Tarpit: Say Goodbye to WordPress Comment Spam
Back in June, I made a decision to remove comments from this site.
I wasn’t happy about it. I think the web is better with open conversations. But Askimet was letting through an incredible amount of spam, and managing it was taking up time that I could have spent writing posts and making cool stuff.
Over the weekend, I brought comments back and added a new plugin that has stopped comment spam entirely.
After the honey pot was invented, the spam bot authors got a little smarter. They added some code to detect these hidden fields. If the name of the field is always the same, then the field is really simple to detect.
How it works
Tarpit (and of course WP Comment Smart Honeypost) does a few things:
- It adds a field to your comment form that bots can see but users cannot.
- It gives your real comment form fields random IDs so bots don’t know what they are.
- It gives your fake comment field the ID of a real comment field (like “name” or “email”), so bots will always fill it out.
- It randomizes the location of the fake comment field so bots can’t ignore it based on its index.
Really, Ryan did all the hard work and I just made a few slight usability tweaks.
I’d also be a ginormous ass if I didn’t give a shoutout to David Walsh. His post on how he stopped WordPress comment spam kicked this whole thing off, and the comments on his post got me pointed in the right direction.
Since installing Tarpit, I’ve had zero spam sneak through. None. So far, it’s a success!