WebGeek

SEO & Web Design Blog

WP-SpamFree: A Powerful Anti-Spam Plugin for WordPress!

An extremely powerful anti-spam plugin for WordPress that virtually eliminates comment spam, including trackback and pingback spam. Finally, you can enjoy a spam-free WordPress blog! Includes spam-free contact form feature as well.

Download Plugin
Latest Version — 1.9.6.2: Download Now

Quick Navigation - Contents

1. Description
2. New Features
3. Key Features
4. Background
5. Download Plugin / Documentation
6. See What Others Have Said About WP-SpamFree
7. How It Works
8. Installation Instructions
9. Upgrading from Version 1.0
10. For Best Results
11. Displaying Spam Stats on Your Blog
12. Adding a Comment Form to Your Blog
13. Version History
14. Known Plugin Conflicts
15. Troubleshooting Guide / Support
16. Frequently Asked Questions (FAQ’s)
17. WordPress Security Note

Description
Comment spam has been a problem for bloggers since the inception of blogs, and it just doesn’t seem to go away. The worst kind, and most prolific, is automated spam that comes from bots. Well, finally there is an effective solution, without CAPTCHA’s, challenge questions, or other inconvenience to site visitors. The WP-SpamFree plugin virtually eliminates automated comment spam from bots, including trackback and pingback spam.

 

New Features

1. Now with a drop-in spam-free contact form! Simple and effective. Just add a tag <!--spamfree-contact--> to pages where you want a contact form, and you’re done. Easy to use - no configuration necessary.
2. Now can display your blocked spam stats on your blog. Simply insert the code into your theme and you can show off how much spam you’re not getting anymore.

 

Key Features

1. Virtually eliminates automated comment spam from bots. It works like a firewall to ensure that your commenters are in fact, human.
2. A counter on your dashboard to keep track of all the spam it’s blocking. The numbers will show how effective this plugin is.
3. No CAPTCHA’s, challenge questions or other inconvenience to site visitors - it works silently in the background.
4. Includes drop-in spam-free contact form. Easy to use - no configuration necessary.
5. No false positives, which leads to fewer frustrated readers, and less work for you.
6. You won’t have to waste valuable time sifting through a spam queue anymore, because there won’t be much there, if anything.
7. Powerful trackback and pingback spam protection.
8. Easy to install - truly plug and play. Just upload and activate. (Installation Status on the plugin admin page to let you know if plugin is installed correctly.)
9. The beauty of this plugin is the methods of blocking spam. It takes a different approach than most and stops spam at the door.
10. The code is has an extremely low bandwidth overhead and won’t slow down your blog (very light database access), unlike some other anti-spam plugins.
11. Completely compatible with all cache plugins, including WP Cache and WP Super Cache. Not all anti-spam plugins can say that.
12. Display your blocked spam stats on your blog.

 

Background
Before I developed this plugin, our team and clients experienced the same frustration you do with comment spam on your blog. Every blog we manage had comment moderation enabled, Akismet and various other anti-spam plugins installed, but we still had a ton of comments tagged as spam by Akismet that we had to sort through. This wasted a lot of valuable time, and we all know, time is money. We needed a solution.

Comment spam stems from an older problem - automated spamming of email contact forms on web sites. I developed a successful fix for this a while ago, and later applied it to our WordPress blogs. It was so effective, that I decided to add a few modifications and turn it into a WordPress plugin to be freely distributed. Blogs we manage used to get an excessive number of spam comments show up on the Akismet Spam page each day - now the daily average is zero spam comments.

To further the development of this plugin, I now study thousands and thousands of potential spam comments from many test blogs and contributors. I use a special diagnostic version of the plugin, which provides much more information on each of these spam comments than what is shown in WordPress. By analyzing patterns and behaviors consistent with spam, I can continually improve the plugin and ensure future accuracy.

