Stop WordPress spam before it even reaches Akismet (fast Spam folder reviews)

I'm a big fan of Akismet Anti-Spam. The WordPress plugin filters out 99.99999% of the (many) automated spam comments hitting my blogs, with only the occasional false positive.

But there is a problem. Because of those occasional false positives, I like to scan through the spam folder to rescue real comments. And because of the amount of spam hitting my blogs, this could steal up to 5 minutes of my time per day.

I tried to reduce the amount of Spam folder comments I had to review by making an extensive list of Disallowed Comment Keys in WordPress' Discussion options. Comments having content matching these keys get sent straight to the Trash folder and I trust my list enough not to review those.

This only halved my workload.

There is also the issue of all these spam comments constantly getting added and removed causing other negative effects such as wasted computer resources, leftover data, absurdly incremented indices, and so on.

So what's the instant fix, you ask? First I went to WordPress Appearance -> Customize and hid the URL field with a line of CSS in the Additional CSS box:

#commentform #url{display:none;}

Humans will no longer enter urls when commenting, because the field simply doesn't show up. Bots, however, almost always do.

Then I went to my custom plugin (all self-respecting WordPress installs should have one) and added the following code:

/* turn off autocomplete for the website field */
add_filter('comment_form_defaults', function ($defaults)
    $defaults['fields']['url'] = __( '<input placeholder="Website" id="url" name="url" type="url" value="" autocomplete="off" size="30" />' );

    return $defaults;
}, 50);

/* Preprocess comments */
add_filter('preprocess_comment', function ($commentdata)
	if (isset($commentdata['comment_author_url']) && strlen($commentdata['comment_author_url']) > 0)
	return $commentdata;
}, 1 );

Now a sizable majority of spam bots will simply receive a white screen of death before Akismet is even aware a spam comment was submitted. Very few computer resources have been spent on it, and, best of all, you won't have to waste even a split second of your labor on the garbage.

My most popular blog went from hundreds of comments in the Spam folder a day... to around a dozen.

But won't bots figure it out and just put the spam URL in the comment field instead?

No, I've found that they stay the course. Comment spam bots are hit and run operations junking up millions of WordPress installs a day. They're not going to spend time figuring out a custom workaround for a custom spam solution only used by the few people who read

Leave a Comment