Using The Wordpress Discussion Filters - Fighting Comment Spam
shoemoney
·
·
5 min read
This is the 2nd post in a series on how to fight wordpress comment spam. You can read the first post on minimum comment content here.
People ask me all the time how I maintain such a good comments/spam ratio on my blog. The answer is pretty easy... Lots of work and studying the patterns of spammers. The single most powerful tool is the built in discussion filter system via moderation and blacklisting.
The discussion filters within Wordpress are some of the best tools you have to lower your liability in letting spam through. You can get to the settings by logging into your admin panel then going to settings -> then to discussions. From their you will have plenty of options which I will go through one by one.
Default Article Settings:
This really does not have much to do with fighting spam but I thought I would show it anyway since its in the same section.
E-mail me whenever:
This really will depend on how busy your blog is. I had to give up on this a while ago.
Before A Comment Appears:
Here we go... finally something to do with the actual title of this post:
Over the years I have found the best settings for these is to make people use a name and email, already have an approved comment (comments will sit in moderation queue until approved), and also I do not make a administrator approve every comment. I am not out to censor anyone... just to limit spammers. Thats not to say spammers wont come back once approved and spam but we will point out how to combat that later settings.
Comment Moderation:
Here is where some of the secret sauce comes in. Here are my tips for using the comment moderation system.
1) I HIGHLY HIGHLY HIGHLY recommend putting a 1 in the first box. This means any comment that has a link must be approved no matter what.
2) The moderation box allows you to specify words, emails, ips or just about anything someone would put into a comment. I use this section to post a lot of dynamic stuff.
3) The first thing I put in this box is a list of TOR proxies. They even have a plain list you can just copy and paste into this box. We also put in other open proxy ips from around the web. I am a huge supporter of the EFF and have financially contributed to them since 2004 but unfortunately the Tor network has become a great resource for spammers. We have found that 95% of the comment spam that makes it through the Akismet plugin has a open proxy ip.
4) A good example of stuff to put in here is swear words. I think its pretty obvious I have nothing against swear words but I would like to approve the comment with them before its posted.
5) Another good example is to put in your own companies urls. I have found a lot of times people have posted security issues or bugs with my sites on my blog... and I like to be the first person to see those and deal with them ;)
6) There are several other things you can put in this. Remember that whatever you put in is a broad match so try to keep it pretty specific. Putting in common words will lead to a lot of manual approval of comments and the goal of this is to lesson admin time =).
Comment Blacklist:
The Comment Blacklist feature is very powerful and should not be taken lightly. Every comment that matches your entry will be perminiantly deleted. ALWAYS test a filter out first in Comment Moderation before adding it to the Blacklist so that you know what its going to catch.
Here are my tips for using the Comment Blacklist feature:
1) As you can see I currently send all comments with spam@ in the email straight to the trash. I used this in moderation for over a year and after only false positive decided it was good to go.
2) groups.google is a great example of something that should go right to the crapper. I am pretty sure that Akismet now gives a much higher score to comments with a *groups.google* url in the comment fields but I can them just incase.
3) Anything that sends you BS trackbacks and pings go here. Tired of seeing the same scraper site send you a trackback with your own content? Put it here. Tiered of seeing a forum or spam site with a spammy "auto ping" function that searches and pings any blog that matches the content? Put them here.
Really you want to be very careful with this tool. As I said above its very powerful and you can not undo it. Experiment with matching in moderation then add them to the blacklist when your sure.
This really does not have much to do with fighting spam but I thought I would show it anyway since its in the same section.
E-mail me whenever:
This really will depend on how busy your blog is. I had to give up on this a while ago.
Before A Comment Appears:
Here we go... finally something to do with the actual title of this post:
Over the years I have found the best settings for these is to make people use a name and email, already have an approved comment (comments will sit in moderation queue until approved), and also I do not make a administrator approve every comment. I am not out to censor anyone... just to limit spammers. Thats not to say spammers wont come back once approved and spam but we will point out how to combat that later settings.
Comment Moderation:
Here is where some of the secret sauce comes in. Here are my tips for using the comment moderation system.
1) I HIGHLY HIGHLY HIGHLY recommend putting a 1 in the first box. This means any comment that has a link must be approved no matter what.
2) The moderation box allows you to specify words, emails, ips or just about anything someone would put into a comment. I use this section to post a lot of dynamic stuff.
3) The first thing I put in this box is a list of TOR proxies. They even have a plain list you can just copy and paste into this box. We also put in other open proxy ips from around the web. I am a huge supporter of the EFF and have financially contributed to them since 2004 but unfortunately the Tor network has become a great resource for spammers. We have found that 95% of the comment spam that makes it through the Akismet plugin has a open proxy ip.
4) A good example of stuff to put in here is swear words. I think its pretty obvious I have nothing against swear words but I would like to approve the comment with them before its posted.
5) Another good example is to put in your own companies urls. I have found a lot of times people have posted security issues or bugs with my sites on my blog... and I like to be the first person to see those and deal with them ;)
6) There are several other things you can put in this. Remember that whatever you put in is a broad match so try to keep it pretty specific. Putting in common words will lead to a lot of manual approval of comments and the goal of this is to lesson admin time =).
Comment Blacklist:
The Comment Blacklist feature is very powerful and should not be taken lightly. Every comment that matches your entry will be perminiantly deleted. ALWAYS test a filter out first in Comment Moderation before adding it to the Blacklist so that you know what its going to catch.
Here are my tips for using the Comment Blacklist feature:
1) As you can see I currently send all comments with spam@ in the email straight to the trash. I used this in moderation for over a year and after only false positive decided it was good to go.
2) groups.google is a great example of something that should go right to the crapper. I am pretty sure that Akismet now gives a much higher score to comments with a *groups.google* url in the comment fields but I can them just incase.
3) Anything that sends you BS trackbacks and pings go here. Tired of seeing the same scraper site send you a trackback with your own content? Put it here. Tiered of seeing a forum or spam site with a spammy "auto ping" function that searches and pings any blog that matches the content? Put them here.
Really you want to be very careful with this tool. As I said above its very powerful and you can not undo it. Experiment with matching in moderation then add them to the blacklist when your sure.