WordPress allows you to disable comments on a post by post basis, but doing so…
Catching all of the spam comments that hit your site can be a real chore. Personally, I turned to a third party service, Disqus, to help me out. But if you’d like to keep everything in-house, Cookies for Comments does a great job blocking out spam comments with a really simple solution.
What’s It Do?
Cookies for Comments works by inserting a small image, under 100 bytes, into your site. This is then detected by the plugin and used to insert a cookie to confirm that users are actually using your site and is not a spammer. If the plugin detects a spam comment, then it automatically bounces the comment to spam or deletion, depending on which you prefer. This blocks the insertion of comments by spam-bots and other non-human visitors.
The plugin also gives you a few options to eliminate another kind of comment spam if you want and allows you to customize the message shown to spammers when they are blocked. It works completely behind the scenes and very well.
How’s It Work?
When you install and activate the plugin, it will begin working immediately with default settings. However, you can go to Settings -> Cookies for Comments to customize it.
First, select from the drop-down menu whether or not you want spam comments to go to your spam folder, or go directly to trash with “Delete.” If you get enough spam, the latter might be the better option. Next, you can choose the “Payload Delivery Mechanism,” which is set to “Image” by default. You can also choose “CSS File,” but this has a (relatively small) performance impact. You should really only switch to this setting if you are finding that a lot of spam is somehow making it through.
The next option is the “Speed Spammers.” In the provided text box, you can enter a certain number of seconds. This will make it so that if any comment is posted before that amount of time is reached, it will also be sent to spam. This is to prevent users who visit a page, then post using a bot or manually very quickly, without actually reading the post, then move on. The plugin recommends between 3 and 6 seconds. Again, enable this only if you think that it is an actual problem. Otherwise, leave it at 0 to keep it disabled.
The last option is “Rejection Message.” It is here that you can customize what message spammers will see when their comment is bounced. If you don’t put anything here, a default message will be displayed instead.
If you are a developer, you may also want to add the following lines to your htaccess file. This will prevent comments from every being posted in the first place, instead of being bounced away. But only use this if you have a good understanding of FTP and htaccess.
RewriteCond %{HTTP_COOKIE} !^.*34952f8c72989b842de2db6cd8f3c989.*$ RewriteRule ^wp-comments-post.php - [F,L]
Or for Multisite
RewriteCond %{HTTP_COOKIE} !^.*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.*$` RewriteRule ^wp-signup.php - [F,L]
The plugin works behind the scenes, so you won’t even notice that it’s there until spam comments start being blocked.
Costs, Caveats, Etc.
Cookies for Comments is free, updated often, and quite effective. If you’re having a problem with it, first check to make sure that your cache is cleared, then head over to the support forums to ask for help from the plugin developer.