A poor urchin goes up to the headmaster, “Please sir, can I have more comments?”
The headmaster looks down from his perch and with a grimace says, “Not before you show me your cookie!”
Well, the poor lad never did get any more comments. He didn’t have the right cookie, but you can. Just grab my Cookies For Comments plugin and anyone who leaves a comment on your blog will need the correct cookie. That will stop quite a bit of comment spam dead in it’s tracks.
It’s the first release and fairly simplistic, but it should give some comment spammers a headache for at least 10 minutes. It’s about time they upgraded their spamming tools anyway. According to my log file, it had stopped over 18,600 spam comments in the last week or so. The rest got handed to Akismet and it stopped several thousand more. They’ve been busy haven’t they?
So, should you use this instead of Akismet? Not a chance. This will only stop the brain dead comment spammers who use automated bots to post to the comment form. Trackback and pingback spam and spammers who either use poorly paid human slaves or browser based user agents will defeat this.
If you use a caching plugin such as WP Super Cache make sure you clear the cache after enabling this plugin. Also, I’m not sure what will happen with those plugins that merge CSS files together.
Thanks Dan for the idea!
15 thoughts on “Please sir, can I have more?”
I only get about 20 spam comments per day in my blog since it’s not an English blog which all get caught by Akismet, but I recently noticed I am getting some strange visitors trying to spam my blog. I hope this will stop them. Thanks for your work.
A WordPress plugin inspired by Oliver Twist? Magnificent.
I presume that this is a cookie which will survive McAfee cleaning, or IE cleaning and not be automatically selected for destruction when Clear All Cookies is clicked?
Cookies have a limited life span; limited by the willingness of those who clean their computer files regularly.
Pi – the cookie is set on every page load if it’s not already set so there’s no need to worry about any of those scenarios.
Are these session cookies, or more permanent sorts? I notice I’ve got six cookies from your site – a couple are session cookies, but one expires in two years, and one in 2038. Google took some flak a couple years ago for having eternal cookies, and it seems to be that the “best practices” – especially for something (I presume is) open-source.
I’m not really too bothered by it, but the more (vocal|paranoid) privacy-advocates might get their tinfoil knickers in a twist. 🙂
A couple of questions:
– What happens if you use a browser that does not support style sheets? For example a cell phone browser? Does that mean they cannot leave comments?
– What happens to legitimate trackbacks and pingbacks? I assume they don’t take cookies, so will they still come through?
Nemo – this is just a session cookie, the really long lived cookie is probably the comment_author one is it?
John – that’s probably very true. This will break on clients that don’t support CSS. Perhaps loading a small image would be better but then they may have images turned off or runing through a proxy server that compresses them that might strip the cookie.
Trackbacks and Pingbacks are not affected. That’s one reason you can’t do without Akismet!
The comment_author ones are good for a year; the 2038 one is “__qca”, if that means anything to you. (It doesn’t, to me.) “__utma” expires in 2010…
i’m glad someone is getting some bit of use out of it 🙂 it hasn’t stopped all that many for me but not many bots have tried. a few manual spammers get through because this is the only anti-spam i’m using for now
Cool plugin, but the start will be to rename the wp-comment.php to another randomised name so it won’t work for the bots.
I’m using this on my blog and I must say there are less spam comments as there were before, but there is still some annoying spammer that can leave comments.
Is there a way to blacklist an IP (I know it’s not possible with this plugin) since he always comes from the same IP?
Sorry for double posts. I already solved the problem with WP-ban plugin.
@Nemo: those cookies whose name starts with two underscores come from Google Analytics. Harmless.
The most of my spam is blocked by akismet and for me that’s the best and usefull plugin you could have on a blog!