Archive for December 22nd, 2010

Why Akismet alone is not enough

Author: Keith Lunt

Dec 22

If you want to protect your blog from the endless comment spam then you might be depending on tools such as Akismet. But, that is not enough. With a little extra preparation you can make your life a lot easier.

Akismet is a great little tool. When I started blogging it was an extra that you downloaded if you wanted to, but it now comes packaged with WordPress and that is a tribute to how well it does its job. However, it is not perfect.

Akismet works quite simply by looking at your comments and comparing them to its rules and patterns. It is trying to calculate from experience which comments are good and which are spam. They are then left either in the queue for you to approve, or filed in the spam folder where they stay for 3 weeks. In this time you should review them all as there will be times when good comments are moved into the spam folder by mistake.

And this is my greatest problem with Akismet. Although it detects spam, it can get false positives – where it marks good comments as spam. So there has to be a manual confirmation in place if you do not want to risk offending those leaving good comments. And if your blog is being plagued by spam then checking and deleting that spam can get very monotonous. In the end, you will probably slip on this task and could be missing good comments.

What is comment spam?
Usually it is an automated process. The people leaving the spam do not actually visit your website, instead, they use computer programs to crawl through blogs, find the comment forms and submit nonsense comments in order to gain some slight search engine optimisation advantage.

So, what’s the answer?
Well you need to stop the comment spam at source. It is no good allowing the comments into your blog and then having to deal with them, it is better if you can prevent them from being submitted in the first place.

For many people that means various forms of captcha fields – that annoying little graphic that you have to retype. From intentionally difficult to read characters to hand written words and mathematical problems. These captcha fields come in a wide variety of formats and they all do their job of preventing automated spam.

An improved solution
But what a lot of these automated comment bots do is to pick up on the comment form when they first visit the website and then storing that information and continually submitting it time after time. This means that there is another ‘invisible’ way of protecting your blog. I use WP Captcha Free for this purpose, which timestamps the submission form when it is first read. This means that the automated bots are always using the same timestamp in the future and the plugin can detect the submission is out of date and delete the form.

It is great and on my blogs most hit with spam, it has gone from a problem of several spam comments every day to maybe one or two per week, which means the real comments are easier to separate out of the spam.