How do you deal with comment spam: wordpress?
-
I have akismet installed on my Wordpress blog, and it does a great job of filtering the spam comments, but for some reason my site (and server) gets slammed by the amount of spam comments akismet blocks. If I check my spam folder there will be over 100 spam comments in an hour. (which in turn puts a load on my server.)
Does anyone have any thoughts on how to put a stop to this? (Or at least slow it down?) I know I could use a captcha, but I really don't want to put any barriers on people commenting and I don't even like using those captcha's myself.
Thoughts?
By the way, does anyone know how spam like this works? This has been going on for sometime now. Are spammers just using automated software to do this?
-
By far the best site availability monitoring tool I can recommend is Pingdom.
Signing up for an account is free to monitor one website. You can have it email you or send a text message/tweet when your site goes down. You can also configure how long your site must be out before you get alerted, and how often to be alerted while your site is still down.
Indispensable for understanding what's actually going on with your site.
Paul
P.S. Use the customizations when setting up the monitor so it's actually checking for the existence of a particular word on your page - that way you're testing whether your site is actually rendering, as opposed to just responding to a ping.
-
Thanks for the reply, very helpful info.
As far as server monitoring I don't think I have anything in place. Any suggestions?
-
Sorry - guess should have made that clearer, Rick. There will be a definite reduction in server resources used. The comment still gets partially processed in order to send it to Akismet, but that new setting tells your system to just discard it if it comes back marked as spam. That way, no database writes occur for that spam, which will definitely reduce server load (database reads and writes are fairly "expensive" in terms of added server processing needed).
Without that setting, spam comments that come back from Akismet get written to your database under the Spam table. That's a lot of extra processing for something you were going to throw out anyway.
This won't save as many resources as actually blocking the spam before it even starts to get processed (as the other suggested plugin would do) but you should notice lowered demand on your server resources with this setting. Not to mention a whole lot less crap to clean out every day, as you point out
Paul
P.S One side effect to that setting is you won't be quite as aware of just how much spam you're actually getting since you won't see a lot of it. This means a spam run against some older posts could start really hitting server resources hard but you might not be aware. (Remember, this setting doesn't eliminate the processing demands completely.)
So keep an eye on the stat that shows how many spams Akismet has handled. If you see a prolonged surge, and/or have further server load problems, it will be a signal that more drastic protection methods have become necessary.
Do you have a server monitoring/alerting system in place?
-
Thanks for your very helpful post! It was great!
I never thought of selecting the option to auto delete spam comments on posts older than a month old. Once I did that, it cut down on 80% of the spam I was getting! So thanks!
Quick question on that. Does enabling that option cut down on the server resources? In other words, let's say it cuts down on 200 spam comments a day because they are auto deleted, do those 200 spam comments still get entered in as comments and therefore use server resources? Does this just save me the step of having to go through and delete them / clear the spam folder? Or does this save a huge amount of server resources? Either way it's a huge win!
-
Just wondering if these responses helped answer your question, Rick?
If not, what else might you need clarified tht we may be able to help with?
Paul
-
Ahh... comment spam - the bane of every successful website with an active blog. It's actually a signal of your success that your getting that much spam
I fully agree though - captcha is NEVER the answer if you want to maintain high visitor engagement. You shouldn't be offloading your spam problem onto your visitors to solve. There are better options.
So let's dive in.
How the spam gets generated There are two types of comment spam: bot-generated and manual. The first is created by software "bots" that have been programmed to crawl the web looking for the scripts on a website that allow content submission e.g. comment forms, contact forms etc. The software then accesses the script directly and submits its crapload. WordPress (and othe CMSs) are especially vulnerable because these scripts have the same names on every single install - the bot only has to look for a few very specific filenames in a few standard places.
Because this is two pieces of software talking directly to each other, hundreds, or even thousands of submissions per hour can be generated. The bots generally have no limits on them, so eventually they'll consume so many server resources they degrade or even completely consume the server's ability to do the rest of it's job. (This is considered to be at least 65% of all spam.)
With manual spam, an actual human in a very cheap labour market is paid to go through the posts on a website and manually enter the crapload, entering whatever info into the fields is necessary to make the comment system think it's a legit human-generated comment.
Filtering vs Blocking
The problem with Akismet is that it is a spam filtering tool, not a spam blocking tool. Each comment is allowed to enter the blog system where it is then sent to Akismet's server to be assessed. Akismet then sends it back to your site flagged to go into your spam, moderation, or publication queue. This means each spam message receives the same processing as legit comments, so the system is still using processing and database resources for every single message received. (Even spam gets written to the database and stays there until you decide it should be deleted.)
All very processing intensive, and hence why having Akismet doesn't do anything to reduce the server load of a spam run - and may even increase it slightly.
