Blocking Comment Spambots

Blocking Comment Spambots

I’m trying the plugin wp-hashcash, which is an anti-spam plugin for WordPress. Up to now, I’ve been using ThreeStrikesSpam to catch suspect comments before they go live, which has worked pretty well. However, it creates some additional work for me.

The new plugin works by assuming that manually-entered comments are OK, while comments entered directly through the comment posting PHP script are probably spam. The theory is that spammers are unlikely to actually enter their spam by hand, instead relying on “SpamBots” that invoke the PHP submission code directly without user intervention. Any bot that bypasses the manual entry form is now detected and denied.

So here’s trying it out…I’ve disabled 3SS but have left the “comments with links get moderated” functionality on to see if it really works. Looking at the wp-hashcash.php code, it looks like comments just don’t get to the posting stage if the comment entry form is bypassed, so we’ll see. Here’s hoping it stems the tide for a little longer.

The current repository for wp-hashcash is here.