I use a bunch of ways to detect spam in my Stop-Spammer-Registrations-Plugin. This is a summary of all the ways that I’ve implemented.<\/p>\n
1) Put a \u201cRed Herring\u201d form on pages that do comments. This is a hidden form that looks identical to the standard comment form, but configured in such a way so that anyone using it will be seen as a spammer. Normal users won’t see it and will use the real form.<\/p>\n
2) Use a timer in the session. (This doesn\u2019t work when a caching plugin is used.) Whenever anyone hits your page, put the current time into a session variable. Then, when they hit the comment post function, you can check the number of seconds it took to fill out the form. If it takes a user 4 seconds or less, they can\u2019 be a human.<\/p>\n
3) Add a hidden field to comment and login forms. If it is not present after the form is submitted, then a robot sent the data.<\/p>\n
4) Check the HTTP_REFERER header. If it does not match the domain of your website than it is a bad robot trying to drop spam.<\/p>\n
5) Check the HTTP_USER_AGENT. If it is missing or found on a list of bad robots, then deny access.<\/p>\n
6) Compare the IP address of the incoming comment to a list of known spam servers, such as Ubiquity.<\/p>\n
7) Deny anyone with an email or user name longer than 64 characters. Spammers can\u2019t resist putting too much data in the email or author fields.<\/p>\n
8) Check for spammy words like \u201cviagra\u201d or \u201c4U\u201d in the email and author fields.<\/p>\n
9) Look for the HTTP_ACCEPT header. If it does not exist, then reject.<\/p>\n
10)\u00a0Check IP, email and user ID against the Stop Forum Spam database.<\/p>\n
11)\u00a0Check the IP against a bunch of DNS black lists used for email spam.<\/p>\n
12)\u00a0Check the IP against the Project Honeypot database.<\/p>\n
13)\u00a0Check the IP against the BotScout database.<\/p>\n
14)\u00a0Make sure that you have Akismet installed to catch anything the methods above miss. If not, get the WordPress API key anyway, and check against the Akismet database.<\/p>\n","protected":false},"excerpt":{"rendered":"
I use a bunch of ways to detect spam in my Stop-Spammer-Registrations-Plugin. This is a summary of all the ways that I’ve implemented. 1) Put a \u201cRed Herring\u201d form on pages that do comments. This is a hidden form that looks identical to the standard comment form, but configured in such a way so that […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts\/724"}],"collection":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/comments?post=724"}],"version-history":[{"count":0,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/posts\/724\/revisions"}],"wp:attachment":[{"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/media?parent=724"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/categories?post=724"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blogseye\/wp-json\/wp\/v2\/tags?post=724"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}