Solving WordPress Comment Spam

Hi friends,

If you own a WordPress based blog you’re more than likely aware and probably the victim of spam in all variations and forms. This could be somewhat of a pain to combat and takes a bit of experimenting to find the absolute best method to successfully deal with it.

My measures simply boils down to using two plugins, and some minor modifications in my core files. But it should be perfectly enough with these two plugins.

The first one is called Stop Spammer Registrations Plugin by Keith P. Graham, the core features of this plugin is that it implements checks against the databases of StopForumSpam.com, Project Honeypot and BotScout to prevent spammers and bots from registering or making comments.

Mr. Graham’s plugin works out of the box although I suggest getting API keys from the services listed above. On it’s own the plugin does combat a lot of spam, but occasionally it let’s through some comments — this was not an option for me, so I decided to add one more solution: WP No-Bot Question. The developer behind this plugin calls themselves Compdigitec. The WP No-Bot Question plugin has – as of this writing – not been updated in over 150 days, and only reached version 0.1.1 – however it does work flawlessly with WordPress 3.4.2 without modifying the plugin in any manner.

I did however make some minor adjustments in the code. For example:

function wp_nobot_question_filter($x) {
if( current_user_can('editor') || current_user_can('administrator') ||
( /* Is registration? */!is_array($x) && !wp_nobot_question_get_option('registration') )||
$x['comment_type'] == 'pingback' || $x['comment_type'] == 'trackback' ||
!wp_nobot_question_get_option('enable') ) {
return $x;
if(!array_key_exists('wp_nobot_answer',$_POST) || trim($_POST['wp_nobot_answer']) == '') {
//wp_die(__('Error: Please fill in the required question.','wp_nobot_question'));
wp_redirect( 'http://anonymizer.k0nsl.org/topcat.php', 302 ); exit;
$answers = get_option('wp_nobot_question_answers');
foreach($answers as $answer) {
if(trim($_POST['wp_nobot_answer']) == $answer) return $x;
//wp_die(__('Error: Please fill in the correct answer to the question.','wp_nobot_question'));
wp_redirect( 'http://anonymizer.k0nsl.org/topcat.php', 302 ); exit;

I merely removed this pesky line:

wp_die(__('Error: Please fill in the required question.','wp_nobot_question'));

And replaced it with:

wp_redirect( 'http://anonymizer.k0nsl.org/topcat.php', 302 ); exit;

Because hopefully my visitors are intelligent enough to understand that they probably did not answer the correct question. And any potentional bots are forcefully redirected to my HoneyPot.

This set-up has eliminated any and all spam to my blog, root and branch. I’m going to optimize these plugins further to make them even better. If you have any ideas to combat spam, feel free to get in touch with me because I am always on the lookout for better ways to eliminate spam.



k0nsl is a programmer, server administrator, designer, moderator, spokesman and factotum of a wide-variety of web pages. You can reach k0nsl via e-mail — [email protected]

Leave a Reply

Your email address will not be published. Required fields are marked *