Spam Free WordPress is a comment spam blocking plugin that blocks 100% of the automated spam with zero false positives. There is no other plugin, or service, available for WordPress that can claim 100% accuracy with zero false positives, not even Akismet. Manual spam is blocked with an IP address blocklist.
This plugin was born out of necessity in September of 2007 when HollywoodGrind was getting a lot a traffic, and with it a lot of spam that multiple plugins could not stop, but instead increased the load on the server fighting the spam. Since its birth, Spam Free WordPress has been tested successfully under real world heavy traffic, and heavy comment spam, conditions. Once Spam Free WordPress is installed, no other comment spam plugins are needed, and it is recommended that all other plugins be disabled since they will cause undesirable false positives.
It is my goal for Spam Free WordPress to help WordPress become the world’s first and only comment spam free blogging platform.
See the Spam Free WordPress homepage for updates, and to read comments related to the plugin.
Spam Free WordPress Features
- Automatically blocks 100% of automated comment spam
- Local manual spam and ban policy set with local IP address blocklist
- Global manual spam and ban policy set with remote IP address blocklist
- Significantly reduces database load compared to other spam plugins
- Zero false positives
- Option to strip HTML from comments
- No CAPTCHA, cookies, or Javascript needed
- Saves time and money by eliminating the need to empty the comment spam folder
Automatically Blocks Automated Comment Spam
Spam Free WordPress uses anonymous password authentication to block 100% of all comment spam with zero false positives. Either the password is submitted with the comment form, or it’s spam. Each post is a assigned a password. The password is generated only after it is visited for the first time, and the password only changes when a comment is left. The password is only generated and changed when necessary to eliminate unnecessary load on the database. The reader leaving a comment copies and pastes the password into the comment field to authenticate while remaining anonymous, thus eliminating the need to login to an different account on each blog. Logged in readers will not be required to use the comment form password.
CAPTCHA is not used because it is hard to read, unnecessary, easily cracked, and reduces the number of real comments substantially. There is an interesting article about CAPTCHA here.
Automated spam bots use the wp-comments-post.php core WordPress file to submit comment spam even if the comment form doesn’t exist like when DISQUS is used to handle comments. Spam Free WordPress hooks into wp-comments-post.php to block automated spam by requiring the same password authentication used on the comment form. Spam Free WordPress eliminates the spam DISQUS users continue to experience.
Local and Remote Blocklist
Spam Free WordPress uses an IP address blocklist to block comment spam that is manually submitted by a real person. The blocklist can also be used to ban readers that leave offensive comments. The local blocklist is stored in the database, so it can be used to set policy for a local blog. The remote blocklist allows a global policy to be set for many blogs that remotely access a file that contains the IP address list.
If someone has their IP address listed in the blocklist that person can still read the blog, but will not be able to leave a comment. This approach is used for several reasons. Spam bots may spoof an IP address, or another person may have been using the IP address when they were banned. No one owns an IP address for life, so the IP address is blocked from leaving comments, but not from reading the blog.
Reduces Database Load
As mentioned above, the password is set and changed only when necessary to reduce load on the database. Other plugins filter comments in an effort to determine if they are spam.
Since it is not possible for any filter to ever identify spam accurately, their success at blocking spam is marginal. Those other plugins allow spam to be written to the database most of the time, and stored in the comment spam queue, where the blogger must manually delete the spam. Akismet will prevent some comments it believes is spam from being written to the database, and that results in complaints at times when people realize it was a real person commenting.
Spam Free WordPress knows if comments are real or not, because a password must be entered into the form manually. Anything that is submitted without the password is considered spam. Unlike a filter approach that has many variables, password authentication is 100% accurate, since the password is submitted or not.
Comments that are blocked are never written to the database, which eliminates all the load on the database that spam creates, and other plugins allow.
Option to Strip HTML from Comments
It is very common for manual and automated comment spam to include a URL that links to a web site. Spam Free WordPress has an optional feature that will automatically strip out HTML from comments so that links will show up as plain text, and will then also remove the allowed HTML tags from below the comment text box.
Cached Pages Will Work
Comment form passwords will properly refresh on cached pages, provided the cache program is set to refresh the page on changes to the page, or if a comment has been submitted. Spam Free WordPress has been tested with WP Super Cache, Batcahe, W3 Total Cache using APC, Memcache, and Xcache, and with the super fast Nginx web server using its core NCache module, and PHP served with PHP-FPM, with Apache serving PHP, and with other caching programs, all of which worked properly.
Cookies and Javascript Not Required
Readers do not need to accept cookies or to have Javascript enabled for Spam Free WordPress to work.
About Travis Smith
