A poor urchin goes up to the headmaster, “Please sir, can I have more comments?”
The headmaster looks down from his perch and with a grimace says, “Not before you show me your cookie!”
Well, the poor lad never did get any more comments. He didn’t have the right cookie, but you can. Just grab my Cookies For Comments plugin and anyone who leaves a comment on your blog will need the correct cookie. That will stop quite a bit of comment spam dead in it’s tracks.
It’s the first release and fairly simplistic, but it should give some comment spammers a headache for at least 10 minutes. It’s about time they upgraded their spamming tools anyway. According to my log file, it had stopped over 18,600 spam comments in the last week or so. The rest got handed to Akismet and it stopped several thousand more. They’ve been busy haven’t they?
So, should you use this instead of Akismet? Not a chance. This will only stop the brain dead comment spammers who use automated bots to post to the comment form. Trackback and pingback spam and spammers who either use poorly paid human slaves or browser based user agents will defeat this.
If you use a caching plugin such as WP Super Cache make sure you clear the cache after enabling this plugin. Also, I’m not sure what will happen with those plugins that merge CSS files together.
Thanks Dan for the idea!
15 Comments
kosir (3 comments.) on March 6, 2008 at 5:42 pm.
I only get about 20 spam comments per day in my blog since it’s not an English blog which all get caught by Akismet, but I recently noticed I am getting some strange visitors trying to spam my blog. I hope this will stop them. Thanks for your work.
Chris (1 comments.) on March 6, 2008 at 6:29 pm.
A WordPress plugin inspired by Oliver Twist? Magnificent.
Pi (1 comments.) on March 6, 2008 at 6:55 pm.
I presume that this is a cookie which will survive McAfee cleaning, or IE cleaning and not be automatically selected for destruction when Clear All Cookies is clicked?
Cookies have a limited life span; limited by the willingness of those who clean their computer files regularly.
Donncha (1707 comments.) on March 6, 2008 at 8:14 pm.
Pi – the cookie is set on every page load if it’s not already set so there’s no need to worry about any of those scenarios.
Nemo (2 comments.) on March 7, 2008 at 12:18 am.
Are these session cookies, or more permanent sorts? I notice I’ve got six cookies from your site – a couple are session cookies, but one expires in two years, and one in 2038. Google took some flak a couple years ago for having eternal cookies, and it seems to be that the “best practices” – especially for something (I presume is) open-source.
I’m not really too bothered by it, but the more (vocal|paranoid) privacy-advocates might get their tinfoil knickers in a twist.
John Pozadzides (26 comments.) on March 7, 2008 at 1:30 am.
Donncha,
A couple of questions:
– What happens if you use a browser that does not support style sheets? For example a cell phone browser? Does that mean they cannot leave comments?
– What happens to legitimate trackbacks and pingbacks? I assume they don’t take cookies, so will they still come through?
John
Donncha (1707 comments.) on March 7, 2008 at 7:32 am.
Nemo – this is just a session cookie, the really long lived cookie is probably the comment_author one is it?
John – that’s probably very true. This will break on clients that don’t support CSS. Perhaps loading a small image would be better but then they may have images turned off or runing through a proxy server that compresses them that might strip the cookie.
Trackbacks and Pingbacks are not affected. That’s one reason you can’t do without Akismet!
Nemo (2 comments.) on March 7, 2008 at 6:14 pm.
The comment_author ones are good for a year; the 2038 one is “__qca”, if that means anything to you. (It doesn’t, to me.) “__utma” expires in 2010…
Dankoozy (41 comments.) on March 7, 2008 at 11:14 pm.
i’m glad someone is getting some bit of use out of it
it hasn’t stopped all that many for me but not many bots have tried. a few manual spammers get through because this is the only anti-spam i’m using for now
azrin (1 comments.) on March 8, 2008 at 1:00 pm.
Cool plugin, but the start will be to rename the wp-comment.php to another randomised name so it won’t work for the bots.
Thanks…
kosir (3 comments.) on March 8, 2008 at 3:49 pm.
I’m using this on my blog and I must say there are less spam comments as there were before, but there is still some annoying spammer that can leave comments.
Is there a way to blacklist an IP (I know it’s not possible with this plugin) since he always comes from the same IP?
kosir (3 comments.) on March 8, 2008 at 5:12 pm.
Sorry for double posts. I already solved the problem with WP-ban plugin.
Pingback: Mental Stability Log » Blog Archive » Cookie Spam Filtering
Max R (1 comments.) on March 12, 2008 at 1:22 pm.
@Nemo: those cookies whose name starts with two underscores come from Google Analytics. Harmless.
IBuzzyou (1 comments.) on March 17, 2008 at 6:00 pm.
The most of my spam is blocked by akismet and for me that’s the best and usefull plugin you could have on a blog!