Optimize Akismet's Settings
So what to do? First, there's a simple checkbox in Akismet settings that can make a huge difference. You can tell Akismet that if it recognizes as spam a comment to a post that's more than a month old, it should just automatically discard it instead of adding it to the spam queue and writing it into the database. This greatly reduces the database activity created by the spam, and also helps keep your spam queue clearer so it's easier recognize legit comments that might have been caught from more recent posts. (Spammers tend to focus on older posts for a number of reasons - mostly becasue they're easier to find) The clear disadvantage is that the (very) few comments falsely identified as spam will be irretrievably gone. I know this could be an issue for you as many of your posts continue to get comments for months after, but if you're clearing 100s of comments an hour, chances are that some legit comments are accidentally getting deleted already.
To enable the automatically discard function, simply go to the Akismet Configuration page under your Plugins (where WordPress.com API Key is entered). At the bottom of the page, check-mark the box for Automatically discard spam comments on posts older than a month. Remember to click the Update options button when done.
Stronger Protection
If you need more protection, you're going to need to install a plugin that intercepts the comments before they get into the system and automatically discards the ones that show the characteristics of bot-submission behaviour. Essentially the plugin analyzes how the comment was posted, rather than its content.
The best-known of these is Bad Behaviour, but it's a pretty heavy-handed solution that has been known to even block GoogleBot and hence cause deindexing of many pages. I'd call it a last-ditch solution.
I'd suggest you try WP Captcha-Free which is a small, very lightweight plugin that invisibly creates a "hash" when the comment is created that must also be present when submitted. Most spam-bots fail at this since they're submitting directly to the comment script and so are blocked before the comment really starts processing. Note that commenters must have Javascript enabled using this system. Since only 2-5% of web users don't have JS enabled, this is a reasonable tradeoff (and much better than pissing of 100% of your commenters by enforcing a captcha)
You will still want Akismet active behind this protection to catch the manually-submitted spam.
So to recap - in order to reduce your server load from spam, you need a system that BLOCKS the spam before it starts to get processed in the first place. Just doing more/better FILTERING won't help as the filtering process actually uses up even more server power. You want your server only processing what is likely to be real comments.
Sorry for the loooong reply but comment spam is a big/complicated issue and if it's approached incorrectly, you can make your problem much worse instead of better.
Fire away with the questions
Paul
-
Your blog will have a 'hook' where scripts can automatically insert comments to your site. Check your server logs - you'll probably see one form or another getting hit, a lot, or a script like xmlrpc.
If it's a form, add CAPTCHA, and that'll stop the scripts from auto-submitting.
If it's something else, consider changing permissions so the whole world can't hit it.
-
You may want to check your GA to see if this started all at once. Your site might be under a DDoS attack, but your server is holding up. That sounds like an awful lot of blocking in one hour. Sometimes the ISP has to step in if you host the server inhouse.
-
Is your blog self hosted or hosted by Wordpress.com ? If it's the one in your profile, then it's hosted by Wordpress.com which would then limit your abilities but then probably shouldn't have server "stress" issues. If it's self hosted, then you can try some of these plugins and see if they help (http://wordpress.org/extend/plugins/search.php?q=spam) Depending upon the software being used to spam your blog, one of these for sure will be able to reduce the issues. So yes, it's automated tools that do all this comment spam.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Is managed wordpress hosting bad for seo?
hi, i would like to create my own website, but I am confused either to choose cpanel hosting or managed wordpress
Web Design | | alan-shultis0 -
Yoast focus keywords for portfolio post types in WordPress
This one is for the WordPress optimization crowd! Portfolios are used to display work. I have a question about best seo optimization techniques. 1. Portfolios can be used to display many different types of work, for me it either original web designs from scratch, WordPress redesigns, or importing a current website into WordPress. What is the best practice for keywords for multiple portfolios that are in one category. for instance WordPress Redesign. If I have 5 WordPress redesign portfolio posts is it good practice to use WordPress redesign for all 5 portfolios or should they use variations? Yoast gets angry when the same focus keyword is used multiple times. 2. Should portfolios even be indexed? Since this is how I attract new customers I would think yes but am I giving too much exposure to my client and not enough to my business. I guess this will depend on titles and meta descriptions. A discussion on best practices here is what I am really looking for. What is your advice and opinion on the matter.
Web Design | | donsilvernail1 -
Wordpress Blog for Magento Store?
Magento is fantastic for e-commerce although the blog capabilities are limited and our web development fees are just ongoing. I have great experience with wordpress sites and I don't have a bad word to say about the CMS, there are plugins available for everything you possibly need to develop the blog. Would it be a good idea to integrate a wordpress blog for our e-commerce store? To keep both the transactional website and the blog on the same domain, but have a different style for the blog so we're not trying to 'sell' to people looking for home improvement advice and DIY guides, our main priority with the blog is to grow the website authority.
