How to Block Spam Comments That Get Through Akismet

Hi Ashley!

I’m positive you’ve discussed this recently, but I can’t seem to find the post. So sorry!

Basically, spam comments are slipping through the Akismet spam filter more and more lately. I had 11 that I had to delete recently, just from the last week alone! What else can I do to protect my blog from spam comments?

Thanks so much!

Meredith

Hey Ashley,

I tried searching through your site but couldn’t find anything answering this topic. If you already have though and give me a link, that’d be great. I don’t want you to have to repeat yourself!

When we started Oh, the Books! we used Jetpack comments and would only get an occasional SPAM comment here or there, but had to turn off that plug-in because it was causing problems for some bloggers who were trying to comment (as you know). Since we have switched to WordPress’s native commenting system, our SPAM has gone wild. In March we had 206 SPAM comments, and so far in April we have 1891 SPAM comments. That’s a huge jump!

My question:
Do you have recommendations for WordPress users when it comes to managing SPAM comments? Is there a certain plug in or commenting system you would recommend? Do you have a certain method of sorting through it yourself? It would be quite easy to just hit the “Empty SPAM” button, but I’m always worried I’ll end up deleting a real comment.

Thanks!

Asti

I know exactly what you mean, girls! Akismet worked flawlessly for me for several years, but in recent months anywhere from 5-15 spam comments have been getting through every day. It was SO annoying! I dealt with it for a few weeks and then finally I decided, “I’m going to stop this!” I’ve been testing my new method for a few weeks now and between my new methods and Akismet, all spam has been eliminated!

I went from:

  • 200-600 spam comments posted and caught by Akismet every day.
  • In recent months: 5-15 spam comments NOT caught by Akismet every day that needed to be marked as spam manually.

To:

  • 0 spam comments being posted (since August 30th).
  • About 10 spam trackbacks (those are not covered by this method—Akismet handles those though).

Step 1: Install Stop Spam Comments

This plugin requires that your theme uses comment_form() to display the comment fields. If you install it but your theme DOESN’T use comment_form(), legit users won’t be able to leave comments!

There’s a very simple, lightweight plugin called Stop Spam Comments. Now, most spammers are bots who have JavaScript disabled. So with that in mind, here’s how the plugin works:

  • When a person clicks on the comment field, JavaScript creates a new hidden input field. But since bots have JavaScript disabled, this input field never gets created for them.
  • When the comment is submitted, the plugin checks to see if the hidden field exists. If it doesn’t exist, the comment doesn’t go through.

There’s even a fallback for REAL people who have JavaScript turned off so that they can still comment. But the number of “real” people who have JavaScript disabled is like 1%.

This plugin is SO simple, but it does a great job eliminating spam comments!

Step 2: Adding an extra hidden field (optional/advanced)

To be extra secure, I decided to take this one step further. I created a new text input, hid it with CSS (so real people can’t see it), then when the comment gets submitted I check to see if that field has any content. If it does, then the comment doesn’t get submitted.

The reason this works is because bots just look at the HTML on the page. So if something is hidden with CSS, they don’t know it. In order to get their comments through, spammers fill out EVERY field. So, most spammers would fill out this fake field and then they would fail the spam check.

All you have to do is paste this code into your theme’s functions.php file:

This code requires that your theme uses comment_form() to display the comment fields.
<?php
// Adds a new text field to the comment form
add_filter('comment_form_default_fields', 'ng_antispam_comment_field');
function ng_antispam_comment_field($fields) {
    $fields['ng_twitter_handle'] = '<input type="text" id="ng_twitter_handle" name="ng_twitter_handle" placeholder="Your twitter handle">';
    return $fields;
}

// Gets executed when the comment is being processed
add_filter('preprocess_comment', 'ng_process_comment_antispam');
function ng_process_comment_antispam($commentdata) {
    // If this is a trackback or pingback, return
    if ($commentdata['comment_type'] != '') return $commentdata;

    // If the secret field is filled out, do not process the comment
    if (!empty($_POST['ng_twitter_handle'])) {
        wp_die('You\'re a fugly spammer!');
    }

    return $commentdata;
}
?>

I called the field ng_twitter_handle to make it sound legit (just in case the spammers try to be smart!).

Now it’s also very important that you add this CSS to your theme to hide the field for legit users. If you don’t hide it, real people will see it and try to fill it out.

