I’ve noticed in the last couple of years that the previously excellent spam filter Akismet for WordPress has become less effective.
I have wondered if the rise of embedded solutions like Facebook comments has caused Akismet to miss out on useful data, but perhaps it’s just the spammers getting cleverer.
Either way – I didn’t want to install Facebook comments on my blog and I didn’t want spam comments either. Even when they do get caught they still use up disk space and emptying thousands of spam comments every month is just irritating.
So I’m trying out a new technique. (steps below) I’ve not proven this to be effective yet, but the theory is sound. I will report back after a few weeks.
1. Create a honey trap.
The idea of the honey trap is that bots will fill in all fields, even if the user is expected to leave one blank. Ideally the field is hidden from human/browser rendering. As in my case – you’ll notice that the comment form below has one field hidden. (I chose the author website field)
2. Intercept the comment post
WordPress offers a filter for preprocessing any comment that’s posted. So add this simple function into your theme and any form submission containing the author URL field will not go into the database. It will be assumed to be a bot and get booted – quite ungracefully, I might add.
That’s it. Let’s see if it works. I’ll probably just get no comments.
This survives on the theory that comment spam is all done by blind bots. If it’s done by humans then we’re screwed. If the bots are so good that they parse the HTML and CSS and miss the honey trap, we’re also screwed.
The honey trap on this blog is the comment author’s website field. I decided this field was expendable. People often comment in order to get their link out there, or perhaps they just want credit where credit’s due. However, I hope that a genuinely valuable contributor with something interesting to say will comment regardless.