How do you deal with comment spam: wordpress?
-
I have akismet installed on my Wordpress blog, and it does a great job of filtering the spam comments, but for some reason my site (and server) gets slammed by the amount of spam comments akismet blocks. If I check my spam folder there will be over 100 spam comments in an hour. (which in turn puts a load on my server.)
Does anyone have any thoughts on how to put a stop to this? (Or at least slow it down?) I know I could use a captcha, but I really don't want to put any barriers on people commenting and I don't even like using those captcha's myself.
Thoughts?
By the way, does anyone know how spam like this works? This has been going on for sometime now. Are spammers just using automated software to do this?
-
By far the best site availability monitoring tool I can recommend is Pingdom.
Signing up for an account is free to monitor one website. You can have it email you or send a text message/tweet when your site goes down. You can also configure how long your site must be out before you get alerted, and how often to be alerted while your site is still down.
Indispensable for understanding what's actually going on with your site.
Paul
P.S. Use the customizations when setting up the monitor so it's actually checking for the existence of a particular word on your page - that way you're testing whether your site is actually rendering, as opposed to just responding to a ping.
-
Thanks for the reply, very helpful info.
As far as server monitoring I don't think I have anything in place. Any suggestions?
-
Sorry - guess should have made that clearer, Rick. There will be a definite reduction in server resources used. The comment still gets partially processed in order to send it to Akismet, but that new setting tells your system to just discard it if it comes back marked as spam. That way, no database writes occur for that spam, which will definitely reduce server load (database reads and writes are fairly "expensive" in terms of added server processing needed).
Without that setting, spam comments that come back from Akismet get written to your database under the Spam table. That's a lot of extra processing for something you were going to throw out anyway.
This won't save as many resources as actually blocking the spam before it even starts to get processed (as the other suggested plugin would do) but you should notice lowered demand on your server resources with this setting. Not to mention a whole lot less crap to clean out every day, as you point out
Paul
P.S One side effect to that setting is you won't be quite as aware of just how much spam you're actually getting since you won't see a lot of it. This means a spam run against some older posts could start really hitting server resources hard but you might not be aware. (Remember, this setting doesn't eliminate the processing demands completely.)
So keep an eye on the stat that shows how many spams Akismet has handled. If you see a prolonged surge, and/or have further server load problems, it will be a signal that more drastic protection methods have become necessary.
Do you have a server monitoring/alerting system in place?
-
Thanks for your very helpful post! It was great!
I never thought of selecting the option to auto delete spam comments on posts older than a month old. Once I did that, it cut down on 80% of the spam I was getting! So thanks!
Quick question on that. Does enabling that option cut down on the server resources? In other words, let's say it cuts down on 200 spam comments a day because they are auto deleted, do those 200 spam comments still get entered in as comments and therefore use server resources? Does this just save me the step of having to go through and delete them / clear the spam folder? Or does this save a huge amount of server resources? Either way it's a huge win!
-
Just wondering if these responses helped answer your question, Rick?
If not, what else might you need clarified tht we may be able to help with?
Paul
-
Ahh... comment spam - the bane of every successful website with an active blog. It's actually a signal of your success that your getting that much spam
I fully agree though - captcha is NEVER the answer if you want to maintain high visitor engagement. You shouldn't be offloading your spam problem onto your visitors to solve. There are better options.
So let's dive in.
How the spam gets generated There are two types of comment spam: bot-generated and manual. The first is created by software "bots" that have been programmed to crawl the web looking for the scripts on a website that allow content submission e.g. comment forms, contact forms etc. The software then accesses the script directly and submits its crapload. WordPress (and othe CMSs) are especially vulnerable because these scripts have the same names on every single install - the bot only has to look for a few very specific filenames in a few standard places.
Because this is two pieces of software talking directly to each other, hundreds, or even thousands of submissions per hour can be generated. The bots generally have no limits on them, so eventually they'll consume so many server resources they degrade or even completely consume the server's ability to do the rest of it's job. (This is considered to be at least 65% of all spam.)
