Stopping spam comments sitewide
Posted by andrea in Spam: it’s a big issue for any blog, but under WPMU you now have a whole network and it increases by a factor of however many blogs you have. And with a dizzying array of spam plugins out there, what’s an admin to do?
There’s Akismet, but you may need a license. There’s SK2, which isn’t being developed any longer. There’s Bad Behavior which confuses the heck out of me (admittedly, it’s pretty easy to do that).
I’ve long been an advocate for the simplest solutions being the best, and on a single WP install, the first thing I do on setup is use the comment moderation and blacklist boxes in the first line of defense. No plugin needed, the core already handles it. But in MU, you can’t do this sitewide – or can you?
My hands-down favorite spam plugin is actually three very simple ones bundled together by James Farmer. It contains Simple Trackback Validation, the Simple Spam Filter and lastly, Peter’s Custom Anti Spam Image Plugin. This not only works, the plugin can easily be edited to change the captcha words, and they are READABLE. Make the words relevant to your site, and the users go crazy with appreciation. On my own site I use this, and every so often I add or change words that suit the audience. Even visitors notice and leave more comments. The Simple Spam Filter works much like the built-in options except it applies them sitewide.
You can also do this by using the New Blog Defaults plugin. It too has an option to set up the comment blacklist.
The really great thing I like about all these is in stopping known spam, it tosses them out on their rears – BEFORE they fill up the database. Even comments marked as spam by Akismet get saved in the database for however many days before being deleted. I’m almost convinced that spammers look for Akismet-protected blogs to fill up.
I’ve even added the simple spam plugins above to a site that was already running Akismet. They were being hit so hard by spammers, repeatedly and near constantly, it was bringing the server to a crawl on a daily basis. Not to mention the database cruft buildup. The addition of the simple things above (plus some firewall tweaks) slowed this to a trickle. WordPress functions weren’t being run repeatedly on known spam, so the load was less, as well as less calls to the database.
Also, I usually install auto-close comments as an optional plugin for users to choose for themselves if they want to close comments on entries older than 30 days. On personal site, it’s a viable option because the entries are time-dependent and rarely is there a legit need to leave a comment on an entry from last year when Jimmy turned 3.
Edit: there’s also WP Spam Free
So, what works for you?
![[Post to Twitter]](http://wpmututorials.com/wp-content/plugins/tweet-this/icons/tt-twitter-micro3.png){kind=icon}
Another solution, especially if you like the idea of Akismet, is Typepad Antispam put out by the SixApart folks. While it does require a license to operate, it is 100% free while a sitewide solution for Akismet is $500 a month. SixApart staff have confirmed that they don’t mind it running on WordPress Mu.
I’m about to implement the typepad antispam, I’ve heard good things
Another plus with Typepad Antispam is that it’s truly Open Source. If you request it, they will send you a copy of the server software. They won’t do that with Akismet. Granted neither site will send you their filters (Can’t blame them for that) but you can get a good set from Spam Assasin. You have to write them for the server but it’s a good start.
Granted most of us aren’t going to be in a position to run our own spam solutions on a local server.
I use wp-spamfree with just some basic modification in order to work with wpmu. Its great it has stop oke 40k spams in my personal blog with domain mapping.
Great advice. Filtering through all the spam plugins is quite a task. Thanks for advising on what you’ve found to be the best method.
@Dr. Mike Wendell…
…would you advise using the Typepad solution along with all the others as well, or just standalone?
If you’re just looking at a Mu install, I’d just use the Typepad plugin. We do something different for our own clients but we do it as a rack wide solution tied into our routers.
You can take any AKismet plugin on the web and just change to url of where the lookup is done. It’s actually fairly neatly done.
My Cookies for Comments plugin should work well on MU too. It leaves a cookie in your browser that’s required for commenting. Of course it occasionally stops legitimate comments but it’s a no brainer plugin that reduced spam by a huge amount on my own blog.
More here: http://ocaoimh.ie/cookies-for-comments/
WP-Hashcash should help keep some of the spammers out of the signup page too!
What about turning the comments off all together? I know it is counter to the whole “blog as a dialogue” thing, but sometimes I think it is the only choice. I have some friends who are testing it and using Twitter for feedback.
Is typepad working site-wide, or a key is needed for every blog?