Web Design | | Jseddon921 -
Wordpress themes causing google penalty(need experts to settle a debate)
Hi, I have been having a disagreement with another online marketing company. We are both promoting the same product under a different brand name but we ended up using the same theme to build our WordPress sites off of but in no way is the content the same. They are telling me that using the same theme in the same industry will cause a Google penalty. I do not believe this and do not see this causing a problem. The sites are relatively new so there is no proof of traffic dropping or penalties as of yet. What is everyone's professional opinion on this? Can a WordPress theme cause duplicate content penalty? If so would that not mean that anyone using themes will have some sort of penalty?
Web Design | | impact891 -
Old site to new WordPress site - Client concerned about Yahoo Ranking
Hello, Back Story I have a client (law firm) who has a large .html website. He has been doing his own SEO for years and it shows. I think the only reason he reached out to a professional is because he got a huge penalty from Google last fall and fell very far down in rankings. Although, he still retains a #1 spot in Yahoo for his site for the keyword phrase he wants. I have been creating a new WordPress theme for the client and creating all new pages and updating the formatting/SEO. From the beginning I have told the client that when we delete the old site and install a new WordPress site (same domain name, but different page hierarchy) he will take a bump in the search engines until all the 301 redirects get sorted out. I told him I can't guarantee any time frame of how long the dip in SEO will last. Some sites bounce right back while others take longer. Last week, during a discussion, he tells me that if he loses his #1 ranking on Yahoo for any length of time he thinks he will go out of business. Needless to say I was a little taken back. When it comes to SEO I use best practice techniques, do my research, stay on top of trends but I never guarantee rankings when moving to a new site. I'm thinking of ways I can help elevate any type of huge SEO drop off and help the client. Here is what I was thinking of suggesting to the client and I would love some feedback. Main Question He has another domain he isn't doing anything with. It's pretty much his domain name with pc added. I was thinking about using that domain to create a simple 1-2 page WordPress website with brand new content (no duplicate content) aimed at attracting his keyword phrase. I would do as much SEO as I could with a 1-2 page site and give it a month or so to see if this smaller site can get into the top #10 in Yahoo, or higher. Then, when we move the site he will still have a website on the first page of Yahoo for his keyword phrase. I hope I explained it clearly 🙂 I would be open to any suggestions anyone may have. Thanks
Web Design | | Bill_K0 -
Google Analtyics Conversion Tracking for Wordpress Life Coaching Site
Hello, How do I do conversion tracking for Google Analytics for this site: debidonner(dot)com She has a 'Thank You' page after you return from Paypal Thanks!
Web Design | | BobGW0 -
Coding a WordPress shopping cart
I have searched high and low for a light, simple to use Wordpress shopping cart plugin which can use custom templates and work with the transporter and payment gateway i'd like. Unfortunately i haven't found anything. I am currently looking for an example, maybe a tutorial somewhere but can't seem to find anything online, all i can find are advertisements for existing plugins. Can anyone help my any further? I know it's not an SEO related question but i'm out of ideas.
Web Design | | ldestrooper0 -
Finally have a budget for a great seo ecommerce site but need help choosing wordpress, joomla, modx, magneto or? Thank you in advance for your generosity of time
We finally have a budget and want to dump our intuit/homestead site www.originalartbroker.com Our budget is 5k-10k but could do more if needed. I am slowly catching my competition with this homestead site that I built. But I do realize it is time to step back, figure out what is best, and hire a pro to get the job done. I am green in the seo and web development arena so please go easy on me and please help to point me in the right direction. Just went out on a limb a couple years ago playing with homestead.com site software and built what we have today. Didn't know anything about website development...it sort of just happened. I feel and know that homestead.com solution is hindering what we could be doing due to the bloated nature of the site and inability to perform such task as 301 redirects etc.... I have been able to slowly attain first page seo rankings on keywords based of the artists we carry using this po-dunk homestead platform to build my site after a ton of work education thanks to seomoz and a lot of you. But, have never asked for help and could really use some generosity of time in explaining a solution that would work best for our business. Do we just go with a wordpress site that is similar to our current setup and use their plugins? Do we use a cms software solution like magneto or joomla? We will only have 200-300 pieces at any given time. We are constantly selling and buying new pieces providing us content. We are need of a site that can perform well in terms of seo. I have heard of a lot of people talking about joomla, wordpress, and magneto. Would like to be able to have a product catalogue that ultimately sends whatever inventory we are uploading to our social sites and blogs so I don’t have to pump the product out to all of these sites. We offer free custom framing with our pieces and it would be nice to have a program that could wrap the photos of the pieces with the different frames for our customers. When I add a new piece I would like this software to have a predesigned product page that it plugs the information into. I would like it to create the url extension based of the artists name, medium used, and piece name to create unique and individual urls. I would like it to also create its own H tags throughout that product page according to the artist name description, and medium used. I would like to be able to sink this up to google merchant and other sites to carry our product. Bottom line is we sell art. We sell pieces by specific artists. We are constantly buying and selling. I need something powerful that keeps up with our content
Web Design | | forecastedinvestments1