Everyone loves a good comment. Readers benefit from the shared information and authors appreciate the conversation and feedback. But you gotta keep the spam out. Akismet and other anti-spam plugins do an excellent job of automating the process, but it’s a good idea to watch out for false positives: legitimate comments marked as spam. Rescuing ham comments from the spam pile promotes healthy comment threads and improves the quality and reputation of your site. In this DiW post, we explain how WordPress & Akismet deal with spam, discuss anti-spam strategy, and share some ham-saving tips and tricks.

During the recent book update, we needed to make some room for the new WordPress-3.1 content. The book is already over 400 pages and growing. So we have to make some hard decisions about which content is useful but maybe not needed in the book.

And, as useful as long lists of anti-spam plugins might be, moving them from the book to the blog seems like a good way to free up some room while keeping the information available. So without further ado, here is a quick list of 15 anti-spam plugins to help you run a more user-friendly, hassle-free comment system on your WordPress-powered site.

I usually reserve most of my blacklisting content for Perishable Press, but after posting about using WordPress’ built-in tools to stop comment spam, several DiW readers have asked about a good custom blacklist that may be used for the “Comment Moderation” and/or “Comment Blacklist” features in the WordPress “Discussion Settings” screen. Over the years, I have built up an extensive custom blacklist of terms that has proven quite effective at keeping spam and other garbage out of the comments section, even without using any anti-spam plugins such as Akismet. It’s strictly plug-n-play, and should help protect your site (and reputation) against all sorts of malicious nonsense.

Update: Media Temple is saying¹ that:

• They aren’t 100% sure of the cause, but yes, the hack is their fault.
• About 10% of all (gs) users were affected.
• It’s not WordPress specific, it’s PHP specific.
• Definitely change your passwords, definitely don’t change it back to the original password.

I think one of the biggest WordPress myths is that you need a bunch of plugins to control comment spam. Pretty much all of the posts out there on preventing WordPress comment spam are telling you to install some list of “must-have” anti-spam plugins. Some authors insist that you need only a few “choice” plugins, while others advise you to load up on everything you can get your hands on. Such advice is all well-intentioned, I’m sure, but it’s all based on the assumption that plugins are actually necessary to control comment spam. They’re not. WordPress is well-equipped to handle the job all by itself. Plugins may provide additional anti-spam functionality, but they are by no means essential to running a spam-free site.

Just recently my other blog CSS-Tricks was hacked. I first found out by a very helpful reader emailing me a screenshot from the mobile version of my site.