 

 

Download Plugin / Documentation
Latest Version — 1.9.6.2: Download Now
Plugin Homepage / Documentation: WP-SpamFree
WordPress.org Page: WP-SpamFree
Leave Comments: WP-SpamFree Release Announcement Blog Post
Tech Support/Questions: WP-SpamFree Support Page
End Blog Spam: Let Others Know About WP-SpamFree!

 

See What Others Have Said About WP-SpamFree

“The WP-SpamFree plugin for WordPress seems to be much better than Akismet at blocking spam bots.”

- Michael

“Scott, this plugin is excellent. Works perfectly and no one has reported a comments missing or comment posting problems.

I used to have hundreds of spam comments in the same format and was wondering why Akismet kept letting it through. Your plugin has reduced it to 0. Incredible. Your techniques work really well.”

- Marc

“I’ve tried it out, and it works great. Try it, and even if you’re using Akismet, you’ll notice you don’t have the tons of Akismet spam to go through… if you go through it at all. Eliminate comment spam with wp-spamfree!”

- Alan

“I’ve installed your plugin last weekend and i must say, works better than Askimet. Thanks for your great work!”

- Frank

“I have this plugin installed for about 2 months and since then plugin blocks about 99.5% of spam, i had more than 200 comments per day (before installing the plugin), now i have about 100 comments per day and maybe a 1 spam message in a few days, so you see how many bots are stopped!

Fantastic plugin! A+++++”

- Admino

“I’m extremely satisfied with WP-SpamFree. Haven’t had a single spam comment since the install. Way to go :)”

- Boris H

“I was pleased to see the amount of spam caught with this after installing it — my Akismet spam queue has been reduced considerably, and I don’t have to use the reCaptcha plugin anymore. Keep up the good work!”

- Owen S

“Ok. I’m bored with my blog now thank you very much.

I used to log in daily and delete as much as 20-30 spam comments, 2 or three times a day.

Using a cocktail of Akismet, Bad Behavior and WP-Spamfree, I have not had one single instance of spam since I installed it.

Not even one for Akismet to block. NOTHING. ZERO. ZIP. ZILCH. NADA.

Thanks for a OUTSTANDING product!!!”

- Scott

“:) Thanks for a brilliant tool for blocking spam! After installing WP-SpamFree on January 13th, I’ve not seen any spam on my two WP-sites! Thanks!”

- Ken-Arild Kristiansen

“I use your WP-SpamFree plugin on the six blogs I manage/help out with, and it has drastically reduced the amount of comment spam I have to deal with. I’ve got from several thousand a week being caught by Akismet to a total of 3.

Thank you so much for releasing this plugin to the general public!”

- Lisa Hartjes

“Thank you so much for making my wwworld a better one with this awesome plugin.”

- Nanna

“Thanks so much for this tool - absolutely the best I’ve ever used (and I’ve used a LOT of them).”

- Scot Hacker

If you like WP-SpamFree, please let others know by rating it on WordPress.org!

 

How It Works
Most of the spam hitting your blog originates from bots. Few bots can process JavaScript (JS). Few bots can process cookies. Fewer still, can handle both. In a nutshell, this plugin uses a dynamic combo of JavaScript and cookies to weed out the humans from spambots, preventing 99%+ of automated spam from ever getting to your site. Almost 100% of web site visitors will have these turned on by default, so this type of solution works silently in the background, with no inconveniences. There may be a few users (less than 2%) that have JavaScript and/or cookies turned off by default, but they will be prompted to simply turn those back on to post their comment. Overall, the few might be inconvenienced because they have JS and cookies turned off will be far fewer than the 100% who would be annoyed by CAPTCHA’s, challenge questions, and other validation methods.

