Skip to content

striking out the wordpress comment spambot lineup

for a long time now I’ve run recaptcha which works well and is easy to implement (it’s a wordpress plugin.) but it’s a bit annoying and tends to discourage commentation on smaller blogs such as mine in the long run. so after chatting with mr. justinsomnia and reading his post on how simply he blocks the spam I thought yeah, duh!

the technique is utterly straight-forward: disable spambots by utilizing javascript to check for “humanity.” since spambots are very simple creatures, with small instruction sets, they do not parse or process the browser language of javascript. the procedure is as such: on page load append a teensy hidden input to the comment form and then check for it on submission.

tis the baseball season, so a metaphore about how simple this defense is is fitting: naraku’s wordpress now throws a curveball when spambots always expect a fastball. yeeer out! thanks justin!

One Trackback/Pingback

  1. […] users per day. I imagine they are trying to post comments post-login but I have that function cleverly spam-trapped. anyway, since *real* users don’t need an account to post comments I’ve disabled user […]

Post a Comment

You must be logged in to post a comment.