After sometime thinking about spambots I decided to do some manual changes to my WordPress blog. I use Akismet and Simple Trackback Validation plugins, which both help me identify spam, but I was bored having my queue filled with spam, which later had to delete them.

I ‘ve also tried many plugins that where using either javascript or captcha images to identify spambots. Some of them also use extra verification by asking simple questions to a visitor. This is good but most of them are overkill for me. All I needed was a simple human verification without images or javascript, which none of them had. So I was always thinking how to add an extra layer of spam filtering, preventing the spambots before their comment gets “inside“. That way I could save some bandwidth and maybe speed my blog a bit.

Recently I found an interesting article written from Patrick, which focused in the simplest way of stopping spambots: Fighting Spam with CSS. But how a Spambot act? A bot is only a script that it just fills fields automatically. And fills them without thinking ofcourse. So the easiest way to identify it is to make it fill a field, which doesn’t have to be filled like a hidden field, as Patrick wrote.

Well, I like this technique, it’s simple and efficient but I wanted something different. A hidden field is always a field but a bot can be programmed to leave intact the hidden fields of a form. On the other hand I wanted a way that a user wouldn’t have to calculate or type but just “click“. So instead of a hidden field I chose to have a visible radio button field with a simple question like “Are you a spammer?“.

There ’s no field to be filled but only a choise to be made. Now, a bot cannot choose so it leaves the default answer, which –ofcourse- is YES (irony?). That way you have just to put only one extra condition after form post, which is that if there’s something else than NO as an answer, then it’s a bot and WordPress “dies” with a typical message. So spambot’s comment doesn’t get anywhere, I gain some bandwidth and I have an –almost- empty Akismet queue. It’s a simple and effective solution without any plugin required, aiming to spambots and it DOES work.

code for theme folder @ comments.php

But it has a weak point. You have to put the condition in wp-comments-post.php file and you should remember it in the next version upgrade of your WordPress. If you forget it and overwrite it with the new WP then the spambots will be back again in Akismet queue. No big deal as you ‘ll change it again. There’s also a solution even for this, to write a piece of code or even make a new wp-comments-post.php file inside your theme’s folder and call that one in your comment form, but I need some time to think the pros and cons.

code for root @ wp-comments-post.php

In the meantime, try to make a comment here but don’t forget to answer the question: “Are you a SPAMMER?“