Some would argue that using JS and cookies is too simplistic an approach. Traditionally, programmers prefer using some type of basic AI to fight bots by trying to figure out if a comment is spam. While that isn’t a bad idea, when used alone this method falls short because no machine AI can ever accurately judge whether a comment is spam - many spam comments get through that could easily have been stopped, and there are many false positives where non-spam comments get flagged as spam. Others may argue that some spammers have programmed their bots to read JavaScript, etc. In reality, the percentage of bots with these capabilities is still extremely low - less than 1%. It’s simply a numbers game. Statistics tell us that an effective solution would involve using a technology that few bots can handle, therefore eliminating their ability to spam your site. The important thing in fighting spam is that we create a solution that can reduce spam noticeably and improve the user experience, and a 99%+ reduction in spam would definitely make a difference for most bloggers and site visitors.

Even so, it’s important to know that the particular JS and cookies solution used in WP-SpamFree has evolved quite a bit, and is no longer simple at all. There are now two layers of protection, a JavaScript/Cookies Layer, and an Algorithmic Layer. Even if bot authors could engineer a way to break through the JavaScript/Cookies Layer, the Algorithmic Layer would still stop 95% of the spam that the JavaScript Layer blocks. (I’m working to make this 100% for fully redundant protection.) This JavaScript Layer utilizes randomly generated keys, and is algorithmically enhanced to ensure that spambots won’t beat it. The powerful Algorithmic Layer is what eliminates trackback/pingback spam, and much human spam as well. And, it does all that without hindering legitimate comments and trackbacks. The bottom line, is that this plugin just plain works, and is a powerful weapon against spam.

 

Installation Instructions

1. After downloading, unzip file and upload the enclosed “wp-spamfree/” directory to your WordPress plugins folder (”wp-content/plugins/”).
    
2. As always, activate the plugin on your WordPress plugins page.
    
3. Check to make sure the plugin is installed properly. 99.9% of all support requests for this plugin originate from improper installation and can be easily prevented. To check proper installation status, go to the WP-SpamFree page in your Admin. It’s a submenu link on the Plugins page. Go the the ‘Installation Status’ area near the top and it will tell you if the plugin is installed correctly. If it tells you that the plugin is not installed correctly, please double-check what directory you have installed WP-SpamFree in, delete any WP-SpamFree files you have uploaded to your server, re-read the Installation Instructions, and start the Installation process over from step 1. If it is installed correctly, then move on to the next step.
    
4. Select desired configuration options. Due to popular request, I’ve added the option to block trackbacks and pingbacks if the user feels they are excessive. I’d recommend not doing this, but the choice is yours.
    
5. If you are using front-end anti-spam plugins (CAPTCHA’s, challenge questions, etc), be sure they are disabled since there’s no longer a need for them, and these could likely conflict. (Back-end anti-spam plugins like Akismet are fine, although unnecessary.)

You’re done! Sit back and see what it feels like to live without comment spam!

If you’re not familiar with WordPress plugin installation, you may want to read these two great articles:

• WordPress: Managing Plugins - Plugin Installation - WordPress.org
• How to Install, Configure, and Use WordPress Plugins - Lorelle on WordPress

 

Upgrading from Version 1.0
Simply undo any edits you made to your header.php and wp-comments-post.php files when installing Version 1.0. Then install the latest version!

 

For Best Results
WP-SpamFree was created specifically to stop automated comment spam (which accounts for over 99% of comment spam), and recently we have added some features that help combat human comment spam, as well as trackback/pingback spam. Unfortunately, no plugin can perfectly detect human comment spam. As other experts will tell you, the most effective strategy for blocking spam involves applying a variety of techniques. For best results, enable comment moderation, and if you desire a backup, feel free to use Akismet, as the two plugins are compatible.

 

Displaying Spam Stats on Your Blog
Want to show off your spam stats on your blog and tell others about WP-SpamFree? Simply add the following code to your WordPress theme where you’d like the stats displayed:
 
<?php if ( function_exists(spamfree_counter) ) { spamfree_counter(1); } ?>
 
where ‘1′ is the style. Replace the ‘1′ with a number from 1-6 that corresponds to one of the background styles you’d like to use. (See plugin admin page for more info.)

