WP-SpamShield Anti-Spam

level Advanced

WP-SpamShield Anti-Spam
level Advanced

An extremely powerful and user friendly WordPress anti-spam plugin that stops blog comment spam cold, including trackback and pingback spam. See what it’s like to run a WordPress site without spam! Includes spam-blocking contact form feature, and protection from user registration spam as well. WP-SpamShield is an all-in-one spam solution for WordPress.

A Powerful Weapon Against: Comment Spam, Trackback Spam, Contact Form Spam, and Registration Spam

Comment spam has been a huge problem for bloggers since the inception of blogs, and it just doesn’t seem to go away. The worst kind, and most prolific, is automated spam that comes from bots. Well, finally there is an anti-spam plugin for WordPress that provides an effective solution, without CAPTCHA’s, challenge questions, or other inconvenience to site visitors. WP-SpamShield eliminates comment spam, trackback spam, contact form spam, and user registration spam.

ew Features

  • Internationalization and localization available. Currently includes Dutch (nl_NL), French (fr_FR), German (de_DE), and Serbian (sr_RS) translations. Ready for translation into other languages. Added in Version 1.3.
  • Stops User Registration Spam now! Added in Version 1.2.
  • Shortcodes for easy contact form implementation.
  • Over 10x faster! Tested and verified with benchmarking software.
  • For more, please view the changelog.

Key Features

  1. Virtually eliminates automated comment spam from bots. It works like a firewall to ensure that your commenters are in fact, human.
  2. A counter on your dashboard to keep track of all the spam it’s blocking. The numbers will show how effective this plugin is.
  3. No CAPTCHA’s, challenge questions or other inconvenience to site visitors – it works silently in the background.
  4. Includes drop-in spam-free contact form, with easy shortcode implementation. Easy to use – no configuration necessary. (But you can configure if you like.)
  5. Protects your site from user registration spam. No more automated bot signups through the login page on your site.
  6. See what’s been blocked! “Blocked Comment Logging Mode”, a temporary diagnostic mode that logs blocked comments and contact form submissions for 7 days, then turns off automatically. If you want to see what’s been blocked, or verify that everything is working, turn this on and see what WP-SpamShield is protecting your blog from.
  7. No false positives due to the method of spam blocking, which leads to fewer frustrated readers, and less work for you. (If a comment gets blocked, a legit user has a chance to try again.)
  8. You won’t have to waste valuable time sifting through a spam queue any more, because there won’t be much there, if anything.
  9. Powerful trackback and pingback spam protection and validation to ensure that only legitimate ones get through.
  10. Easy to install – truly plug and play. Just upload and activate. (Installation Status on the plugin admin page to let you know if plugin is installed correctly.)
  11. The beauty of this plugin is the methods of blocking spam. It takes a different approach than most and stops spam at the door.
  12. Extremely low overhead and won’t slow down your blog (very light database access), unlike some other anti-spam plugins.
  13. Compatible with popular cache plugins, including WP Super Cache and others. Not all anti-spam plugins can say that.
  14. Display your blocked spam stats on your blog. Widgets and shortcodes for graphic counters to display spam stats, multiple sizes and options.
  15. By stopping spam at the front door and keeping the spam out of the WordPress database altogether, WP-SpamShield helps keep your database slimmer and more efficient, which helps your site run faster.
  16. Works in WordPress Multisite as well. (See the related FAQ for details.)
  17. Enhanced Comment Blacklist option. Instead of just sending comments to moderation as with WordPress’s default Comment Blacklist functionality, with this turned on, anything that matches a string in the blacklist will be completely blocked. Also adds a link in the comment notification emails that will let you blacklist a commenter’s IP with one click.
  18. No cost, no hidden fees. Free for both Commercial and Personal use.
  19. A truly plug and play replacement and upgrade for WP-SpamFree. (A far more advanced fork of WP-SpamFree with dramatically improved page load speed, security, and spam blocking power, by its original author.) It will import your old data from WP-SpamFree automatically upon installation and activation, and features you were using on your site previously such as contact forms and spam stats will continue to work without any changes to pages, posts, or theme.

How It Works

Most of the spam hitting your blog originates from bots. Few bots can process JavaScript (JS). Few bots can process cookies. Fewer still, can handle both, especially if you use some clever combinations. In a nutshell, this plugin uses a dynamic combo of JavaScript and cookies to weed out the humans from spambots, preventing 99.99%+ of automated spam from ever getting to your site. Almost 100% of web site visitors will have these turned on by default, so this type of solution works silently in the background, with no inconveniences. There may be a few users (less than 2%) that have JavaScript and/or cookies turned off by default, but they will be prompted to simply turn those back on to post their comment. Overall, the few might be inconvenienced because they have JS and cookies turned off will be far fewer than the 100% who would be annoyed by CAPTCHA’s, challenge questions, and other validation methods.