#ng_twitter_handle {
    display: none;
}

Have you had problems with Akismet letting spam through?

What solutions have YOU tried?

Photo of Ashley
I'm a 30-something California girl living in England (I fell in love with a Brit!). My three great passions are: books, coding, and fitness. more »

Don't miss my next post!

Sign up to get my blog posts sent directly to your inbox (plus exclusive store discounts!).

You might like these

45 comments

  1. Thanks for this Ashely. I’ve found that lately Akismet hasn’t been as effective as it used to be. I’ve implemented your step 1 but not step 2 as editing php files scares me and I’ve yet to try that. Hopefully even step 1 will help though.

    1. I see no reason to use it when this method will work just as well but not be noticeable to real users whatsoever (whereas CAPTCHA requires them to perform an action).

  2. Oh wow I was wondering if it was just me! I used to get none and now I get like 10 a day I need to manually mark as spam (and it’s been going up). One thing that could help too, last time this happened to me about 6 months ago, I tagged Akismet on a complain tweet and they had me email them my plugin key/ID of whatever you call that (and I have the free one, too), and they did something to it that made it much better! Sounds like they need to do that regularly though since my problem is back. I’ll be giving this a try! Thanks! πŸ™‚

    Giselle recently posted: Review: Night Film by Marisha Pessl
    1. If you want to use this method you’ll have to make some adjustments to your theme since yours doesn’t use the comment_form() code. If you want me to swap that for you, let me know. Otherwise you just need to edit the comments.php file in the Xpresso Reads theme directory and delete everything between:

      <section id="respond" class="respond-form">

      and

      </section>

      Then, in between those, just enter in:

      <?php comment_form(); ?>
  3. I recently installed Conditional Captcha, though I’m not quite as impressed with it as I hoped, since I’ve still had a couple spam comments slide through. (It’s also captcha, and even if it is conditional, I’m not a fan.) I looked at my theme’s comment.php file, and to my untrained php eyes, it looks like Thesis makes up its own complicated php.

    Amanda @ On a Book Bender recently posted: I Want It That Way by Ann Aguirre {Jenna’s Review}
    1. Ugh that’s why I hate theme frameworks. Rather than using all the normal WordPress code they make overly complicated code that barely uses default WordPress functions so you have to learn all THEIR stuff instead.

  4. Well that code stuff is like another language for me but its nice to know im not the only one suffering from spam. I have to delete 400-800 comments in my spam mailbox every day and lately about 10-20 of them make it through. So annoying, especially since its usually for the same couple of posts.
    Will you be releasing your plugin soon?

    Nereyda @Mostly YA Book Obsessed recently posted: Book Mood Board (7): Princess of Thorns ..
    1. Yes, provided that you have the latest version. πŸ™‚ If you read the changelog for the most recent update, it talked about switching to use comment_form() code.

  5. Thank you so much, Ashley! I thought that I am the only one who is having this problem. Every week, I usually accumulate 1K-1.5k spam comments which is alarming and frustrating because what if there are real comments in there that I wasn’t able to unspam?

    I already installed the stop spam comments. But I would also like to do step #2. When you said insert the code on “theme’s functions.php file”, does it refer to the “Theme Functions (library/functions.php” for the Tweak Me Theme? If it is, where should I paste it? At the very bottom, after the footer credits coding?

    And regarding the #ng_twitter_handle {
    display: none;
    } code, where should I paste it? On Theme Options>Custom CSS?

    Thank you so much for the help!

    Charlotte @ Thoughts and Pens recently posted: Stacking the Shelves {33}
    1. Putting it in library/functions.php or functions.php are both fine. πŸ™‚

      And yes, the CSS code goes in Theme Options > Custom CSS!

  6. OMG Thank you so much! I’ve been having serious problems with this lately too. More and more spam gets through and since I’m not doing good keeping up with my comments (what else is new, right?) they sit on the page for days, which I hate even more! Before I do all this – you said it won’t work with all themes. I’m assuming your Tweak Me theme should be good, right? Or do I need to do a work around? Don’t want to break anything! You’re awesome!

  7. Have you ever thought about publishing an ebook
    or guest authoring on other websites? I have a blog centered on the same
    subjects you discuss and would really like to have you share some stories/information. I know my viewers would appreciate your work.

    If you are even remotely interested, feel free to shoot
    mme an e-mail.

Recent Posts

    Random Posts