Preventing anonymous comments in WordPress

anonymous comments

I value comments a lot, in fact, I look at the number and quality of comments on a post almost as much as I look at the number of shares, tweets and pageviews to determine how well a post was received. Recently I’ve done some posts that got a lot of annoying responses. Most of those were anonymous comments, which lead me to change my comment policies a bit to prevent those from happening in the future.

This tactic might work for more people, so I thought I’d share it:

Confirming the comment e-mail address

Using a plugin called comment e-mail verification I now force people to use a real e-mail address when commenting. The process is simple: if you comment for the first time, your comment will be kept in moderation automatically. You’ll get a confirmation e-mail with a link in it. Clicking that link will take your comment out of moderation and place it immediately.

The plugin allows you to change the email message sent to the end user as well as some other things, but mostly just works. I use this plugin in conjunction with my own comment redirect plugin, which takes people who comment here for the first time to a special thank you page. This page looks like this:

Commenting thank you page

So the process goes like this, when someone comments here for the first time:

  • Visitor leaves a comment.
  • Visitor is redirected to the comment thank you page, which states, among other things, that they have to confirm their email address.
  • Visitor clicks the confirmation link in his / her email, which takes the comment out of moderation.
  • The visitor is redirected immediately to the comment.

Funnily enough, I now see visitors leave the same comment twice. Once with a fake e-mail address, and then later on with a real e-mail address.

Next to the measures above, I’ve also added some statements to my Comment Rules, above the comment submit button. I now strictly adhere to these rules:

  • Keywords instead of a real name? Comment gets deleted.
  • A fake name instead of your real name? Comment gets deleted.
  • A comment “signature” (with or without links)? Signature gets deleted first time, second time, comment gets deleted.

I’m curious though, most of you reading this are bloggers, what do you do to prevent not just comment spam but annoying comments and commenters?

Top image from Shutterstock.

Tags: ,


Yoast.com runs on the Genesis Framework

Genesis theme frameworkThe Genesis Framework empowers you to quickly and easily build incredible websites with WordPress. Whether you're a novice or advanced developer, Genesis provides you with the secure and search-engine-optimized foundation that takes WordPress to places you never thought it could go.

Read our Genesis review or get Genesis now!

64 Responses

  1. RhysBy Rhys on 4 January, 2011

    Hi :)

    Couldn’t agree more with your comments.

    Unfortunately, my blog was once hit as I appeared quite promenantly in one of those “Dofollow” lists out there. So I got a bunch of spammy comments, some either questioning the ethics of being so anal “But people are contributing to my blog!” they’d say.

    One thing I use for commenting – which is a slight plug – is my plugin InComment. This tracks the commenter’s entrance path into the site using a simple cookie, and then when a comment is left, on the base of the email that gets sent, the path is placed at the bottom of the email. So you can see if the commenter arrived by legit means or by searching for “Leave A Comment” +”Wordpress” +”[keyword]” Google search.

    • Joost de ValkBy Joost de Valk on 4 January, 2011

      Great idea Rhys, now you could have absolutely left a link to that plugin, in fact, I’ll add it for you ;)

      • RhysBy Rhys on 4 January, 2011

        Cheers. Didn’t want to overstep the mark on my first comment :)

    • StanyBy Stany on 4 January, 2011

      I have a few blogs that attract plenty of ‘link hunters’. Akismet is pretty good at eliminating spam but the manual entries have to be moderated.

      A combination of your methods looks like a powerful setup. In the end you only want to keep people who appreciate your blog and add value while being part of your community.

    • RyanBy Ryan on 5 January, 2011

      Very cool idea!

      I get the occasional comment where I’m a bit sketchy as to whether it’s a legit comment made by someone who is utterly stupid or it’s a spammer. Your plugin could make sorting the hard-to-tell spam from the stupid comments.

  2. Mayur (AgentWP)By Mayur (AgentWP) on 4 January, 2011

    I have disabled the links in the comments content as well as for the author name. Thus spammers don’t bother to comment any more.

    • Joost de ValkBy Joost de Valk on 4 January, 2011

      Yeah but that also means you’re not allowing other people to see the “context” of someone’s comment.

  3. bert boerlandBy bert boerland on 4 January, 2011

    and something like for example http://wordpress.org/extend/plugins/wp-mollom/

    • Joost de ValkBy Joost de Valk on 4 January, 2011

      Hmm looks useful too, have you tried it on a recent install Bert?

  4. Barry AdamsBy Barry Adams on 4 January, 2011

    I like your approach Joost, it’s very comprehensive and encourages real comments from real people. Adds a level of interaction with the commenter as well which I really like.

    I don’t get a lot of comments on my blog (I’m not nearly as popular as you :)) but on the Belfast Telegraph site we went from an anonymous comment system to comments powered by Disqus, which include a comment rating system. This seems to have the desired effect of making comments user-moderated to an extent, and the efforts of setting up a Disqus account tend to work well to prevent comment spamming.

    • Joost de ValkBy Joost de Valk on 4 January, 2011

      Yeah that has its benefits, but Disqus is terribly slow at times and leads to sites being down sometimes, which isn’t worth it in my opinion…

      Also, ratings wouldn’t work as well here I think, as I’d like to rate stuff and not have other people rate comments for me :)

  5. quicotoBy quicoto on 4 January, 2011

    Great! I’m thinking about installing your Comment Redirect plugin.

    On my blogs I don’t actually have many problems with spam. But I basically follow the rules you just posted (keywords, signatures..)

    Regards

  6. RarstBy Rarst on 4 January, 2011

    Why care about real email? For some people it doesn’t make sense to leave their email address anywhere they go and it isn’t faulty logic really.

    I moderate first comments and if you have previously approved comment(s) then you skip moderation. Had to bark once or twice at some aggressive commenters, other than that works just fine.

    Same on real names. What is real name? You can change it to whatever you want even in real world. Online merely makes it more convenient to handle your identity how you find comfortable.

    PS many thanks for not going external comment systems way. They are terrible to the point I first stopped commenting with them and recently even blacklisted some of their scripts so they don’t even load.

    • Joost de ValkBy Joost de Valk on 4 January, 2011

      Hey Rarst, I don’t agree on the email address stance. If you want to leave a comment on my property, I want to have a valid way of contacting you. If one does not want to leave that, well, then he/she just shouldn’t comment :)

    • ap in tallinnBy ap in tallinn on 4 January, 2011

      I’d also like to see the reasoning, how does the real e-mail help to get better quality?
      btw, I use a special e-mail address (trash@…) for websites I don’t trust, all mails to this address are trashed in Gmail. But I can find them in trash folder and click a link if required…

  7. Peter WilsonBy Peter Wilson on 4 January, 2011

    For a site with an established audience, such as this, I think verifying the email address is a valid process. The audience will happily confirm their details. For a site in the process of building an audience & the discussion that follows, the extra step could lead to legitimate commenters deciding it’s all too hard and giving up.

    I’m not sure of the benefit of forcing commenters to use an actual name rather than a handle. If the commenter is better known by their handle then it is a better identifier than their real name.

    • Joost de ValkBy Joost de Valk on 4 January, 2011

      Good point on the “handle”. I might have to revise that a bit.

      • Peter WilsonBy Peter Wilson on 5 January, 2011

        I’d consider making it something like:

        Your real name or a widely used handle is required. Comments using keywords as an attempt to game SEO will lead to the comment being deleted.

  8. DianeBy Diane on 4 January, 2011

    How do you work out what a fake name is? Does it have to match the email address? I use my full name Diane for the name but only di@ in my email. Do you need the surname too?
    I moderate on a forum and we get tons of spam from people building links and they use silly names with a number in – but they’re getting harder to spot as the posts will often be a bit fluffy and wasteful, much like some of the regular posters who I know aren’t spammers!

    • Joost de ValkBy Joost de Valk on 4 January, 2011

      Yeah that’s a bit harder to do then you’d think, so I just delete when some name is obviously not right. Combined with comment above I might have to revise that part of my thinking a bit ;)

  9. Dave from The Longest Way HomeBy Dave from The Longest Way Home on 4 January, 2011

    I’ve just had two weeks of spam hell (worst was 1900 in a day). I once used tantan noodles to offer captcha only to those who fail it’s spam test. But, I think W3 total cache nulls it out. I will check out Mollom though.

    As I am often away from my site and not online 24/7 I hold first time comments for moderation. After that people are free to come and go.

    I will delete anything with a promotional link (which is nofollow’d anyway) I also remove the underline in comments, which seems to make people stop as well.

    Regarding names. It doesn’t bother me so long as it’s not a keyword name or name of a company selling something etc.

    I like the idea of a commenter clicking on a link in an email. But wonder slightly if they would do so immediately. Do you still approve the comment even if they do not click the email to confirm?

    • Ron MahonBy Ron Mahon on 4 January, 2011

      I used Mollom on my Drupal sites for years and it was very good. Gave you a nice graft of it’s activities etc.

      Haven’t tried in WP but I build a new site and I am using Intense Debate Plug in which eliminates a few plugins.

      I fact that with Yost SEO Plugin has reduced the plugin by probably 40 to 50%

      Too Soon to know about Intense but I love wp-seo

      Regards
      Ron

      • Dave from The Longest Way HomeBy Dave from The Longest Way Home on 5 January, 2011

        Sadly same issue on WP site re Mollom. When W3T is running it makes the mollom pop up fail :( Some day hopefully

  10. Chris CreeBy Chris Cree on 4 January, 2011

    I ended up on some of those early dofollow lists too. Because folks tend to just copy/paste & republish those lists I keep cropping up on new ones even though I went back to nofollow in my comments years ago because of all the spam.