Some would argue that using JS and cookies is too simplistic an approach. Developers commonly prefer using some type of community-based AI to fight bots by trying to figure out if a comment is spam. While that isn’t a bad idea, when used alone this method falls short – many spam comments get through that could easily have been stopped, and there are many false positives where non-spam comments get flagged as spam. Others may argue that some spammers have programmed their bots to read JavaScript, etc. In reality, the percentage of bots with these capabilities is still extremely low – less than 1%, and even those that can read, can’t fully process it. It’s simply a numbers game. Statistics tell us that an effective solution would involve using a technology that few bots can handle, therefore eliminating their ability to spam your site. The important thing in fighting spam is that we create a solution that can reduce spam noticeably and improve the user experience, and a 99.99%+ reduction in spam would definitely make a difference for most bloggers and site visitors.

It’s important to know that the particular JS and cookies solution used in the WP-SpamShield anti-spam plugin has evolved quite a bit, and is no longer simple at all. There are two layers of protection, a JavaScript/Cookies Layer, and an Algorithmic Layer. Even if bot authors could engineer a way to break through the JavaScript/Cookies Layer, the Algorithmic Layer would still stop 95% of the spam that the JavaScript Layer blocks. (I’m working to make this 100% for fully redundant protection.) This JavaScript Layer utilizes randomly generated keys, and is algorithmically enhanced to ensure that spambots won’t beat it. The powerful Algorithmic Layer is what eliminates trackback/pingback spam, and much human spam as well. And, it does all that without hindering legitimate comments and trackbacks.

The trackback validation contains a filter that compares the client IP address of the incoming trackback against the IP address of the server where the link is supposedly coming from. If they don’t match, then it is spam, without fail. This alone eliminates more than 99.99% of trackback spam. Trackback spammers don’t send spam out from the same server where their clients’ websites reside.

Installation Instructions

Installation Instructions

Option 1: Install the plugin directly through the WordPress Admin Dashboard (Recommended)

  1. Go to Plugins -> Add New.
  2. Type WP-SpamShield into the Search box, and click Search Plugins.
  3. When the results are displayed, click Install Now.
  4. When it says the plugin has successfully installed, click Activate Plugin to activate the plugin (or you can do this on the Plugins page).

Option 2: Install .zip file through WordPress Admin Dashboard

  1. Go to Plugins -> Add New -> Upload.
  2. Click Choose File and find wp-spamshield.zip on your computer’s hard drive.
  3. Click Install Now.
  4. Click Activate Plugin to activate the plugin (or you can do this on the Plugins page).

Option 3: Install .zip file through an FTP Client (Recommended for Advanced Users Only)

  1. After downloading, unzip file and use an FTP client to upload the enclosed wp-spamshield directory to your WordPress plugins directory (usually /wp-content/plugins/) on your web server.
  2. Go to your Plugins page in the WordPress Admin Dashboard, and find this plugin in the list.
  3. Click Activate to activate the plugin.

Next Steps After Installation

  1. Check to make sure the plugin is installed properly. Many support requests for this plugin originate from improper installation and can be easily prevented. To check proper installation status, go to the WP-SpamShield page in your Admin. It’s a submenu link under the Settings. Go the the ‘Installation Status’ area near the top and it will tell you if the plugin is installed correctly. If it tells you that the plugin is not installed correctly, please double-check what directory you have installed WP-SpamShield in, delete any WP-SpamShield files you have uploaded to your server, re-read the Installation Instructions, and start the Installation process over. If it is installed correctly, then move on to the next step.
  2. Select desired configuration options.
  3. If you are using front-end anti-spam plugins (CAPTCHA’s, challenge questions, etc), be sure they are disabled since there’s no longer a need for them, and these could likely conflict. (Back-end anti-spam plugins like Akismet are fine, although unnecessary.)
  4. Install a contact form if you like. (See below)

You’re done! Sit back and see what it feels like to live without comment spam, trackback spam, and registration spam!

For Best Results

WP-SpamShield was created specifically to stop automated comment spam (which accounts for over 99.9% of comment spam), and we have built in many features that combat human comment spam and completely eliminate trackback/pingback spam. Unfortunately, no plugin can perfectly detect human comment spam. As other experts will tell you, the most effective strategy for blocking spam involves applying a variety of techniques. For best results, enable comment moderation in your WordPress Settings. (If you desire a backup, feel free to use Akismet, as the two plugins are compatible, even though it’s probably not necessary. I would recommend not using any other spam plugins at the same time, in order to keep keep your web server load down and prevent conflicts.)

