Spam and blogs seem to go hand in hand, unfortunately. I don’t know of one blog, my own included, that hasn’t been hit by spam at least once per day. The good news is that there are many steps you can take to prevent a significant amount of spam, and several things you can do to easily clean up if you’ve been hit by a large amount of spam.

Preventing Spam on Your WordPress Blog

• Keep your WordPress installation up to date. This sounds like a no-brainer, but you would not believe how many people out there just don’t bother to keep their software updated. WordPress routinely tweaks their code to improve security and prevent hacking and spamming, so it’s always a good idea to use the latest version.
• Avoid excessive keyword usage if you can help it. In many cases spammers are attracted to your blog not only because of its ranking (Google PageRank, Alexa, etc.), but because of the type of content you post. Unless you absolutely have to, don’t keyword-drop left and right.
• Use spam preventative tools on your comments pages. CAPTCHAS and math problem anti-spam plugins are numerous, and most are easy to install and setup, and blend seamlessly with whatever theme you happen to be using.
• Close comments after a certain period of time, say, one week, or within a month of posting.

Removing Spam from Your WordPress Blog

• Go through your list of pending comments and delete spammy ones. Double check your list of approved comments, too, as sometimes illegitimate ones can slip through the cracks (on the flip side, always double check comments listed as spam, as WordPress can occasionally make a false-positive identification on a legitimate comment!).
• Use a plugin like Delete Pending Comments to help you clean up hundreds or thousands of pending comments that are spammy.
• As a final measure, update any out-of-date installations and plugins!

When I’m blogging about a nurses uniform costume for Halloween, or my new cell phone, or even how many loads of laundry I folded, the last thing I feel like dealing with is spammy comments that have no relation to my blog. So here are the plugins I use to prevent and remove spammy comments:

• Akismet: stops spam by comparing the comment details to a huge and constantly-updating database of known spammers and their spammy comments
• Math Comment Spam Protection: adds a new field to the comments page that requires commenters to solve a simple math problem
• Sparm Karma 2: works similar to Akismet

Has anyone noticed an increase of spam on their WordPress powered blogs? I know I have. What’s odd is that the blogs that are being hit the hardest aren’t even that popular. jenn.nu has a Google Page Rank of 4, yet it’s in-my-bag.com (PR of 2) and kitty.nu (PR of 2) that are being hit the hardest. Go figure?

With that said, what is your favorite anti-spam plugin? Or plugins? I need something robust and powerful and kick-ass. Help a girl out!

An ounce of prevention is worth a pound of cure.

Spam is annoying, and there are certainly a lot of WordPress plugins that can help you catch it, moderate it and delete it. Several useful spam catching & killing plugins include Akismet, Bad Behavior and Sparm Karma 2. I have used all of these plugins, and all three are pretty effective in catching legitimate spam comments.

But instead of worrying about catching spam, focus on preventing it. Imagine being able to write about lab coats and not get crappy spam comments! There are several ways to accomplish this, including requiring user registration in order to post comments, common sense and math questions, and some basic captcha (mixture of letters and numbers that are randomly generated) questions. But these can all be bypassed by spammers who use bots to make the rounds on blogs.

So, what can work? Consider using reCAPTCHA. Unlike a typical captcha, reCATCHA works by using scans of digitized books. These scans cannot be read by a computer or spam bot, but they can easily be deciphered by human viewers. Additionally, reCAPTCHA uses two words or groups of words together in one puzzle/question, as a further preventative measure against spam attacks.

reCAPTCHA is put to use by PayPerPost (which is where I first saw it) and many websites that allow user account registrations. Now it’s found in a plugin: WordPress’s very own WP-reCAPTCHA. Installation takes less than five minutes (upload, activate, fill in the API keys which are given to you with a free account registration at recaptcha.net), and the reCAPTCHA box is automatically displayed on a blog entry’s comments page. Additionally, the plugin allows the reCAPTCHA functionality to be used with new user registrations.

You can see WP-reCAPTCHA in use right here.

Bottom line: be proactive, not reactive.