    I added a comment policy and linked to it prominently right before the comment submission form. Unfortunately it didn’t cut down on the spam much. But at least I didn’t feel guilty about marking comments as spam after that.

    A few months back I installed the Growmap Anti Spambot Plugin that adds a javascript check box that has to be marked for a comment to be accepted. Bots don’t see the check box so they can’t comment. And folks have to at least claim they aren’t spammers by checking the box.

    It’s not an ideal solution by any means. But it has cut spam down from hundreds a day to a handful.

  11. OzhBy Ozh on 4 January, 2011

    Way to go. My own comment policy on my blog has always been the very same you’re now enforcing (real name, no SEO keyword, no forum sig), except that I don’t delete, I mark as Spam, hoping that Akismet will globally stfu the clueless commenter :P

  12. AlexisBy Alexis on 4 January, 2011

    Your ideas are great. I really think that’s innovation.
    Thanks!

  13. ReneBy Rene on 4 January, 2011

    Useful idea.. but with a high traffic blog like yours “fake” comments with bogus email accounts must add up in the WP admin cluttering up your database every day, or is it cleaned up automatically after X days ?

    Offtopic, what kind of plugin/code do you use for related posts ? tia !

    • Joost de ValkBy Joost de Valk on 4 January, 2011

      I clean out comments at least once a day, otherwise they would add up indeed.

      The related posts stuff is done in my theme, not through a plugin.

  14. JPBy JP on 4 January, 2011

    Looks like a great plugin, but what happens when a person uses a valid email address but otherwise violates your TOS? The plugin will allow them to validate their comment and get it approved automatically before you get a chance to review it.

    For those of us who don’t get many comments, moderating every comment (from new commenters) is the way to go.

    • Joost de ValkBy Joost de Valk on 4 January, 2011

      No the other validations will also still take place, but there’s not many other restrictions. Akismet, for instance, will still do its work though.

  15. Adam W. WarnerBy Adam W. Warner on 4 January, 2011

    Just activated Comment Redirect and love the simplicity. Great “customer service” option for my readers.

    I do have a small suggestion on the placement of this plugin’s settings though. It’s under the Plugins menu, why? Wouldn’t it make sense to put a comments plugin’s settings under the “Comments” menu?

    Maybe it’s not possible?

    Just wondering what the reasoning is behind it’s placement.

    • Paul CampbellBy Paul Campbell on 8 January, 2011

      Hi Adam – do you use a current version of WP?

      I activated it using Joost’s link and it just won’t work for me. It was only when I checked the plugin page in wordpress.org that I spotted it only works for older WP versions…

      ===
      Compatible up to: 2.5
      Last Updated: 2008-7-6
      ===

      Maybe there is a download link for an updated version that works in WP3+ ?

      Can you point me in the right direction?

      cheers.

      Paul

    • Paul CampbellBy Paul Campbell on 8 January, 2011

      Can anyone confirm if the “Content Redirect” plugin works with the current version of WP? The plugin page in wordpress.org says:

      ===
      Compatible up to: 2.5
      Last Updated: 2008-7-6
      ===

      Many thanks,

      Paul

  16. John GarrettBy John Garrett on 4 January, 2011

    What happens with me is that my autofill sometimes fills in the wrong email address (happened to me on your site yesterday :))

    Then I don’t want to use that one so I might try to resend the comment with the correct email. This will no doubt get me blacklisted at some point (need to pay more attention!)

    I don’t have so much trouble with spam or even annoying comments (yet), but I can see based on the comments here that the bigger you get the more valuable time is taken up dealing with this. It looks like an opportunity for a savvy developer to step in and combine the features of the various plugins that are mentioned here.

    Man I wish I was a savvy developer…

  17. TrafficColemanBy TrafficColeman on 4 January, 2011

    Joost..I’m an one shot guy when it comes to people leaving stupid comments just to get some exposure..My things that I just banned their IP address and not even given them an second chance…loyal readers will leave good comments and spammmers will continue to be spammy people…but just on my site.

    • Peter WilsonBy Peter Wilson on 5 January, 2011

      I’d be careful with blocking IP addresses permanently. Most people will use a dynamic IP address so the blocking will only be effective in the short term.

      If a legitimate commenter and a SEO gaming commenter both use the same ISP, then you could end up blocking a legit commenter in the long term.

  18. KristofBy Kristof on 4 January, 2011

    I like this idea but curious if you’ve seen a decrease in the number of legitimate comments since you’ve implemented the plugin & comment policy?

  19. archshrkBy archshrk on 4 January, 2011

    I use Simple Trackback Validation which really helped a lot but that was before making comments nofollow so it may not be necessary anymore. I don’t get enough comments to warrant such a strict comment policy and like others have said it may discourage comments for smaller sites.

