WordPress spam, Akismet and Cookies for Comments

This blog gets about 1 spam comment a second.

Not bad for an obscure blog with, as I write this, only one post open for comments.

Akismet, the spam plugin does a great job of keeping the spam out, although recently a few more spam posts have been sneaking through for moderation, perhaps two a week. Still considering I get about 600 000 spam comments in that week, a miss ratio of 1 in 300 000 is rather exceptional.

The volume of spam shot up markedly after this post, which in retrospect, isn’t so surprising, since it contains every about spam phrase out there.

A feature I’d like to see in WordPress is the ability to automatically delete spam after a certain period. Apparently this is automatically set to one month, but since in that month I’d get about 2.5 million posts, and have to up the space on my backup server, I prefer to delete spam posts manually a little more often than that.

Deleting spam posts isn’t entirely smooth. If the number is too large, the script times out and I have to re-run a number of times. Since the spam arrives so quickly, I never have an empty spam folder, as by the time the deletion has happened, but before the page reloads, there’s normally a couple more posts.

After coming back from the weekend to 40 000 spam posts, I decided to look for a solution. It’d be easy enough to adjust the period in the code manually, but since I’d have to re-implement the change each time I upgraded, I prefer to look for an existing solution.

Enter Cookies for Comments. The solution is simple – the plugin sets a random cookie, which, if it doesn’t exist when a comment is posted, is almost a sure sign that the comment is being placed by a bot.

You can set the plugin to either automatically mark the comment as spam (effectively catching the two or so comments a week Akismet misses, but not solving my problem), or automatically delete the comment.

I set it automatically delete comments. Boom! Blissful silence with my recently-cleared spam folder now not moving from 247 comments.

You can play further and use an Apache rewrite rule to block the requests from even reaching WordPress, which I haven’t implemented yet, but looks hopeful in reducing unnecessary load further.

What’s that? You’re suspicious of cookies and have disabled them, and now you can’t comment on my blog? I doubt you can do much else on the internet either…

Related posts: