“Comment spam” is a term which relates to automatically-generated website comments. People with too much time on their hands make software to submit to websites like mine. It’s then down to me to ensure that the nonsensical or downright abusive comments don’t appear on my website, and that my email inbox doesn’t get swamped with approval request messages generated by the CMS.
A common solution to combat this problem is the CAPTCHA: a wobbly image containing letters and words of dubious legibility, which the site visitor then has to type in to prove that they’re not a spam “bot”. This shifts the responsibility from the website owner to the website visitor, which has a terribly negative impact on website usability. Although it works to combat comment spam, it’s an extra hurdle for the website visitor, which often stops people from commenting at all.
My latest plugin is a very, very simple solution to this problem. It implements the simplest of all solutions, called a honeypot. A hidden input field, which regular website visitors don’t see, is added to each of the regular WordPress forms on the website. Spam “bots” will be able to see this field and they’ll automatically add a value to it. Then the form is submitted, and my plugin sees that the form field has been completed and stops processing the form submission instantly.
I’ve had the plugin running for a while in 2-3 installations, and although Jetpack has blocked and warned me of many thousands of malicious automated login attempts, not one single spam comment has made it through.