With manual spam, an actual human in a very cheap labour market is paid to go through the posts on a website and manually enter the crapload, entering whatever info into the fields is necessary to make the comment system think it's a legit human-generated comment.
Filtering vs Blocking
The problem with Akismet is that it is a spam filtering tool, not a spam blocking tool. Each comment is allowed to enter the blog system where it is then sent to Akismet's server to be assessed. Akismet then sends it back to your site flagged to go into your spam, moderation, or publication queue. This means each spam message receives the same processing as legit comments, so the system is still using processing and database resources for every single message received. (Even spam gets written to the database and stays there until you decide it should be deleted.)
All very processing intensive, and hence why having Akismet doesn't do anything to reduce the server load of a spam run - and may even increase it slightly.
Optimize Akismet's Settings
So what to do? First, there's a simple checkbox in Akismet settings that can make a huge difference. You can tell Akismet that if it recognizes as spam a comment to a post that's more than a month old, it should just automatically discard it instead of adding it to the spam queue and writing it into the database. This greatly reduces the database activity created by the spam, and also helps keep your spam queue clearer so it's easier recognize legit comments that might have been caught from more recent posts. (Spammers tend to focus on older posts for a number of reasons - mostly becasue they're easier to find) The clear disadvantage is that the (very) few comments falsely identified as spam will be irretrievably gone. I know this could be an issue for you as many of your posts continue to get comments for months after, but if you're clearing 100s of comments an hour, chances are that some legit comments are accidentally getting deleted already.
To enable the automatically discard function, simply go to the Akismet Configuration page under your Plugins (where WordPress.com API Key is entered). At the bottom of the page, check-mark the box for Automatically discard spam comments on posts older than a month. Remember to click the Update options button when done.
Stronger Protection
If you need more protection, you're going to need to install a plugin that intercepts the comments before they get into the system and automatically discards the ones that show the characteristics of bot-submission behaviour. Essentially the plugin analyzes how the comment was posted, rather than its content.
The best-known of these is Bad Behaviour, but it's a pretty heavy-handed solution that has been known to even block GoogleBot and hence cause deindexing of many pages. I'd call it a last-ditch solution.
I'd suggest you try WP Captcha-Free which is a small, very lightweight plugin that invisibly creates a "hash" when the comment is created that must also be present when submitted. Most spam-bots fail at this since they're submitting directly to the comment script and so are blocked before the comment really starts processing. Note that commenters must have Javascript enabled using this system. Since only 2-5% of web users don't have JS enabled, this is a reasonable tradeoff (and much better than pissing of 100% of your commenters by enforcing a captcha)
You will still want Akismet active behind this protection to catch the manually-submitted spam.
So to recap - in order to reduce your server load from spam, you need a system that BLOCKS the spam before it starts to get processed in the first place. Just doing more/better FILTERING won't help as the filtering process actually uses up even more server power. You want your server only processing what is likely to be real comments.
Sorry for the loooong reply but comment spam is a big/complicated issue and if it's approached incorrectly, you can make your problem much worse instead of better.
Fire away with the questions
Paul
-
Your blog will have a 'hook' where scripts can automatically insert comments to your site. Check your server logs - you'll probably see one form or another getting hit, a lot, or a script like xmlrpc.
If it's a form, add CAPTCHA, and that'll stop the scripts from auto-submitting.
If it's something else, consider changing permissions so the whole world can't hit it.
-
You may want to check your GA to see if this started all at once. Your site might be under a DDoS attack, but your server is holding up. That sounds like an awful lot of blocking in one hour. Sometimes the ISP has to step in if you host the server inhouse.
