For the frequent comment posters in Raymond.CC Blog, you might have noticed an addition of random words to type in before your comment gets in. Well this blog site has been attacked by some people that has nothing else better to do in their life. Yesterday while I was writing an article, I noticed that the pending comments awaiting for moderation shows about 800+! I normally check for pending comments every few hours a day and it’s impossible for the comments to grow that much in such a short while. At first I thought those spam bots has found a new way to bypass Akismet but seeing those comments, it looked like it had been done by some script kiddie.
The WordPress spam comment attack is pretty smart because it is definitely automated and all the IP address were different. I assume the wordpress comment spamming tool uses a list of open proxy and tries to post comments in every article. Fortunately I have configured all comments to be moderated so that inappropriate comments doesn’t get posted out and create unnecessary drama.
If your WordPress site has been attacked by similar comments spamming tool, here’s what you can do to easily delete all WordPress spam comments using phpMyAdmin and implement a simple CAPTCHA system to make the spammer’s life difficult.
Since the spam comments keeps in coming in, I had to do something to stop it first. Log in to your WordPress Admin site, go to Settings > Discussion and CHECK “Users must be registered and logged in to comment“. Now the spam comments should stop since it requires an account. To be on the safe side, disable registration by going to Settings > General and UNCHECK “Anyone can register“.
When you’ve done both of the steps above, no comments will get in.
Now to clean up the spam that’s in moderation. Log in to phpMyAdmin, select the database that has WordPress installed and go to SQL tab. Type the following command below and click the Go button.
delete from wp_comments where comment_approved = '0'
As you can see at the screenshot above, phpMyAdmin took less than 0.1 seconds to clean up 886 spam comments.
There are a few WordPress plugins that can help you implement CAPTCHA in your comment form. As for me, I installed reCAPTCHA because other than preventing easy comment spamming, it also helps to digitize books, newspapers and old time radio shows. Simply download wp-reCAPTCHA, drop it in plugins folder and activate. Sign up for a free reCAPTCHA account to get public and private key. Enter both keys in your Wordrpess’ Settings > reCAPTCHA.
Finally you will need to allow your visitors to post comments. Go back to Settings > Discussion and UNCHECK “Users must be registered and logged in to comment“.
The spammer took hours to spam the comment form but it took me less than 1 second to clean up the spam and another 3 minutes to install reCAPTCHA in my comment form. Do the math and the spammer sure looks silly. reCAPTCHA is not impossible to crack but the spammers would have to spend even more of their precious time and effort to do something that they don’t even gain anything from it.