Stopping spam comments on WordPress with the Bad Behavior Plugin

WordPress logoHere’s another great plugin that’ll help keep your WordPress site secure, and it blocks the majority of spam comments too.

The plugin is called Bad Behavior, which is designed to stop email address scraping bots. It can also make use of an IP address blacklist maintained by Project Honey Pot which exists to identify and block email address scrapers and spammers.

It’s stopped the comment spam in its tracks on our various sites, which is excellent because dealing with all the comment spam was becoming rather tiresome. Interestingly it is also identifies break-in attempts from malicious bots trying to log in to the administration areas of our sites. This may be reducing my contribution to ID’ing break-in attempts via the equally brilliant plugin – Brute Protect . Between the two of them, they seem to be doing an excellent job. Bad Behavior blocked nearly 400 access attempts in the first day I had it installed. On a customer’s site it blocked 200 access attempts in the first hour.

One spin-off of blocking the spam traffic is that your website will speed up because it doesn’t have to handle a bunch of fictitious users and their comments.

Installing the Bad Behavior plugin

For a simple install from the dashboard select

Plugins ->Add New

How to add the Brute Protect WordPress plugin

Search Plugins for ‘Bad Behavior’ and install and activate it.

The recommended settings are shown below. These blocked 99.5% of the spam comments we’ve been getting.

Recommended setting for the Bad Behavior WordPress Plugin

Recommended setting for the Bad Behavior WordPress Plugin

To make use of the Project Honey Pot spammers blacklist, you’ll first have to create a user account on their website. When you’ve done that, go to the Bad Behavior plugin’s settings page and click on the BL Access Key link to get your accesses key. Cut and paste the key into the BL Access Key field (shown below).

Bad Behavior WordPress plugin, Project Honey Pot blacklist settings.

Bad Behavior WordPress plugin, Project Honey Pot blacklist settings.

There are a bunch of technical settings for sites using advanced hosting options like: “reverse proxy, load balancer, HTTP accelerator, content cache” if you don’t recognize the terminology then you should be able to ignore this section.

As the Bad Behavior plugin has already effectively blocked all the spam comments our sites were getting, I’ve not bothered to set up the blacklist on the sites we run. The Barefoot Businessman was attracting the same levels and type of spam as our other sites, so, I’ve set up the blacklist checking here so that I can monitor for any major differences in the results. I’ll update this post if I find anything significant.

In Conclusion

I’ve added the Brute Protect and Bad Behavior plugins to all the current WordPress sites I’m managing and I’ll be installing them on all new WordPress websites I create. I’m also encouraging all my customers without maintenance contracts to add these plugins too.

If you want to find out more about Project Honey Pot click on the image below.

Stop Spam Harvesters, Join Project Honey Pot

What do you think?