Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
The range of functions of the Antispam plugin for WordPress is manageable and is mainly focused on the defense of spam entries via comments and pings. Most functions of the application can be controlled via the panel with settings to determine the desired result of the protection. Each individual option of the tool is presented below. Since version 2.4.5, the option page consists of three main columns with choices. The columns are flexible and lined up side by side depending on the width of the window. In the following, the individual columns are presented as separate areas with plugin settings.
Table of Contents:
The order of the listed filters corresponds exactly to the test order in the plugin core. The rank order was not determined randomly, the focus is to reduce the load on your own database.
Trust approved commenters
Authors with previously released comments will always be trusted with the choice of this option. Comments from these users are not checked or questioned at any time. E-mail address serves as an identifier.
Implementation: Antispam Bee 1.4
Trust commenters with a Gravatar
Antispam Bee checks for the existence of a valid gravatar. Commentators with a Gravatar are familiar, further Antispam examinations of the comment will not be done.
Data protection: The Gravatar can be determined by an MD-5-Hash of the email address of the commenter. Other data of the commentator like the IP address are not part of the transmission. This setting is optional and not part of the default settings.
Implementation: Antispam Bee 2.6.5
Consider the comment time
Consideration of comment time. Details on Google+ (only in german).
Implementation: Antispam Bee 2.6.4
BBCode is spam
Many spam comments are purely forum spam, which is massively sent to WordPress blogs. Whether this is a misbehavior of the programmers remains unclear.
The fact is: Comments with BBCode in the content are clearly spam. Unless WordPress plugins were installed in the blog to allow commentators to use bulletin board code. If this is the case, the setting must not be switched on.
When activated, Antispam Bee checks incoming comments for the existence of BBCode links.
Implementation: Antispam Bee 2.5.1
Validate the ip address of commenters
As an additional detection method, Antispam Bee checks available network information from the sender (e.g. hostname) and evaluates it anonymously and profitably. The analysis takes place directly in the blog without external services.
Implementation: Antispam Bee 1.4
Use regular expressions
There are spam comments that correspond to a specific pattern. Antispam Bee uses this to filter unwanted comments. For this purpose, predefined and/or plug-in-defined regular expressions are used for attributes of a WordPress comment (comment text, e-mail address, link and IP). The search is intended to recognize clear contexts and classify spam.
Experienced users can create their own filters, which Antispam Bee can use for spam detection. For this purpose, an interface has been created which accepts and processes further RegExp rules. An example on the Hooks Wiki page shows the methodology of the filter extension.
Looks simple, but the option is very powerful and diverse: custom antispam rules that are adapted to the current type of spam can be determined at any time. Conclusion: Faster response with less spam.
Restriction: For comments only
Implementation: Antispam Bee 2.5.2
Look in the local spam database
Antispam Bee compares the URL, IP and email addresses of posted comments with locally available values of spam-marked comments - which are in the blog database. In plaintext: If the blog already contains a spam entry with an identical IP, URL or e-mail address, this attempt to comment is classified as a pest and treated accordingly (marked or deleted) depending on the settings.
The option "Mark as spam, do not delete" should be activated for the increasing effectiveness of the option through a rich set of data of local spam. A larger amount of data automatically means a higher hit rate for incoming spam attempts within a WordPress blog.
Implementation: Antispam Bee 2.0
Block comments from specific countries
Antispam Bee is able to identify the country of origin of a comment by the IP address used. Based on this characteristic, remote comments and trackbacks from fixed countries can be prevented (e.g. from Asia) or explicitly released (e.g. only European countries).
The country filter is located just before the end of the long test routine, so it is treated with a low priority. If, therefore, a comment were to persists all protective measures, then at the end, this filter decides whether the element should pass as a valid comment or not. The function is a further, manually adjustable test method of the Antispam plugin.
When the option is activated, two additional fields appear, which are the basis for the filter: Blacklist & Whitelist. Either or: Only one of the lists can be filled, a combination of both data sets is not possible. If the plugin option "not check trackbacks / pingbacks" is active in the MORE column, then trackbacks are excluded from the country check.
In the blacklist, double-digit country codes are to be specified in ISO format separated by a comma. Comments from these countries are blocked by the plugin, other countries are released. Example: CN, US - prevents all comments from China and the USA, the rest of the world has free (commentary) entry.
The Whitelist maintains country codes that have an exclusive permission to comment. Only Readers from these countries may leave comments and pings. Entries from the rest of the region are automatically classified as spam and treated. Example: DE, AT, CH as a value allowes Germany, Austria and Switzerland as commentator the only countries. The rest dies.
Data protection: To determine the geographical position of the user, Antispam Bee sends an anonymised (this means shortend) IP-Address to the online service IP2Country. Other data of the commentator is not send. This settings is optional and not part of the default settings.
Implementation: Antispam Bee 1.7
Allow comments only in certain language
Most spam attracts attention from its "unsuitable" language: English comments written in a German-language blog are usually unwanted advertising messages - depending on the target group of the blog there are certainly exceptions. This criterion uses Antispam Bee for spam detection and combat.
After activating this option and choosing the desired language, the WordPress plugin ensures that comments are allowed only in selected language. Comments in other language variations are permanently classified as spam.
Data protection: To detect the language, Antispam Bee is using franc. It sends the comment to the service via HTTPS. Other data about the commentator (like IP or email address) are not send. This setting is optional and not part of the default setting.