Displaying Stats on Your Blog

Want to show off your spam stats on your blog and tell others about WP-SpamShield? Simply add the following code to your WordPress theme where you’d like the stats displayed: <?php if ( function_exists(spamshield_counter) ) { spamshield_counter(1); } ?> where ‘1’ is the style. Replace the ‘1’ with a number from 1-9 corresponding to one of the background styles you’d like to use. (See plugin homepage for more info.)

To add it to any page or post, add the following shortcode to the page or post where you’d like the stats displayed (using the HTML editing tab, NOT the Visual editor): [spamshieldcounter style=1] where ‘1’ is the style. Replace the ‘1’ with a number from 1-9 that corresponds to one of the images below that matches the style you’d like to use. To simply display text stats on your site (no graphic), replace the ‘1’ with ‘0’.

To add smaller counter to your site, add the following code to your WordPress theme where you’d like the stats displayed: <?php if ( function_exists(spamshield_counter) ) { spamshield_counter(1); } ?> where ‘1’ is the style. Replace the ‘1’ with a number from 1-5 that corresponds to the style you’d like to use. (See plugin homepage for more info.)

To add it to any page or post, add the following shortcode to the page or post where you’d like the stats displayed (using the HTML editing tab, NOT the Visual editor): [spamshieldcountersm style=1] where ‘1’ is the style. Replace the ‘1’ with a number from 1-5 that corresponds to the style you’d like to use.

Or, you can simply use the widget. It displays stats in the style of small counter #1. Now you can show spam stats on your blog without knowing any code.

Adding a Contact Form to Your Blog

First create a page (not post) where you want to have your contact form. Then, insert the following shortcode (using the HTML editing tab, NOT the Visual editor) and you’re done: [spamshieldcontact]

There is no need to configure the form. It allows you to simply drop it into the page you want to install it on. However, there are a few basic configuration options. You can choose whether or not to include Phone and Website fields, whether they should be required, add a drop down menu with up to 10 options, set the width and height of the Message box, set the minimum message length, set the form recipient, enter a custom message to be displayed upon successful contact form submission, and choose whether or not to include user technical data in the email.

If you want to modify the style of the form using CSS, all the form elements have an ID attribute you can reference in your stylesheet.

What the Contact Form feature IS: A simple drop-in contact form that won’t get spammed.

What the Contact Form feature is NOT: A configurable and full-featured plugin like some other contact form plugins out there.

Configuration Information

Spam Options

Blocked Comment Logging Mode This is a temporary diagnostic mode that logs blocked comment submissions for 7 days, then turns off automatically. If you want to see what spam has been blocked on your site, this is the option to use. Also, if you experience any technical issues, this will help with diagnosis, as you can email this log file to support if necessary. If you suspect you are having a technical issue, please turn this on right away and start logging data. Then submit a support request, and we’ll email you back asking to see the log file so we can help you fix whatever the issue may be. The log is cleared each time this feature is turned on, so make sure you download the file before turning it back on. Also the log is capped at 2MB for security. This feature may use slightly higher server resources, so for best performance, only use when necessary. (Most websites won’t notice any difference.)

Log All Comments Requires that Blocked Comment Logging Mode be engaged. Instead of only logging blocked comments, this will allow the log to capture all comments while logging mode is turned on. This provides more technical data for comment submissions than WordPress provides, and helps us improve the plugin. If you plan on submitting spam samples to us for analysis, it’s helpful for you to turn this on, otherwise it’s not necessary. If you have any spam comments that you feel WP-SpamShield should have blocked (usually human spam), then please submit a support request. When we email you back we will ask you to forward the data to us by email.

This extra data will be extremely valuable in helping us improve the spam protection capabilities of the plugin.

Disable trackbacks. Use if trackback spam is excessive. It is recommended that you don’t use this option unless you are experiencing an extreme spam attack.

Disable pingbacks. Use if pingback spam is excessive. The disadvantage is a reduction of communication between blogs. When blogs ping each other, it’s like saying “Hi, I just wrote about you” and disabling these pingbacks eliminates that ability. It is recommended that you don’t use this option unless you are experiencing an extreme spam attack.

Help promote WP-SpamShield? This places a small link under the comments and contact form, letting others know what’s blocking spam on your blog. This plugin is provided for free, so this is much appreciated. It’s a small way you can give back and let others know about WP-SpamShield.

Contact Form Options These are self-explanatory.