Ultimate Comment Blacklist for WordPress: How to Stop Spam Without Plugins
How do YOU stop comment spam? If you’re like a lot of WordPress users, you just grab another plugin or two and call it good. I mean after all, plugins like Akismet work great at stopping spam. The only downside is that, well, you’re relying on another plugin. And that’s fine for folks who just wanna “get ’er done”, although each active plugin requires additional maintenance and server resources.
To be fair, some plugins are more resource-intensive than others, but in general ANY plugin that you use is going to require some level of support, maintenance, bandwidth, memory, and other resources. So it makes sense to avoid too many (resource-hungry) plugins in order to help improve performance and keep your site running tippy top shape.
Yes there are some cases where installing another plugin is pretty much the only way to do something. But fortunately, that’s not the case when it comes to stopping comment spam. This article explains how to stop spam using only WordPress, thus eliminating the need for any “anti-spam” plugins.
Contents
- Making my site faster by eliminating plugins
- Replacing Akismet with native WordPress tools
- How to stop spam without any anti-spam plugins
- Ultimate Comment Blacklist
Making my site faster by eliminating plugins
I recently completed a massive overhaul and redesign of Perishable Press. My main goal was to simplify production and boost performance. So I took a hard look at each of the WordPress plugins I was using, in order to determine if the functionality provided by each were possible via native WP functionality or some other simple means. Turns out I was able to remove the following plugins:
- Akismet
- Art Directed Styles
- Subscribe to Comments
- Yet Another Related Posts Plugin
To give you an idea of how WordPress default functionality can be used in place of additional plugins. For Art-Directed styles, I simply added any necessary post-specific CSS directly to the post content, had to do this for like 20 posts didn’t even take that long. So BOOM: one less plugin chewing up resources.
Likewise for Subscribe to Comments. I love the plugin but it hasn’t been updated in forever. Plus only a few awesome people ever leave comments anymore, so what’s the point right? So I removed Subscribe to Comments and replaced it with a simple link to post-comments RSS feed (which you can see if you scroll down to the comment form). And just like that BOOM: another plugin replaced with existing functionality. And I did the same for the “Yet Another Related Posts Plugin”, replaced it with a simple theme function. BOOM: another one down. And that brings us to Akismet..
Replacing Akismet with native WordPress tools
After removing the plugins described above, I turned my eyes to Akismet. For years now, I have been recommending Akismet as the only thing needed to stop spam. I mention it in my WordPress video tutorials, books, and elsewhere.
What kinda sucks is that, after years of freely promoting Akismet, I log into DigWP.com one day, to find out that my free Akismet account had been deactivated. After years of no problems, suddenly they pull the “plug”.
Why? What happened?
Apparently the Akismet team didn’t like me using their plugin for free at Digging Into WordPress. No idea why, as they did not provide any warning, notification, or explanation. I’m guessing that they disabled my Akismet license for DigWP.com because the site has a few advertisements and promotes our book, Digging Into WordPress. However the site also has been serving the community for over 10 years, sharing FREE tutorials, themes, and other WordPress resources.
But really it is not a big deal, I understand that rules are rules and must be followed by all. Right? But still, I can’t afford to rely on a plugin that literally at any moment may be disabled, leaving my site open to floods of comment spam. Getting your site riddled with sleazy spam links drives away visitors and hurts your reputation.
Moral of the story
So after that episode, I removed Akismet from DigWP.com and a few other sites where comments remain open. And since then, I’ve removed Akismet from Perishable Press, and working on removing from all of my other sites and client sites. Instead of a plugin, I now use the Ultimate Comment Blacklist and a few choice WP settings, as explained below. And you know what? My sites are much better for it. I now enjoy:
- One less plugin to worry about
- Less load on server resources
- Spam-free comments thanks to native WP tools :)
Note: I don’t have anything against the developers of Akismet or anyone else for that matter. It’s just that it kinda hurts being a huge advocate for years and then suddenly they disable the plugin on my site. So my primary line of defense against spam was just “shut down” without any notification, explanation, or anything. So again, Akismet is great at stopping spam, but there are alternate ways of doing the job without relying on another plugin. Read on to learn how..
How to stop spam without any anti-spam plugins
I’ve written before about the methods I use to stop spam without plugins. The trick as my readers may recall is the WordPress Comment Blacklist. In that linked article, you will find a highly effective set of spammy terms that may be added to any WP Comment Blacklist. For those short on time, here are the bullet points on how to use WordPress’ built-in anti-spam features instead of resorting to yet another plugin.
