One of the things that makes me jump in WordPress is spam !!! Whether we are talking about spamco, spammer, registration spam, it is still SPAM! So of course, there are WordPress plugins and some techniques to protect yourself against it, but there are still some …
Fight against spam in WordPress
I particularly noticed their resurgence when setting up an ecommerce site under WooCommerce. In this case, as in others, we must leave the possibility for Internet users to register on the site (Settings >> General >> Default role of any new user: Customer).
This is where the problem lies ! The number of spam registrations kept increasing, sometimes going up to 10 per day with disposable addresses (outlook.com, hotmail, etc.) and containing keywords (money, vuiton, webmarketeur, etc.). So I tried to limit this influx of spammy registrations: captcha, recaptcha, math pass… Nothing helped!
Until I discovered a little free WordPress plugin that does the job and does it very well. I named Stop Spammers .
WordPress Stop Spammers plugin
Stop Spammers’s most well-known feature is that it can block spammers, more than 15 different ways. It tests to see whether you have any accounts linked, subscribed, or commented on, and blocks them when identified through this process.
Stop Spammers eliminates 99% of signup and comment spam, it checks all attempts through StopForumSpam.com, Honeypot Project, BotScout, DNSBL lists, known spammer hosts such as Ubiquity servers, disposable email addresses, extended email addresses (therefore suspicious), known spammy HTTP_ACCEPT names and headers. It also sets up a fake comment login screen that only spammers can find.
Stop Spammers check IPs much earlier in the comment and / or in the registration process. As soon as it detects a spammy IP, the plugin stops the WordPress process and an access denied message is presented. You can customize the access denied message or just redirect the spammer to another page or to a website.
How does the plugin work?
Stop Spammers uses the resources of StopForumSpam, the Honeypot project and BotScout to prevent spammers from signing up or leaving comments, by checking user traces / referrals on these three databases.
Stop Spammers works by verifying the IP address, email, and ID of the user or anyone who attempts to register, login, or leave a comment. It can also work in conjunction with web development in Pakistan for logins and registrations.
Optionally, the plugin will also check disposable email addresses, check for the absence of an HTTP_ACCEPT header, and check several DNSBL lists such as Spamhaus.org. It also checks against known spammer hosts such as Ubiquity-Nobis, XSServer, Balticom, Everhost, FDC, Exetel, Virpus and other servers, which are a major source of spamco.
It rejects extended email addresses because spammers cannot resist the temptation to put keywords everywhere;) It also rejects data in the form of a post where there is no HTTP_REFERER header, because spammers forget often include referral site information in their software.
The plugin installs a “Red Herring” comment form invisible to normal users but not to spammers who will try to use it. As a result, their IP address will be added to the deny list. This feature is disabled by default because the shape may be an issue with your theme. Activate the option and check your theme. If the shape (a one-pixel box) changes the layout of your theme, turn it off! I highly recommend this option because it stops a lot of spammers.
The plugin also checks how long takes a reader to read the post, submit through the form, and then post their comment. If it takes less than 4 seconds, it’s a spammer. A human being cannot enter his email, comment then submit a comment in less than 4 seconds, CQFD!
Did You Pass Math?
Did You Pass Math requires the user to solve a simple math problem, such as: “how many is 1 + 2”. Without a response or in the event of an incorrect response, the comment is then considered spam and the comment blocked. Simple but effective, it can be adjusted and forgotten.
Peter’s Custom Anti-Spam
Displays words from old books that users must interpret correctly to comment. WP reCaptacha uses the same service that is in place on sites like Twitter, Facebook, and StumbleUpon. Good deed: using this service allows you to digitize old books. Disadvantage: requires a key to operate.
Antispam Bee is very easy to use, it also has many options and filters. Advantage: does not store data on remote servers.
Bad Behavior automatically blocks bots that violate the robots.txt. This plugin prohibits access to your blog with a magnificent 403, to most robots identified as spammers. It can be used as an anti-spam add-on solution.
Cookies for Comments
This plugin adds a stylesheet or an image to the source code of your blog. When a browser loads this sheet or the image, a cookie is set. If the user subsequently leaves a comment the cookie is checked, if it cannot be found, then the comment is classified as spam. Cookies for Comments can also check how long it took for a user to enter a comment. If it’s too fast, it’s probably a spam bot.
This is already something to protect you from spam , I offer you very effective little last, to discover: Captcha
My Conclusion, My Settings!
An excellent free WordPress plugin ! Stop Spammers is powerful, highly configurable but above all very effective, since its installation no more spammers have come to pollute the site under WooCommerce, comments and opinions are now open and hardly require any moderation.
Among the settings to pay particular attention to : Blocked Email Domains, Blocked TLDs and the Spam Words List. Connections to anti-spam databases are handled automatically and there is no need to even obtain API keys. Finally, Stop Spammers can work in conjunction to improve spam detection.
Warning: bad handling, bad adjustment and you can blacklist yourself… So first of all we save and we find out about the procedure which allows to deactivate a plugin via its FTP;) We also check in the plugin settings “Automatically add admins to white list ”.