I realize this comes with the territory of being a hugely successful blog, but in spite of the magic of Akismet we get so much comment spam, we’re wondering how to fight it without hindering actual commenting – that’s really vital to us, we do not want to make it less likely that you’ll comment. But the spam is making us look like a link farm and in addition to being an irritant it may be killing us with Google. Pic related.

I took out the website field in the comment template and I set comment threads to auto-close after a few weeks or so. Not good enough. Here’s the list of remaining options I came up with when spitballing how to battle the spam with the fellas:

A) Simple captcha system (what’s 2 plus four)
B) Typical annoying captcha system
C) Comments with URLs in them going to pending
D) Comments with URLs get rejected
E) Site user registration, only let people post URLs in comments if they are logged in
F) Disqus-like comment system again requiring people to log into something
G) Make sure Akismet’s working.. dig around WordPress forums for tips
H) Tighten article comment cutoff to one week or whatever
I) Maybe there’s a way to let people post URLs only if there’s been an approved post with the commenter using the same email address and masculine nickname?
J) Look for phrase consistencies in recent spam, set up rejection filters for things like “my website”
K) Look for geographical consistencies of spamming IPs, ban entire countries from the site (EG China, most of Eastern Europe, Nigeria), or if possible just from commenting but not the whole site

I noted that I did not like any of these that much, Smith’s reaction was that none of them are good in that they would all hinder commenting or traffic or both and so we should just put up with the spam and delete on the fly. But I’m more concerned than he is so here I am now adding L) to the list, post an Ask for Readers bit about this. Please do not post fake spam here as a joke because it feels ironic, it’s not that ironic. Maybe a little. Any tips?

Update: Ike advised us to install Bad Behavior, so we did. My money’s on Ike, think we’ve got our answer.


  1. I’m about to hit the button on adding “href” to the comment words blacklist. Good or bad idea?

    That wouldn’t prevent people from posting URLs, which is good, but it would prevent bots hyperlinking them however they want themselves, could trip up a lot of these bots, at not that great an expense. And I think the theme hyperlinks URLs anyway and if not I imagine we could come up with a way to auto-hyperlink in comments, or just not bother.

  2. A mix of options H, and G and let people post URLs, if they post URL, it will wait for admins’ approval. Captcha system discourages people to talkback.

    • Well people comment regularly with URLs and that would be more comment approval email to field than I’d like, so I’m thinking prevent manually-hyperlinked URLs, which bots tend to do and people tend not to do when posting links. Meaning “check out _my_website_” would not go through but “check out my website http://whatever” would go through, I think with the URLs clickable, even without the tagging.

      I think I’m the only one who bothers with manual hyperlinking (with a href tags) in comments, me and the spammers. And spam bots probably, if they’re capable of seeing that their comment was rejected somehow, won’t try again without the HTML tagging, they’ll just move on. Maybe a bunch of them just post URLs with no tag. Guess it’s worth trying.

      Akismet says we’re connected to them properly, that it’s shielded us from 1,243,952 spam comments, 2812 in the queue, let’s see if those numbers change on their own.

      Wow I crashed the server by trying to flush the queue…

      • I think check out my website, and comments like I/my neighbors wife/sister etc. made fortune something like can be easily eliminated by filters I think.

    • Regarding comment timeout, the default’s currently twenty days unless specified otherwise by the author or for however long on and after the twentieth day commenting persists daily. Drop that to a week?

  3. I don’t understand a word you just said. I vote for each comment should route through simmons super awesome android phone, then his chromebook to make sure no spam.

    • JR, we delete it manually when we happen to run into it (like that screenshot in the article, I took that shot then proceeded to delete them), and this service we and many other WordPress-using sites use Akismet deletes many more for us on its own before they get posted.

  4. Guys, listen to me.

    Install the Bad Behavior plugin.

    It intercepts most of the real spam before Akismet even sees things.

    Bad Behavior sniffs out those comments that attempt to inject themselves into the site without even triggering a true visit.

    Seriously, try that first. I’ve used it on many sites.

  5. Hmm interesting not sure that there is a catch all solution. I see much larger traffic sites with spam in their comments. You guys must do a good job manually catching it because I don’t really see that much on here. Sounds like the commenters are throwing out good suggestions. I just wanted to add that if you do anything regarding captcha I will never comment. I hate that system with a passion.

    • This thing Ike firmly suggested is hard at work, watching its log grow. I took “href” off the blocked word list to see how many spam comments in a row are on one of Jim’s articles when I wake up tomorrow morning. I have a feeling fewer than four. We might have our answer.

Comments are closed.