admin-plugins author calendar category facebook post rss search twitter star star-half star-empty

Tidy Repo

The best & most reliable WordPress plugins

Free Cookies for Comments

Please read! This plugin has not been updated in over 6 months. It may no longer be maintained or supported. There may be compatibility issues when used with the latest version of WordPress. We suggest finding a similar, alternative plugin. Learn more about outdated plugins.

Cookies for Comments

Plugin Author: Donncha O Caoimh

Jay Hoffmann

August 4, 2014 (modified on October 29, 2019)

Comments, Security

Catching all of the spam comments that hit your site can be a real chore. Personally, I turned to a third party service, Disqus, to help me out. But if you’d like to keep everything in-house, Cookies for Comments does a great job blocking out spam comments with a really simple solution.

What’s It Do?

Cookies for Comments works by inserting a small image, under 100 bytes, into your site. This is then detected by the plugin and used to insert a cookie to confirm that users are actually using your site and is not a spammer. If the plugin detects a spam comment, then it automatically bounces the comment to spam or deletion, depending on which you prefer. This blocks the insertion of comments by spam-bots and other non-human visitors.

The plugin also gives you a few options to eliminate another kind of comment spam if you want and allows you to customize the message shown to spammers when they are blocked. It works completely behind the scenes and very well.

How’s It Work?

When you install and activate the plugin, it will begin working immediately with default settings. However, you can go to Settings -> Cookies for Comments to customize it.

First, select from the drop-down menu whether or not you want spam comments to go to your spam folder, or go directly to trash with “Delete.” If you get enough spam, the latter might be the better option. Next, you can choose the “Payload Delivery Mechanism,” which is set to “Image” by default. You can also choose “CSS File,” but this has a (relatively small) performance impact. You should really only switch to this setting if you are finding that a lot of spam is somehow making it through.
The next option is the “Speed Spammers.” In the provided text box, you can enter a certain number of seconds. This will make it so that if any comment is posted before that amount of time is reached, it will also be sent to spam. This is to prevent users who visit a page, then post using a bot or manually very quickly, without actually reading the post, then move on. The plugin recommends between 3 and 6 seconds. Again, enable this only if you think that it is an actual problem. Otherwise, leave it at 0 to keep it disabled.

The last option is “Rejection Message.” It is here that you can customize what message spammers will see when their comment is bounced. If you don’t put anything here, a default message will be displayed instead.

Cookies for Comments Rejection Message

Customize your rejection message.

If you are a developer, you may also want to add the following lines to your htaccess file. This will prevent comments from every being posted in the first place, instead of being bounced away. But only use this if you have a good understanding of FTP and htaccess.

RewriteCond %{HTTP_COOKIE} !^.*34952f8c72989b842de2db6cd8f3c989.*$
RewriteRule ^wp-comments-post.php - [F,L]

Or for Multisite

RewriteRule ^wp-signup.php - [F,L]

The plugin works behind the scenes, so you won’t even notice that it’s there until spam comments start being blocked.

Costs, Caveats, Etc.

Cookies for Comments is free, updated often, and quite effective. If you’re having a problem with it, first check to make sure that your cache is cleared, then head over to the support forums to ask for help from the plugin developer.


Plugin Info
  • Downloads: 102,564+
  • Downloads trend (30d): -3.3%
  • Active installations: 30,000+
  • Rating:
  • Last Update: June 4th, 2019
  • Download Plugin for Free