I guess every blogger needs to go down this road sometime…

For some reason my post about geotagging has become some comment spammers new favorite darling. When my server came back online (after this little outage) the comments started flowing in at a rate of approximately one comment every four minutes (360 every 24 hours). What I did then was to enable the akismet plugin which is shipped by default with the wordpress installation. And sure, it did mark all the offending comments as spam. But then another problem arose – the usability. How can you guarantee that none of the comments marked as spam are actually mismarked comments, so called false positives? The only way to do that is to manually check the whole spam queue before deleting all comments in said queue. This struck me as slightly sub optimal. What I wanted was a 100% reliable solution.

So I started looking for captcha plugins for wordpress. I came up with one called simpleCaptcha but as it turns out it requires an image processing library (e.g. GD) to be installed on your webserver. While I am the administrator of my own webserver I didn’t really feel like fiddeling around with that kind of stuff, so I kept on looking. The next suggestion on the interwebs is reCaptcha which is actually a quite nifty idea!

ReCaptcha is basically using images of words which can’t be recognized by OCR software from scanned books. The good thing about this is that my server doesn’t have to generate the images itself, they’re already obtainable from another server. And the whole idea of using words which can’t be recognized by machines is most likely drastically reducing the amount of autonomous captcha busting bots able to post comments to my now reCaptcha protected comment forms!

Now the only one remaining issue with this plugin is that it still saves the comments in my wordpress database – although marked as spam. Sure, they’re not published but I’ve still got a spam queue to clean up once in a while. It’s not that much of an issue really since after having disabled akismet there’s only one way a comment could end up in the spam queue and that is by failing the reCaptcha test. Ergo – I can empty the queue without checking it manually beforehand.

The ultimate solution (in my opinion) would be a reCaptcha plugin which doesn’t save the comment as spam when the check fails but rather deletes the comment all together. Atleast this could be a configurable option. If I could set an option like that it would mean that I could re-enable the akismet plugin again and then the only way a comment could end up in the spam queue is by failing the akismet test. Let’s see if anyone picks up on this. =)

This entry was posted on Thursday, May 21st, 2009 at 10:38 and is filed under Miscellaneous, Programming. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.