To add stats to individual posts, you’ll need to install the Exec-PHP plugin.

 

Adding a Comment Form to Your Blog
First create a page (not post) where you want to have your comment form. Then, insert the following tag (through the HTML editor) and you’re done: <!–spamfree-contact–>

There is no need to configure the form, it allows you to simply drop it into the page you want to install it on.

What the Contact Form feature IS: A simple drop-in contact form that won’t get spammed.
What the Contact Form feature is NOT: A configurable and full-featured plugin like some other contact form plugins out there.
Note: Please do not request new features for the contact form, as the main focus of the plugin is spam protection. Thank you.

 

Version History
For a complete list of changes to the plugin, view the Version History.

 

Known Plugin Conflicts
Plugins that are known to be incompatible with WP-SpamFree:

1. AskApache Password Protect
    
   Users have reported that using its feature to protect the /wp-content/ directory creates an .htaccess file in that directory that creates improper permissions and conflicts with WP-SpamFree (and most likely other plugins as well). You’ll need to disable this feature, or disable the AskApache Password Protect Plugin and delete any .htaccess files it has created in your /wp-content/ directory before using WP-SpamFree.
    
2. WP-OpenID
    
3. Some front-end anti-spam plugins, including CAPTCHA’s, challenge questions, etc.
    
   There’s no longer a need for them, and these could likely conflict. (Back-end anti-spam plugins like Akismet are fine, although unnecessary.)

 

Troubleshooting Guide / Support
If you’re having trouble getting things to work after installing the plugin, here are a few things to check:

1. If you haven’t yet, please upgrade to the latest version.
    
2. Check to make sure the plugin is installed properly. Many support requests for this plugin originate from improper installation and can be easily prevented. To check proper installation status, go to the WP-SpamFree page in your Admin. It’s a submenu link on the Plugins page. Go the the ‘Installation Status’ area near the top and it will tell you if the plugin is installed correctly. If it tells you that the plugin is not installed correctly, please double-check what directory you have installed WP-SpamFree in, delete any WP-SpamFree files you have uploaded to your server, re-read the Installation Instructions, and start the Installation process over from step 1.
    
3. Clear your browser’s cache, clear your cookies, and restart your browser. Then reload the page.
    
4. If you are receiving the error message: “Sorry, there was an error. Please enable JavaScript and Cookies in your browser and try again.” then you need to make sure JavaScript and cookies are enabled in your browser. (JavaScript is different from Java. Java is not required.) These are enabled by default in web browsers. The status display will let you know if these are turned on or off (as best the page can detect - occasionally the detection does not work.) If this message comes up consistently even after JavaScript and cookies are enabled, then there most likely is an installation problem, plugin conflict, or JavaScript conflict. Read on for possible solutions.
    
5. Check your WordPress Version. If you are using a release earlier than 2.3, you may want to upgrade for a whole slew of reasons, including features and security.
    
6. Check the options you have selected to make sure they are not disabling a feature you want to use.
    
7. Make sure that you are not using other front-end anti-spam plugins (CAPTCHA’s, challenge questions, etc) since there’s no longer a need for them, and these could likely conflict. (Back-end anti-spam plugins like Akismet are fine, although unnecessary.)
    
8. Visit http://www.yourblog.com/wp-content/plugins/wp-spamfree/js/wpsf-js.php (where yourblog.com is your blog url) and check two things.
    
   First, see if the file comes normally or if it comes up blank or with errors. That would indicate a problem. Submit a support request (see last troubleshooting step) and copy and past any error messages on the page into your message.
    