For educational and non-profit folks, Askimet provides a ‘free’ option for wpmu users. You have to provide a promotional link to both askimet and wordpress on all your blogs, More here: http://akismet.com/buy/non-profit/
thanks for the helpful and timely information
indeed it’s so painful to be victims of spam. For a long time still have not found an easy solution to protect my wpmu blog.
in a short word, what’s your recommendations to overcome the spam in wpmu?
silvius, you can hardcode in the key as a sitewide solution. This has been confirmed by the SixApart folks. You can actually do that with Akismet as well although Automattic (ie Matt) has stated that they will block you if you do so without the proper license.
Akismet works best for me so far.
I’m still searching for what would work best for an MU install, but for my personal site I’ve been using just Akismet for over two years and never had a problem. Before that I used SK2 (and it was ok, but high maintenance) and then switched to WP Hashcash (which I’ve recently reinstalled just to see if it does anything to completely mitigate trackback spam).
For me, though, captchas are absolutely not an option. I’m blind, many of my blog readers are also, and honestly I just find them irritating beyond reason.
I am using typepad antispam service, until yet I’ve not a single complain about it.
I activated the Typepad plugin site wide, but it does not show as installed for any blog other than our primary WPMU blog.
We run the WPMU Dev Premium Supporter plugin and enable the plugins menu only for supporters, but not even Supporter blogs list the plugin as installed, let alone activated. Any ideas are welcome.
Depends on how you installed it. Can you walk us through how you did it please with some specifics? We just place the files within the /mu-plugins/ subdirectory, hard code the key and it works fine.
i used combo hashcash+ wpspamfree + typepad.
hashcash protect spambot from register to my wpmu.
use plugin commander to activate wpspamfree sitewide. this freeze all spambot in cold.
and this reduce spam to manage from hundreds down to 1-2 per day.
harcoded the typepad api key and activated sitewide. this stop most manual human spam.
That sounds like a good formula to me, I don’t know why I’m not seeing as much discussion about the autobot registering, as a Mu owner this is a serious concern, I will be trying this combination, thank you!
Also does anyone know why Mu does not have an approval option for Blogs ??? This seems like very basic concept or I’m just not understanding the options I already have (?)
It doesn’t have it built-in, no. But there is a “moderate new blogs” plugin here:
http://wpmudev.org/project/Moderate-New-Blogs
The anoying thing for me was on my first MU install I had no idea that Akismet was not going to work.
So there I was puzzled for 1 hour why my blogs (inlcuding main admin blog!) just gave me a WSOF
[rq=0,0,][/rq]no blog posts found
I’m just getting started with a WP MU install and looking to get the basics done. With the latest version of WP MU, should I still look into Typepad or is there another option to work with?
.-= Arnold´s last blog ..Official Typhoon Lagoon Overview Video =-.
Dr Mike,
I wish to make use of the Typead ant-spam plugin in WPmu – thanks to this post is seems to be a good solution!
Being new to WP, I need to ask what others may feel a dumb question, but which file do I edit and where in the file does one place/hardcode the Typepad Key?
I too would like to know that. I’m using the farmers plugin pack and still getting some spam. Would like to take it a step further, sitewide.
I did a little googling and found this link. http://gobloglah.com/2009/05/20/global-typepad-antispam-api-key/ Although it must be a little outdated. Now, there is a line (line 17 for me) that has a place to put the api key. Just put it between the two single quotes at the end.
I tried your link, but it redirects to 127.0.0.1. Then I tried http://www.gobloglah.com. This works, but using their search I cannot find this post on the site.
I also googled your link which also redirects to 127.0.0.1.
I would really appreciate it if you would tell us which WP file you edited?
Really now – how “doff” can I be. I just had to look at the plugin’s php file – and there it was,. line 17. Thanks for link anyway.
I see you’ve already figured this out, but for others searching for this…
Just put the TypePadAntiSpam.php file in the mu-plugins folder, then look for `$typepadantispam_api_key = ”;` (line 17 in the current version) and put your api between the single quotes.
I love that antispam! I’ve just activated it and I love that I can use words that resonate with people in my country! I loooove this site!!! You guys rock!!!
Hi Andrea: the steps you highlighted should take affect across the entire site and in all blogs with MU? This is to avoid bloggers to worry about the mechanics of it… I am hopping you’d say yes.
Cheers
A
I cant get peters antispam to work on wpmu 2.8.4 with the files in the farms spam pack.
Anyone have any ideas? how did you get it to work here andrea?
How is it not working? If the images aren’t being shown, you need GD image libraries installed on the server.