    I don’t mind the anonymous commenting much since I know most of them are from 9th graders who are playing games instead of paying attention in class. What bothers me is when they use a bogus email AND subscribe to comments.

  20. SwamykantBy Swamykant on 4 January, 2011

    This is an excellent idea. As my blog’s traffic is growing day by day, I find hundreds of spam comments. In those comments there are some genuine comments too.

    Thanks for sharing me the links of the two interesting plugins.

  21. MichaelBy Michael on 4 January, 2011

    What I’ve been using on client sites has been replacing the standard WordPress comment system with facebook comments. So far working well. Only gripe is it takes it about 1-2 seconds for the comment system to load, but doesn’t seem to slow the rest of the page down.

    Anyone else have thoughts/experiences about using Facebook to power your comments?

  22. MikeBy Mike on 4 January, 2011

    I added bit defender, that helped. I still get some. But, I’m afraid some of the others that get through might be a legit comment, and I could be deleting one of the few real comments I get. Are they getting that good at generating spam? Any advice you might have on how to really tell the difference would be appreciated. I get maybe 20 a day that get through the bit defender. I’ve checked some, and e-mails are fake, website in the link doesn’t exist. I go in every day or so and clean out the spammy ones, but I would rather leave a “relevant” spam, than delete a legit comment. Any hate speech, or annoying, antagonizing comment just gets deleted without question.

  23. Gert OomsBy Gert Ooms on 4 January, 2011

    Another great post, with some useable information,
    currently I had set my blog to ‘always moderate comments’ but this
    wil help a lot and users can in fact self moderate their comments.
    I’d never thaught of using a comment redirect plugin, but you
    convinced me again …

  24. Emile GiethoornBy Emile Giethoorn on 4 January, 2011

    Why not use the WP-SpamFree Plugin? It seems to work fine for my site.

  25. NiekBy Niek on 4 January, 2011

    Amazing one Joost, I was thinking about this for some time and this one just fixed it :)

  26. Joost de ValkBy Joost de Valk on 4 January, 2011

    Need to test something…

    • Adam W. WarnerBy Adam W. Warner on 4 January, 2011

      I just received a notification of your comment twice…if that helps in your testing;)

    • KristofBy Kristof on 4 January, 2011

      Hi Joost – I subscribed to comments but the only email notification I’ve received is your “test” (two times). Is that what you’re testing?

      • Joost de ValkBy Joost de Valk on 4 January, 2011

        Hi, no sorry, just added a feature to immediately subscribe to my newsletter by checking that box when commenting ;) those tests are stopping now :D

        • KristofBy Kristof on 4 January, 2011

          I saw that – it’s a nice option. Is it a plugin and can it be integrated into aWeber or is it through feedburner?

          • Joost de ValkBy Joost de Valk on 4 January, 2011

            It’s custom code I wrote just now that uses the Mailchimp API. You should’ve received a welcome email ;)

  27. KristofBy Kristof on 4 January, 2011

    Just got it. Do I hear a plugin coming?

    • Joost de ValkBy Joost de Valk on 4 January, 2011

      I doubt it. It’s pretty tough to set up.

      • MichaelBy Michael on 5 January, 2011

        I’d be interested.

  28. RyanBy Ryan on 5 January, 2011

    I like this idea as a way of curbing serious spam problems, but for the vast majority I think this is a bad idea. Requiring an email address is placing an extra stumbling block in the way of commenting and is slightly irritating.

    • KristofBy Kristof on 5 January, 2011

      Majority of sites require an email address to comment so not sure how requiring a legitimate one would be a stumbling block.

      • Fernando VelosoBy Fernando Veloso on 5 January, 2011

        Agree. Definitely this is a major pain for “some” of our visitors BUT a very appreciated effort by some others.

      • RyanBy Ryan on 11 January, 2011

        The majority of sites require an email address to be entered, that doesn’t mean it needs to be legit and it doesn’t mean someone needs to go check their email to verify their comment. It’s the verification part which is the stumbling block.

        I’m always a fan of reducing the barrier to participation as much as possible. Even my forum allows guest posting (with post moderation) to ensure that as many people as possible participate.

  29. carsonBy carson on 5 January, 2011

    Thanks for these tips, I was looking for this sort of thing for a client of mine.

  30. Fernando VelosoBy Fernando Veloso on 5 January, 2011

    Definitely this can be a pain to *some* visitors BUT for vast majority of people, this is an extra 10 seconds to write name,email, and comment.

  31. ElliottBy Elliott on 6 January, 2011

    Thanks, I just implemented it.

  32. ChrisBy Chris on 16 January, 2011

    Thanks Yoast, after using the SEO plugin on our site Rock Salt I’m going to use this one as well. Thank you so much for your contributions to the wordpressphere.

Trackbacks