   Second, check for a 403 Forbidden error. That means there is a problem with your file permissions. If the files in the wp-spamfree folder don’t have standard permissions (at least 644 or higher) they won’t work. This usually only happens by manual modification, but strange things do happen. The AskApache Password Protect Plugin is known to cause this error. Users have reported that using its feature to protect the /wp-content/ directory creates an .htaccess file in that directory that creates improper permissions and conflicts with WP-SpamFree (and most likely other plugins as well). You’ll need to disable this feature, or disable the AskApache Password Protect Plugin and delete any .htaccess files it has created in your /wp-content/ directory before using WP-SpamFree.
    
9. Check for conflicts with other JavaScripts installed on your site. This usually occurs with with JavaScripts unrelated to WordPress or plugins.
    
10. Check for conflicts with other WordPress plugins installed on your blog. This isn’t common but does happen from time to time. I can’t guarantee how well-written other plugins will be. First, see the Known Plugin Conflicts list. If you’ve disabled any plugins on that list and still have a problem, then proceed.
     
    To start testing for conflicts, temporarily deactivate all other plugins except WP-SpamFree. Then check to see if WP-SpamFree works by itself. (For best results make sure you are logged out and clear your cookies. Alternatively you can use another browser for testing.) If WP-SpamFree allows you to post a comment with no errors, then you know there is a plugin conflict. The next step is to activate each plugin, one at a time, log out, and try to post a comment. Then log in, deactivate that plugin, and repeat with the next plugin. (If possible, use a second browser to make it easier. Then you don’t have to keep logging in and out with the first browser.) Be sure to clear cookies between attempts (before loading the page you want to comment on). If you do identify a plugin that conflicts, please let me know so I can work on bridging the compatibility issues.
     
11. If have checked these, and still can’t quite get it working, please submit a support request at the WP-SpamFree Support Page.

 

Frequently Asked Questions (FAQ’s)

• Q: What happens to the spam that WP-SpamFree kills, and can I see a list of blocked comments?

  A: WP-SpamFree works completely differently than other anti-spam plugins. Other typical anti-spam plugins (like Akismet) try to use some kind of basic AI to determine if a comment is spam, and it is tagged as spam or placed in a spam queue. There is no queue with this plugin.

  When developing this plugin I took a hard look at what user were complaining about with spam plugins. One thing that kept coming up was that people hate spam queues, they hate wasting time looking through them for false positives. WP-SpamFree doesn’t have a spam queue - it actually blocks the spam at the front door, keeping it out of the WordPress database. This saves users an incredible amount of time because you never having to check through a spam queue again, along with reducing the server load and improving security.

  Currently there is no log of spam comments, but I am planning on adding a logging feature in a future release that users can optionally turn on. The plan right now is that users will be able to download it as a .csv and look at in in Excel.
   

• Q: How does it work when you say there are “no false positives”? How can a spam plugin not have false positives?

  A: A false positive is when a comment is mislabeled as spam. This system doesn’t work that way, and users are given the option to re-submit if their comment is blocked - which means no false positives. WP-SpamFree stops spam at the front door, and a user would be alerted at the time of submission if their comment is blocked, and they are given the option to fix this, so there is no possibility for false positives with comment submissions.

  We do have a special debug version of the plugin on all our test sites that do log everything and send me all the data so I can make sure the plugin is working properly. Also, the trackback/pingback algorithm is finely tuned. We’re hitting about 99.9%+ accuracy so far (which is less than 1 error in 1000 trackback submissions).

 

WordPress Security Note
As with any WordPress plugin, for security reasons, you should only download plugins from the author’s site and from the official WordPress plugin directory. When other sites host a plugin that is developed by someone else, they may inject code into that could compromise the security of your blog. We cannot endorse a version of this that you may have downloaded from another site. If you have downloaded the “WP-SpamFree” plugin from another site, please download the current release from the official site (http://www.hybrid6.com/webgeek/plugins/wp-spamfree).

 

 

 Email This to a Friend

 Print This Page

Hybrid6 Studios  |  Web Design  |  SEO  |  SEM  |  Site Map  |  Disclosure

Entries RSSComments RSS