I’ve been tired of comment spam at my blogs (I also use WordPress as a CMS engine so comment spam is even more pain in the ass) so I have created a method to stop it. My method proved to be very efficient and doesn’t need any human interaction (while plugins such as Akismet require blog owner to periodically look through spam folder to check if there aren’t any false positives). I have decided to wrap it up in a plugin.
How does it work?
Well, I’ve noticed that spambots usually directly attack the wp-comments-post.php script that is a WordPress comment processing script. Some (but this is really rare) spammers also try to parse the WWW page and when they find a <form> there, they just blindly fill it in and submit.
If you look into any WordPress template source code, you’ll find that there is a <textarea name=”comment”> somewhere inside. This is a text field for comment content that user enters. Spammers just fill it in with garbage.
What my plugin does is change this <textarea> name to something meaningless for spammers (by default its „komentarzyk” which means „a little comment” in Polish 😉 ). This way, whenever a spammer attacks your wp-comments-post.php directly, he doesn’t fill now required „komentarzyk” field and the comment is not added. Moreover, my plugin leaves the <textarea name=”comment” in the source code, but makes it small (1 row and 1 column only) and tries to hide it through CSS (display: none) so human user will probably not fill that field in. Spammers don’t bother to check textarea’s size nor do they understand CSS, so even when they parse your webpage, they not only fill in required „komentarzyk” field, but also fill in the „comment” field (because they fill in just everything they find). This way they let your blog now they are bad people – if „comment” field is filled in, probably machine filled in your comment form instead of human. So we refuse the comment to be added.
So, how to install the plugin?
1. Download the Krop Spam plugin and unzip it into your WordPress wp-content/plugins directory.
2. Enable the plugin in WordPress admin.
3. Open up wp-comments-post.php in your favorite text editor and find a line that says:
$comment_content = trim($_POST['comment']);
4. Replace this line with following fragment:
if(trim($_POST['comment']) != '') wp_die( __('Sorry, small comments field should be left empty - it\'s a spam trap.'));
$comment_content = trim($_POST['komentarzyk']);
5. You’re done 🙂
I have tested the plugin with few WordPress themes found on the internet and it works correctly. The only plugin’s requirement is that it needs to have access to any temporary directory (usually /tmp) on the server. It’s almost always possible. If not – talk to you provider.
How efficient is it?
I have been using this method at my Karkonosze page since a few months ago and it decreased the number of spam I receive from 20-30 a week to 1 in 3 months. There’s no guarantee it will work for you though 😉