-
Is your blog self hosted or hosted by Wordpress.com ? If it's the one in your profile, then it's hosted by Wordpress.com which would then limit your abilities but then probably shouldn't have server "stress" issues. If it's self hosted, then you can try some of these plugins and see if they help (http://wordpress.org/extend/plugins/search.php?q=spam) Depending upon the software being used to spam your blog, one of these for sure will be able to reduce the issues. So yes, it's automated tools that do all this comment spam.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Do Wordpress sites outrank SquareSpace?
I was a big fan of Wordpress. I used it for 10 years. However, because I run a very small business, the constant upkeep needed on WP in the end started to frustrate me in the end, so I moved to SquareSpace. However, I am beginning to question my decision, as one of my sites is struggling really badly, and I mean badly. The other sites are okay. So I started asking around, and most people are saying there shouldn't be a difference. A few people have said their Wordpress sites always outranks their SquareSpace sites. Then I read what Rand Fishkin said in the below Twitter thread, now I am even more confused. I am very reluctant to move to Wordpress, its just so much hassle. But at the same time, if a site doesn't get much traffic then it's useless. https://twitter.com/drew_pickard/status/991659074134556673 https://twitter.com/randfish/status/991974456477278209 Please let me know your thoughts and experience.
Web Design | | RyanUK0 -
Problems preventing Wordpress attachment pages from being indexed and from being seen as duplicate content.
Hi According to a Moz Crawl, it looks like the Wordpress attachment pages from all image uploads are being indexed and seen as duplicate content..or..is it the Yoast sitemap causing it? I see 2 options in SEO Yoast: Redirect attachment URLs to parent post URL. Media...Meta Robots: noindex, follow I set it to (1) initially which didn't resolve the problem. Then I set it to option (2) so that all images won't be indexed but search engines would still associate those images with their relevant posts and pages. However, I understand what both of these options (1) and (2) mean, but because I chose option 2, will that mean all of the images on the website won't stand a chance of being indexed in search engines and Google Images etc? As far as duplicate content goes, search engines can get confused and there are 2 ways for search engines
Web Design | | SEOguy1
to reach the correct page content destination. But when eg Google makes the wrong choice a portion of traffic drops off (is lost hence errors) which then leaves the searcher frustrated, and this affects the seo and ranking of the site which worsens with time. My goal here is - I would like all of the web images to be indexed by Google, and for all of the image attachment pages to not be indexed at all (Moz shows the image attachment pages as duplicates and the referring site causing this is the sitemap url which Yoast creates) ; that sitemap url has been submitted to the search engines already and I will resubmit once I can resolve the attachment pages issues.. Please can you advise. Thanks.0 -
How to export Wordpress comments ONLY to a new domain
Hi Guys, We have a bit of situation here. We have a website (let's say it is www.oldsite.com) where we had more than 2000 posts. There arose a need whereby we had to move some 60-70 posts from this oldsite.com to another domain of ours (www.newsite.com). So, here is what we did: Move those 60-70 posts manually from oldsite.com to newsite.com Did a 301 redirect of each of those 60-70 posts from oldsite.com to newsite.com. Google has now started to rank the posts from the newsite.com for this. That's all good till now. Now, here comes the situation. We also want to move the comments from some of those posts of oldsite.com (some 10-12 posts out of those 60-70) to the respective posts of newsite.com. How do we do that? Do note that we are pretty comfortable with databases and to some extent PHP. Please help.
Web Design | | seocuppa0 -
Wordpress Theme is blocking alt tags. Does anybody know of any special plugins?
We have a special wordpress theme for nataliecass.com. Unfortunately the theme is blocking all the alt tags (this is a photography website...alt tags are very important). Does anybody know of any special WP plugins for alt tags? Thanks
Web Design | | VanguardCommunications0 -
Should Blog Category Archive URLs be Set to "No-Index" in Wordpress?
