After a significant increase in comment spam here at the Variation Point in recent days we decided to take action. Wordpress itself offers a number of options for doing this and these are outlined in an article on the Wordpress Codex Combatting Comment Spam. Our anti-spam approach already used most of these capabilities.

We were also already using the Akismet spam filter and this has been 100% effective in identifying comment spam with no false positives. However we have been spending an increasing amount of time checking our Akismet results for false positives so have now decided to add the Bad Behavior plug-in to try and reduce this effort.

Bad Behavior aims to prevent spambots accessing the site by analyzing their behaviour and checking their profile against known spambot behaviors. Many other Wordpress bloggers seem to have taken this approach and been very successful in first reducing the number of automated spam posts (using Bad Behavior) and filtering out those that are missed (using Akismet). One advantage of adding Bad Behavior should be a drop in bandwidth usage by spambots - an important consideration for us as some months we have exceeded our total bandwidth allowance.

For an even more rigourous approach some sites have also been using Spam Karma in their anti-spammer arsenal. The three plug-ins are reported to work well together.

Numerous captcha plug-ins are also available for Wordpress. You’ve probably seen these already - they add the capability to require the site visitor to enter some characters, or answer a maths question that has been displayed on the web page before a comment can be submitted. We will consider adding one of these plug-ins depending on how well the Bad Behaviour / Akismet combination works out.

If you do decide to add a captcha plug-in then think about how legible the generated text is - you need a balance between making it hard for spambots that are equipped with character reading capability - yes there are some - and making it hard for people who want to make genuine comments.

You should also think about accessibility issues e.g. by providing an alternate audio capability that reads out the letters for blind or visually-impaired vistors. The wikipedia article on captchas is as good a place to start as any to find out more.