Karma seemed a little invasive and resource-intensive, too much protection seemed far better than not enough.
Even so, during the most recent redesign of the site, one of my goals was to lighten things up as much as possible — fewer scripts, fewer images, fewer plugins, etc. During that process, I decided to drop both Bad Behavior and Spam Karma. What a mistake that turned out to be! At first Akismet held up just fine, but it only took a few weeks before Perishable Press got hit hard: over 300 spam comments, trackbacks and pingbacks snuck through the Akismet gate. Needless to say, I was extremely upset and spent over two hours scouring the database to remove the stench.
After the attack, I decided to add Bad Behavior back into the mix, and prepare — but not activate — Spam Karma just in case. The result? I am happy to announce that I have been relatively spam-free for several months now, operating exclusively with Akismet, Bad Behavior, and one more little trick that more bloggers should be using: the WordPress spam-words blacklist.
Located in your Options/Discussion (
wp-admin/options-discussions.php) admin panel, the WordPress Spam-Words Blacklist (a.k.a. the Comment Moderation Box) gives bloggers a chance to moderate comments that contain any of the words specified in the list. All such comments are not published, not deleted, but rather relocated to the “moderation” queue for further investigation. This is good, because there are legitimate reasons why someone would want to include the word “sex” in a comment.
At first, I didn’t bother with the spam-words list. I just didn’t see the need. However, while deleting 300+ comments from that nasty spam attack, I noticed large numbers of repeated words: “cialis,” “tramadol,” and “levitra.” Apparently, my site was attacked by the pharmaceutical industry. In any case, I decided to take advantage of the spam-words blacklist by developing my own, customized list.
The results have been excellent. Using only Akismet, Bad Behavior, and the spam-words blacklist, I have been able to completely eliminate 99.99% of comment spam. I say “99.99%” because there are spammers who can’ even spell “viagra” correctly. Overall, I highly recommend implementing your own customized WordPress spam blacklist. It is entirely a win-win situation: any captured comments are held for moderation so you make the final decision.
To help get you started, here is a copy of my customized list. Simply copy, paste, and click “Update Options” (or whatever it says) to enjoy immediate, carefree results. Other than updating the list with newly discovered words, no further maintenance is required. Fix it and forget it!
Personal Collection of Spam Words
soma ambien cialis buycialis hydrocodone viagraonline cialisonline phentermine viagrabuy percocet tramadol propecia xenical meridia levitra vicodin viagra valium porno xanax sex
Indeed, the previous list has served me very well, however there are many other frequently spammed words that may also be added (such as swear words, porn words, etc.). Keep in mind, however, before you begin adding words like a crazed tyrant, that WordPress matches any and all instances of each listed string. For example, if you add the term “sex” to the list, WordPress will place in moderation all comments containing any of the following matches:
..ad nauseam. In other words, any word that contains the same sequence of characters will be matched. This isn’t life or death, however, as comments with matched words are simply relocated to the moderation queue. No risk whatsoever.
With that in mind, here is another collection of commonly seen spam words, as provided via the WordPress Codex. This list is far more extensive than my list, and may be more applicable to blogs that receive a phenomenal volumes of spam. Feel free to copy & paste this list as well, either adding it to the previous list, or simply using it by itself.
WordPress Codex Collection of Spam Words
-online 4u adipex advicer baccarrat blackjack bllogspot booker byob car-rental-e-site car-rentals-e-site carisoprodol casino casinos chatroom cialis coolcoolhu coolhu credit-card-debt credit-report-4u cwas cyclen cyclobenzaprine dating-e-site day-trading debt-consolidation debt-consolidation-consultant discreetordering duty-free dutyfree equityloans fioricet flowers-leading-site freenet-shopping freenet gambling- hair-loss health-insurancedeals-4u homeequityloans homefinance holdem holdempoker holdemsoftware holdemtexasturbowilson hotel-dealse-site hotele-site hotelse-site incest insurance-quotesdeals-4u insurancedeals-4u jrcreations levitra macinstruct mortgage-4-u mortgagequotes online-gambling onlinegambling-4u ottawavalleyag ownsthis palm-texas-holdem-game paxil penis pharmacy phentermine poker-chip poze pussy rental-car-e-site ringtones roulette shemale shoes slot-machine texas-holdem thorcarlson top-site top-e-site tramadol trim-spa ultram valeofglamorganconservatives viagra vioxx xanax zolus
Once you have established a core set of blacklisted spam words, make a habit of adding new terms and novel strings to the list. As time passes, you will see the effectiveness of this remarkably simple spam-fighting technique.