Plugin: block-comment-spam-bots (Used by 280 domains)

Professional spammers use programs to automate their spamming. The ‘Block Comment Spam Bots’ (BCSB) plugin efficiently blocks their process. No more comment spam!

As no legitimate user will use the professional spammer’s automated process which relies on cURL and WGET commands, real users will never notice the BCSB plugin at work. There are no CAPTCHAS for your visitors to interact with. No silly questions. Just the comment form as designed in any theme.

On the admin side, there are no blacklists, special keys (like Askimet), overloaded spam queues, or overworked databases that store spam comments until you manually delete them.

Install the plugin and that’s it. Invisible, to you and your visitors. The only change you will notice is in your admin area. The list of comments now has a green check next to them. That way you know that comment was made on your website by a real person and was not bypassed by hacking spammers connecting directly to your server.

All that remains is comments made by real people, and while real people can spam, it takes them time and effort. The amount of spam from real people is a lot more manageable than the tsunami from automated spammers, saving you time to concentrate on the important things in life, like your readers, and making connections.

We’ve tested it on multiple websites and it wipes out automated spam completely. If it doesn’t on your site, please let us know.

** Geeky Stuff **
…in case you are interested in how it works…

tl;dr – This provides a total and easy solution to comment spam from spam bots.

Comments are processed by the WordPress wp-post-comments.php file. Automated spammers (‘spam bots’) can provide (‘post’) data directly to that page, bypassing any comment processing, by using CURL/WGET commands.

Bypassing the comment form by posting directly (via CURL or WGET commands), is quite easy. Just send the post ID number, and the bot’s fake name and email, and the spammy content. Boom! Comment spam is on your site!

The result is comment spam – and that is not always caught by other comment spam checkers. Even if it is caught by programs such as Akismet, processing that spam takes some server resources, including writing to the database.

This plugin uses several techniques to ‘sense’ a spambot. There are hidden fields that are changed after a delay. There is a delay in displaying the submit button. And it blocks direct access to the WordPress post/processing functions.

The techniques, also used in our standalone “FormSpemmerTrap” (FST) program, and our other anti-spam plugins (like FormSpammerTrap for Comments), are very effective. They use a bit of JavaScript to block spambots – since automated processes via CURL/WGET/etc cannot process JS code.

It’s simple: you install this plugin, activate it, and bot comments will stop. Immediately.

And it doesn’t add any visual impediments to your comments. No reCaptcha things (which many see as a pain). No silly questions (‘what is 2+8’) on the form. Your comment form does not change. Regular users will not notice a difference. But you will. No more spam comments for you!

This is the best solution to block comment spam. We’ve tested it on a site that had 20-40 spam comments a day. With this plugin enabled, the spam comment stopped. Immediately. And there have been none since installing this plugin. ** Not one. Zero.**

The Admin, Comments list page is modified to show a column with a green checkmark icon if the comment was entered by a real person and not a bot. This is an assurance that the comment was not entered via an automated CURL/WGET to the wp-comments-post.php file. A comment that is on the list that does not show the checkmark was done by a bot. But you won’t see those blocked comments with this plugin enabled. They never get into your database. You can hover over the checkmark icon to see the GUID value indicating a person entered the comment.

The plugins ‘Settings’ screen has no settings. You don’t even need to look at the Settings screen. If you do, you’ll see information about the plugin. And there is a CURL command you can use to test the effectiveness of blocking (or not blocking) direct access to the wp-comments-post.php file.

The plugin also adds the hidden GUID field to the comment form after a delay to help block bots that are using the comment form to submit. If the hidden field is not submitted then a bot tried to bypass the comment form. And a short delay happens before the comment submit button is displayed – another bot protection.