A few weeks ago, I heard about a new antispam plugin called Cookies for Comments. After a couple of months of testing, I confess that it’s the most impressive plugin for blocking spam on a WordPress blog.
I was reluctant to mention it here, for fear of alerting spammers to its existence and offering them insight into how it works and how they might circumvent it, but a few days ago it was publicized more widely, and I reasoned that stealth and obfuscation really isn’t a defense.
Cookies for Comments works by adding a stylesheet to your blog’s html source code. When a browser loads that stylesheet a cookie is dropped. If that user then leaves a comment the cookie is checked. If it doesn’t exist the comment is marked as spam. That means you have to be actually reading the blog post in your browser before you leave a comment, spam bots don’t do that…
You can even add a couple of lines to your WordPress folder’s .htaccess file that will prevent bots from even getting anywhere near your comment form and so cut down on bandwidth leeches.
You can set Cookies for Comments to drop any spambot comments right into your spam folder or else delete them immediately. It’s so powerful that, to be honest, there’s really no need to run any other antispam plugin. Indeed, I’ve gone out on a limb with Sciencebase and have opened up comments to immediate approval rather than moderation and am yet to see a false positive.