- Dial in WordPress General settings > Discussion
- Add a solid set of terms for the Comment Blacklist
That’s all there is to it. Which settings to use depends on your specific strategy and site content, goals, etc. For complete discussion of the possibilities, check out my post at DigWP.com: You Don’t Need Any Plugins to Stop Comment Spam. For those short on time, and/or to give you a good idea, here are the Discussion Settings that I use at Perishable Press:
So you can use that as a starting point to dial in your own ideal comment settings, or start fresh whatever. Depending on things like site popularity, traffic, activity, niche, and so forth, the optimal Discussion Settings may vary.
And then for the Comment Blacklist, you can use my tried and true set of blacklist terms, or you can grab the “ultimate” set of blacklist terms provided below. Let’s check it out..
Ultimate Comment Blacklist
So you’ve got the perfect Discussion Settings dialed in. Last step is to add a powerful Comment Blacklist. Fortunately, you can skip the 12 years of research and development and just grab a copy of my own list. The Ultimate Comment Blacklist, combines unwanted/spammy terms from several sources:
- My previous Comment Blacklist
- 10 years collecting spam words at DigWP.com
- 10+ years collecting spam words at Perishable Press
- Spam Words, a list provided via the WP Codex
Given the sources, one might think the resulting blacklist to be miles long. But not so. Rather, these lists have been actively updated and developed for maximum efficiency and effectiveness. What does that mean? It means that we want to block the most comment spam with the least number of terms and the fewest false positives. Is the list perfect? Nope. But guess what. It effectively blocks 99% of the spam comments that I get at Perishable Press, DigWP.com, and elsewhere. Seriously, the Ultimate Blacklist blocks tons of spam and keeps my comment sections looking good.
Download
Bottom line: take a few minutes to configure built-in tools like WordPress Discussion Settings and Comment Blacklist can save you from relying on yet another plugin just to stop comment spam. I mean, WordPress already provides sufficient tools to stop spam in most cases; it just takes a bit of understanding to make it happen.
To-Do
On the to-do list for the Ultimate Comment Blacklist: Integrate DigWP Custom Comment Blacklist. Until I have time, I will leave this as a manual exercise. For example, combine both lists and then use a free online tool to remove duplicate words. Boom done ;)
8 responses to “Ultimate Comment Blacklist for WordPress: How to Stop Spam Without Plugins”
WOW!
Would have figured that with you recommending Akismet (and perhaps even providing a quick-link to it from your websites) – that the folks who develop and operate Akismet would be most appreciative? O_o! I am quite sure that they COULD attribute some of their paying customers as coming by your recommendations of their product and services?
Anyway,
A good htaccess-type solution too (A lot of spammers like to use the older protocol version – especially their BOTS.) :
RewriteCond %{THE_REQUEST} ^POSTs.*sHTTP/1.0 [NC] RewriteRule .* - [F,NS]
Anyway,
Yeah, there’s actually a lot that can still be done with just basic WordPress, and some careful tweaks of the settings and configuration.
I try to use only a few, very-needed plugins (like my rich-text editor interface, for instance).
– Very timely and informative article!
– Jim S.
Yep that was my thought as well.. been pushing Akismet for literally years and then they slam the door in my face. Oh well, their loss.
For the .htaccess POST snippet, it definitely does work, as I explain in this tutorial. Similar, older articles regarding handling/securing POST requests can be found in the archives (sorry I’m too lazy too look, lol!).
Thank you as always for the generous feedback, Jim! :)
Wonderful post, Jeff! Always appreciate your emphasis on security without sacrificing performance. Come to see that so many spam triggers involve medication names, and as a physician, people may genuinely use many of them (antibiotics, etc.) when leaving comments. :lol:
Thank you, Rishi! It is great to hear your feedback :)
Thanks for insightful post.
Did not know about this solution. We now use reCAPTCHA. But that is less friendly on commentors. But also not 100% perfect in preventing SPAM bots.
Thanks for this list Jeff. Very helpful.
BTW, do you have any advice on which options to turn on or off on the Discussion Settings page? The check boxes at the top.
I always wonder which ones should be active and not active. Some of them are not so obvious.
Thanks Eran, I appreciate the feedback. About the Discussion settings, did you look at the screenshot in the article? The options shown there basically (more or less) how they are configured on all of my sites (well, the ones with comments open anyway). Let me know if any questions about specific settings, etc. Glad to help.
Congrats Jeff, is there any way to delete automatically the trash comments? Sincerely I deactivated comments on my blog and I solved the problem forever..but this mean..no more “social”.