WP Spam Stop WordPress

WP Spam Stop WordPress is a comment spam blocking plugin that blocks 100% of the automated spam with zero false positives. There is no other plugin, or service, available for WordPress that can claim 100% accuracy with zero false positives, not even Akismet. Manual spam is blocked with an IP address blocklist. This is my goal for WP Spam Stop WordPress to help WordPress become the world's first and only comment spam free blogging platform. See the WP Spam Stop WordPress homepage for updates, and to read comments related to the plugin. WP Spam Stop WordPress Features

1. Automatically blocks 100% of automated comment spam
2. Local manual spam and ban policy set with local IP address blocklist
3. Global manual spam and ban policy set with remote IP address blocklist
4. Significantly reduces database load compared to other spam plugins
5. Zero false positives
6. Option to strip HTML from comments
7. No CAPTCHA, cookies, or Javascript needed
8. Saves time and money by eliminating the need to empty the comment spam folder

Automatically Blocks Automated Comment Spam WP Spam Stop WordPress uses anonymous password authentication to block 100% of all comment spam with zero false positives. Either the password is submitted with the comment form, or it's spam. Each post is a assigned a password. The password is generated only after it is visited for the first time, and the password only changes when a comment is left. The password is only generated and changed when necessary to eliminate unnecessary load on the database. The reader leaving a comment copies and pastes the password into the comment field to authenticate while remaining anonymous, thus eliminating the need to login to an different account on each blog. Logged in readers will not be required to use the comment form password. CAPTCHA is not used because it is hard to read, unnecessary, easily cracked, and reduces the number of real comments substantially. There is an interesting article about CAPTCHA here. Automated spam bots use the wp-comments-post.php core WordPress file to submit comment spam even if the comment form doesn't exist like when DISQUS is used to handle comments. WP Spam Stop WordPress hooks into wp-comments-post.php to block automated spam by requiring the same password authentication used on the comment form. WP Spam Stop WordPress eliminates the spam DISQUS users continue to experience. Local and Remote Blocklist WP Spam Stop WordPress uses an IP address blocklist to block comment spam that is manually submitted by a real person. The blocklist can also be used to ban readers that leave offensive comments. The local blocklist is stored in the database, so it can be used to set policy for a local blog. The remote blocklist allows a global policy to be set for many blogs that remotely access a file that contains the IP address list. If someone has their IP address listed in the blocklist that person can still read the blog, but will not be able to leave a comment. This approach is used for several reasons. Spam bots may spoof an IP address, or another person may have been using the IP address when they were banned. No one owns an IP address for life, so the IP address is blocked from leaving comments, but not from reading the blog. Reduces Database Load As mentioned above, the password is set and changed only when necessary to reduce load on the database. Other plugins filter comments in an effort to determine if they are spam. Since it is not possible for any filter to ever identify spam accurately, their success at blocking spam is marginal. Those other plugins allow spam to be written to the database most of the time, and stored in the comment spam queue, where the blogger must manually delete the spam. Akismet will prevent some comments it believes is spam from being written to the database, and that results in complaints at times when people realize it was a real person commenting. WP Spam Stop WordPress knows if comments are real or not, because a password must be entered into the form manually. Anything that is submitted without the password is considered spam. Unlike a filter approach that has many variables, password authentication is 100% accurate, since the password is submitted or not. Comments that are blocked are never written to the database, which eliminates all the load on the database that spam creates, and other plugins allow. Option to Strip HTML from Comments It is very common for manual and automated comment spam to include a URL that links to a web site. WP Spam Stop WordPress has an optional feature that will automatically strip out HTML from comments so that links will show up as plain text, and will then also remove the allowed HTML tags from below the comment text box. Cached Pages Will Work Comment form passwords will properly refresh on cached pages, provided the cache program is set to refresh the page on changes to the page, or if a comment has been submitted. WP Spam Stop WordPress has been tested with WP Super Cache, Batcahe, W3 Total Cache using APC, Memcache, and Xcache, and with the super fast Nginx web server using its core NCache module, and PHP served with PHP-FPM, with Apache serving PHP, and with other caching programs, all of which worked properly. Cookies and Javascript Not Required Readers do not need to accept cookies or to have Javascript enabled for WP Spam Stop WordPress to work.

Proper Installation Example If WP Spam Stop WordPress is installed correctly there will be a "Password:" field on the comment form. An example can be viewed using the Screenshots tab above, or for a live example visit WP Spam Stop WordPress. NOTE: Clear the blog cache, like WP Super Cache, after installation. WordPress 3.0 and Above

1. Upload to the /wp-content/plugins directory
2. Activate
3. If the comment_form() function is already in the comments.php file, then nothing else needs to be done. Otherwise go to step 4.
4. Save a backup copy of comments.php
5. Go to Appearance -> Editor. Edit comments.php
6. Replace the <form> and </form> tags, and all the code between the <form> and </form> tags, with the following line of code: <?php comment_form(); ?>
7. Click "Update File" to save changes.
8. If the file gets messed up, use the backup comments.php code to restore everything.

Incorrect: <form> <?php comment_form(); ?> </form> Correct: <?php comment_form(); ?> If the comments.php file is custom, and it is not desirable to use the comment_form() function, then follow the directions for Wordpress 2.8 or 2.9 below. Wordpress 2.8 or 2.9

1. Upload to the /wp-content/plugins directory
2. Activate
3. Copy and paste the following line into your comments.php file right after the last form field for either the email address or the URL (web site): <?php if(function_exists ('WP_Spam_Stop_wordpress_comments_form')) { WP_Spam_Stop_wordpress_comments_form(); } ?>

Thesis Theme

1. Go to Thesis -> Custom File Editor, choose custom_functions.php, then click Edit selected file. Add the following line of code to that file: add_action('thesis_hook_comment_field', 'WP_Spam_Stop_wordpress_comments_form');
2. Save changes.