It appears that Google Webmaster Tools is listing about 120 blog archives URLs in Google Index>Index Status that should not be listed. Our site map contains 650 pages, but Google shows 860. Pages like: <colgroup><col width="464"></colgroup>
Web Design | | Kingalan1
| http://www.nyc-officespace-leader.com/blog/category/manhattan-office-space | With Titles Like: <colgroup><col width="454"></colgroup>
| Manhattan Office Space Archives - Metro Manhattan Office Space | Are listed when in the Rogerbot crawl report for the site. How can we remove such pages from Google Webmaster Tools, Index Status? Our site map shows about 650 pages, yet Google show these extra pages. We would prefer that they not be indexed. Note that these pages do not appear when we run a site:www.nyc-officespace-leader.com search. The site has suffered a drop in ranking since May and we feel it prudent to keep Google from indexing useless URLs. Before May 650 pages showed on the Webmaster Tools Index status, and suddenly in early June when we upgraded the site the index grew by about 175 pages. I suspect the 120 blog archives URLs may have something to do with it. How can we get them removed? Can we set them to "No-Index", or should the robot text be used to remove them? Or can some type of removal request be made to Google? My developers have been struggling with this issue since early June. The bloat on the site is about 175 URLs not on the site map. Is there any go to authority on this issue (it is apparently rather complicated) that can provide a definitive answer? Thanks!!
Alan0 -
My site build in HTML has been badly hit this recent update and I have been toying on the idea of changing it to Wordpress
My site build in HTML has been badly hit this recent update and I have been toying on the idea of changing it to Wordpress. Would this help in my rankings? It seems the hit came only that last 2-4 days when business become much quieter. Frankly i have no idea on why the site fell in ranking all of a sudden. Been comparing to competitors and even a friend in the same industry and nothing makes sense so far (link profile, DA, PA etc) This site has been ranking well for 3 years prior to this. 2. My site has loads of content and visitors arrive from various landpages. But by changing it wordpress, the url of most of them would probably change. What should i do? 301 redirect all of them or is there a better method?
Web Design | | rester0 -
‘80-90% of SEO already done for you in Wordpress’ Am I missing something?
Hi there, I’m looking for some feedback on a statement made on my Facebook Page re Wordpress and SEO. Please understand I wouldn’t class myself as an expert but I am competent and achieve satisfactory results for clients, more so since becoming a SEOmoz Pro user, I’ve just had some great results for a client using SEOmoz guidelines in ‘On Page SEO Reports’ thank you very much! A comment however made on my FB page has got my interest…. “as you (kn)no(w) google loves WP and will get listed quicker as 80 to 90% of your SEO is already done” Does Wordpress (or Joomla for that matter mentioned in the same conversation) have some SEO advantages that Google loves as the poster would have me believe, can I save time and effort working in word press from an SEO point of view? I use the age old techniques of targeting key phrases and words and distributing them accordingly. Creating internal link structures with ‘key worded anchor text’ etc before embarking on any off page SEO. Do any of you vastly experienced (in comparison to me) SEO folk have any insight into what this statement refers to? I did not gather any references to SEO advantages in Wordpress or Joomla in the Enge and Fishkin et al book The Art of SEO, or any of the other books I’ve read, to develop my knowledge on SEO for the benefit of my clients and of course my pocket. J
Web Design | | JemRobinson0 -
Hey, So I know wordpress is built with a user capability, but what about databasing custom user data?
Hi everyone, so I am working on a project with a friend of mine, without getting into too much detail, here's the problem. We need users to sign in, then for instance, click a button, and then have that action record a value of 1 in a database on our server (preferably accessible through the wordpress admin interface, and in .csv format so that we can make it easy to work with) Any help with databasing, or if wordpress is already built with SOME database technology, etc, etc For instance, SEOmoz's "mozpoint" system.. Wordpress comes built with the ability for users to log in and have profiles with special access, etc, but does it have the ability to log points and values to a specific user as well? Where should I look? What should I google to figure out options? Who could I call / hire?
Web Design | | TylerAbernethy0