Restriction: Only for comments
Implementation: Antispam Bee 2.0
Mark as spam, do not delete
If this option is active, it marks any suspicious comment and trackback as spam. In the inactive state, Antispam Bee deletes any spam attempt without saving it in WordPress. When activated, additional fine adjustments are available to each plugin user, which are explained in the following.
Implementation: Antispam Bee 0.2
Notification by email
The blog administrator can be informed about incoming spam comments via e-mail. The e-mail contains comment-relevant data and further links. Since Antispam Bee 2.5.7, the filter
antispam_bee_notification_subject can be used to define a custom subject for notifications. Since Antispam Bee 2.8 the filter
antispam_bee_notification_recipients can be used to change, who receives this email.
Implementation: Antispam Bee 1.2
Not save the spam reason
By default, Antispam Bee saves the suspicion in comment metadata. Antispam Bee lists the calculated values in the separate tab column within the overview with spam comments. If this option is enabled, it prevents the suspicious reason from being stored and does not display the column in the spam overview.
Implementation: Antispam Bee 2.6.0
Delete existing spam after X days
Spam entrys, which are older than X days, are automatically removed from the spam overview by the plugin. This keeps the size of the database as small as necessary. If the "Look in the local spam database" option is active, it is again advantageous to have a larger amount of spam already detected.
Implementation: Antispam Bee 0.7
Limit approval to …
The active option paired with the selection box creates an exception for the selected type. Example: Limit approval to trackbacks deletes immediately suspicious comments, but dubious trackbacks are marked as spam and never deleted. In this example, comment-spam is always removed, suspicious trackbacks can be checked by the admin.
Implementation: Antispam Bee 0.9
Delete comments by spam reasons
The plugin created artificially comment form and which is filled by most spam bots recognizes nearly 99 percent of the total spam volume in WordPress blogs. The False Positive rate, on the other hand, equals zero. Why then keep such spam and be notified via e-mail? Does not have to be mandatory.
Antispam Bee 2.4 brings an internal filter, which immediately deletes the detected spam depending on the reason (see below). In this way, the administrator can only keep spam entries with more error-prone causes (language, country limit etc.) in the comment area of the blog. For control or learning.
For this purpose, the Antispam plugin provides a list of possible suspicious reasons to choose from. If a comment or trackback comes up with one of the reasons from this - user selected - list, the plugin removes the newcomer without hesitation. "Parasites", which are classified for reasons other than spam, are marked by Antispam Bee and Antispam Bee will sent a suitable notification depending on the setting.
Implementation: Antispam Bee 2.4
Statistics on the dashboard
As an interactive dashboard widget in the administration area: A quick overview of the daily spam traffic is provided by the graphically prepared timeline of the last 30 days.
Implementation: Antispam Bee 1.9
Antispam Bee statistics on the dashboard
Spam counter on the dashboard
This option displays an additional line with the sum of the total detected spam comments on the dashboard. The number can be displayed in the current theme. To do this include the following code in the WordPress template at the desired location.
<a href="http://antispambee.de">Antispam Bee</a> spared the blog of <?php do_action('antispam_bee_count') ?> spam comments
Implementation: Antispam Bee 1.2
Do not check trackbacks / pingbacks
By default, all incoming ping and trackbacks are analyzed by the Antispam plugin and marked in case of suspicion. Enabling this option completely turns off the automatic check of incoming blog notifications.
Implementation: Antispam Bee 0.4
Comment form used outside of posts
The typical location of a comment form is the article page (posts or pages). Antispam Bee monitors in these places the comments on unwanted advertising. If the comment form is also integrated in other areas of the blog (e.g. archive pages), then this fact should be communicated to the plugin by activating the checkbox.
Implementation: Antispam Bee 1.3
Suspicion of spam detection
Antispam Bee distinguishes between various suspicious reasons. In short: For what reason was the current comment or trackback classified as spam? These reasons are communicated by the Antispam solution to bloggers by announcing the current suspicious reason in the notification mail and the notice [marked as spam by Antispam Bee] in the comment overview of the blog. These suspicious reasons are implemented and have the following meaning:
|Identification||Meaning or function|
|Honeypot||Bot entered data into the hidden (honeypot) comment field|
|Comment time||Comment was submitted too quickly (default threshold is 5 seconds)|
|Empty Data||Comment was empty or had incomplete values|
|Fake IP||Commenter's IP address was not valid|
|Local DB Spam||Commenter's IP address or email matches one already marked as spam|
|Country check||Comment was submitted from one of the blacklisted countries|
|BBCode||Comment contains BBCode tags|
|RegExp||Comment matches one of the regular expression filters|
|Comment Language||Comment was not in the whitelisted language|
Log file for Fail2Ban
The Antispam plugin is able to log spam detected in a log file. This can be very useful to detect spam requests by Fail2Ban at the server level. For this purpose, a filter file can be used for the Fail2Ban configuration.
Simple commissioning of the function: Activate the logging for Antispam Bee in the WordPress configuration file wp-config.php by assigning the constant ANTISPAM_BEE_LOG_FILE to the server path to the logfile. The file must be writable.
Implementation: Antispam Bee 2.5.7
Tips & Tricks
The following links contain tips for using and optimizing the Antispam plugin for WordPress: [Reduce spam] (https://plus.google.com/+SergejM%C3%BCller/posts/dZmhFZTMTjh)