WP-SpamFree is AWESOME!!

Heh. Moderating on these forums basically just involves deleting missed spam and occasionally editing a long post. It’s not a task that really requires a whole lot of effort. ??

And my point about captcha and legal issues was that there exist other web browsers than Firefox and IE and Safari and Opera. Browser made for disabled users often do not process javascript. And so your idea is fine, if you want to ignore blind users entirely.

What I’m getting at is that your idea here has been tried before and rejected for a lot of reasons, and though it works for your particular cases, those reasons are still valid.

Also, my opinion is not biased, I have actual valid reasons for not liking it. Here’s my main problems with the concept:

1. It’s not actually blocking “spam”. It’s actually blocking input from clients that do not process javascript code. Now, that happens to catch spambots, sure, but that’s not guaranteed to be the case for the immediate future, and it’s also not what the plugin claims to actually do in the very name of the plugin. A plugin that blocks spam should actually be attempting to target spam, not just targeting any client that has doesn’t do javascript. There’s been lots and lots of man-years put into spam recognition techniques, because the goal is to sort out what is spam and what is not. That’s what Akismet attempts to do.

2. It’s relying on the client to tell you whether to block something or not. Obviously, this is easily bypassed because you cannot trust the client. Now, Spam Karma uses (or can use, I’m uncertain here) a similar technique where it sends the client some random piece of information and checks for that information on the return trip. But Spam Karma does not block entirely based on that, it just uses it as one possible factor.

3. WP-SpamFree blocks entirely. It doesn’t take into account the fact that it might be wrong. Other spam plugins set the approval code to “spam” in order to shove it into the spam section. Now, granted, I understand that this is desired behavior in your case, but I see it as a rather poor way to behave. Spam recognition is not 100%, with this or any other technique. Also, by using the wp_die and returning that rather ugly page, you give a rather poor user experience when somebody is unfairly blocked. I use NoScript on my browsers, the first time I comment on your site, I get that ugly screen telling me to turn on javascript. Instead, I close the tab and don’t bother leaving my comment, just like I do when I get blocked due to a captcha or some other inane thing. You can say that this is an insignificant percent of your users, but that doesn’t help those people who get bit by it. That doesn’t make my comment get onto your site. Anything that limits your users or discourages real commenting by real people should be frowned upon, IMO.

There’s some other reasons as well. I dislike the use of a cookie when adding a input to the form would be simpler and would not leave any tracks behind, for example. But the main reason is the concept itself. The basic concept is to have the browser verify that it’s not a bot by doing something bots don’t usually do. Regardless of the fact that bots can later be upgraded to do that thing, the whole idea is flawed from the beginning because you should be trying to detect “spam”, not determine what kind of thing is sending you this potentially valid comment.

Look, if users find that it works for their use cases, then they’re free to agree with you and use it. I still would recommend against it, but hey, that’s just my opinion.

A plugin that blocks spam should actually be attempting to target spam, not just targeting any client that has doesn’t do javascript. There’s been lots and lots of man-years put into spam recognition techniques, because the goal is to sort out what is spam and what is not. That’s what Akismet attempts to do.

With the exception of a very early release of wp-spamfree, I’ve had zero real comments blocked on my site as a result of wp-spamfree, but automated comment spam has virtually disappeared.

I agree with the original author of this thread, WP-SpamFree is AWESOME!!

Also, Akismet has blocked many legitimate comments in the past. I do use Akismet in conjunction with wp-spamfree, but I simply do not have the time to go through hundreds of spam comments in Akismet without wp-spamfree. If a legit comment from a human gets flagged by Akismet now, it’s pretty much the only comment there for me to read, since I do not get targeted by human comment spammers very often.

WP-SpamFree blocks entirely. It doesn’t take into account the fact that it might be wrong.

Isn’t there a way around that for a future release? Perhaps by modifying the blocked page with a way to prove you’re human. Just a thought… it seems like your criticism–especially since the core of it is that this might not work so well for a long time even though it works great right now–is a thing for the developer to keep in mind for future releases to make this absolutely amazing plug-in better rather than a reason to not use it on your blog.

I think even the ADA criticism could possibly be handled with this plug-in by tweaks rather than abandoning the concept.

And, by the way, I read your earlier comment about Bad Behavior. I had two blogs which were taken down because of that incident. A spam tool which can take down your entire blog is FAR more dangerous than anything you’ve listed here. Besides losing a modest amount of AdSense revenue, the downtime is freakin’ embarrassing!

And as someone engaged in the SEO industry, I was pissed to read what programmers wrote (correctly, I might add) in the posts WebGeek mentioned and elsewhere about Bad Behavior not properly validating search engine spiders properly. Blogs are a key tool for many SEO strategies. Using Bad Behavior would be irresponsible for anyone in charge of gaining traffic for a company through search engines.

wp-spamfree works, is being actively developed, and won’t take down your entire site even if it does block an extremely small number of users. Though I don’t have stats to back it up, my experience would lead me to believe Akismet would block more real users by sending real comments to its spam area which is too intense for most of us to give a regular thorough checking than wp-spamfree would deny real human comments.

I installed the plugin on my site a week ago and the spam comments are gone. I use it in combination with Akismet and there’s no more need to even moderate comments. Although I don’t know if it’s taking out any real comments – but I can’t give any statistics on this since there are almost no commenter on my site.

Anyway, I love this plugin – great job!