Head

Form

Lower Head

WP-Spam Free

WP-Spam Free

Sorry!
We are no longer able to provide support for the WP-SpamFree plugin,
as we currently do not have the internal resources to maintain the plugin
or respond to support requests. We apologize for any inconvenience.

An extremely powerful anti-spam plugin for WordPress that eliminates comment spam, including trackback and pingback spam. It works invisibly without CAPTCHA’s, or other inconvenience to site visitors. The plugin includes spam-free contact form feature as well. Finally, you can enjoy a spam-free WordPress blog!

Tech Support: WP-SpamFree Support

Download Latest Version

Follow WP-SpamFree on Twitter: @WPSpamFree

Quick Navigation – Contents

  1. Description
  2. Background
  3. Features
  4. See What Others Have Said About WP-SpamFree
  5. How It Works
  6. Installation Instructions
  7. Displaying Spam Stats on Your Blog
  8. Installing a WordPress Contact Form on Your Blog
  9. Configuration Information
  10. Changelog / Version History
  11. Known Plugin Conflicts
  12. Troubleshooting Guide / Support
  13. Frequently Asked Questions (FAQ’s)
  14. Let Others Know About WP-SpamFree
  15. WordPress Security Note
  16. Download Plugin / Documentation

Description

Comment spam has been a huge problem for bloggers since the inception of blogs, and it just doesn’t seem to go away. The worst kind, and most prolific, is automated spam that comes from bots. Well, finally there is an effective solution, without CAPTCHA’s, challenge questions, or other inconvenience to site visitors. The WP-SpamFree plugin virtually eliminates automated comment spam from bots, including trackback and pingback spam.

Background

Before I developed this plugin, our team and clients experienced the same frustration you do with comment spam on your blog. Every blog we manage had comment moderation enabled, Akismet and various other anti-spam plugins installed, but we still had a ton of comments tagged as spam by Akismet that we had to sort through. This wasted a lot of valuable time, and we all know, time is money. We needed a solution.

Comment spam stems from an older problem — automated spamming of email contact forms on web sites. I developed a successful fix for this a while ago, and later applied it to our WordPress blogs. It was so effective, that I decided to add a few modifications and turn it into a WordPress plugin to be freely distributed. Blogs we manage used to get an excessive number of spam comments show up on the Akismet Spam page each day – now the daily average is zero spam comments.

To further the development of this plugin, I now study thousands and thousands of potential spam comments from many test blogs and contributors. I use a special diagnostic version of the plugin, which provides much more information on each of these spam comments than what is shown in WordPress. By analyzing patterns and behaviors consistent with spam, I can continually improve the plugin and ensure future accuracy.

Features

  1. Virtually eliminates automated comment spam from bots. It works like a firewall to ensure that your commenters are in fact, human.
  2. A counter on your dashboard to keep track of all the spam it’s blocking. The numbers will show how effective this plugin is.
  3. No CAPTCHA’s, challenge questions or other inconvenience to site visitors — it works silently in the background.
  4. Includes drop-in spam-free contact form. Easy to use — no configuration necessary.
  5. No false positives, which leads to fewer frustrated readers, and less work for you.
  6. You won’t have to waste valuable time sifting through a spam queue anymore, because there won’t be much there, if anything.
  7. Powerful trackback and pingback spam protection.
  8. Easy to install — truly plug and play. Just upload and activate. (Installation Status on the plugin admin page to let you know if plugin is installed correctly.)
  9. The beauty of this plugin is the methods of blocking spam. It takes a different approach than most and stops spam at the door.
  10. The code has an extremely low bandwidth overhead and won’t slow down your blog (very light database access), unlike some other anti-spam plugins.
  11. Completely compatible with all cache plugins, including WP Cache and WP Super Cache. Not all anti-spam plugins can say that.
  12. Display your blocked spam stats on your blog.
  13. Helps keep your database slimmer and more efficient.
  14. Works in WordPress MU as well. (See the related FAQ for details.)
  15. It’s completely free for both commercial and personal use.

See What Others Have Said About WP-SpamFree

The WP-SpamFree plugin for WordPress seems to be much better than Akismet at blocking spam bots.

WP-SpamFree Plugin

I would like to report that the plugin is very very effective. The Akismet spam queue which used to have about one hundred entries a day now has just one or two. Sometimes even zero spam comments. No one has reported missing comments so real comments are not trashed. Very effective.

WP-SpamFree is Really Good

I’ve tried it out, and it works great. Try it, and even if you’re using Akismet, you’ll notice you don’t have the tons of Akismet spam to go through… if you go through it at all. Eliminate comment spam with wp-spamfree!

WP-SpamFree Eliminates Automated Comment Spam

I was getting spam comments that averaged 2000 words in length on certain posts. I would have to scroll through them every day before deleting them (Akismet page). Now I am freed from that task.

I was using a separate plugin for my contact form and employed a quizz to combat spam. With WP-SpamFree I could delete that plugin, and instead, use the included contact form, which is more easily configured to the features and sizing I require than the full-featured contact form plugin I was using. One less plugin, better functionality, and no quiz for readers to cope with.

The clear, complete, and concise information that the developer has detailed on this site.

Many thanks 🙂

Zen Moments, on WP-SpamFree 1.0 WordPress Plugin Released

WP-SpamFree is by far the best plugin I have installed. It virtually eliminates comment spam, including trackback and pingback spam and uses very low bandwidth.

WP-SpamFree: A Must Have WordPress Plugin

I highly recommend downloading and installing WP-SpamFree. It’s a great and unobtrusive plugin to weed out almost all of your spam without imposing spam’s evil effects on your readers.

WP-SpamFree – A Reader’s Dream?

Tired of those spams that keep bugging your WordPress blog? Then, you need an extremely powerful anti-spam plugin like WP-SpamFree. Use this plugin and see how efficiently it eliminates comment spam including, pingback spam and trackback spam. Rest assure to enjoy a spam-free WordPress blog with this new plugin.

WP-SpamFree

Say no to spam and get WP-SpamFree for your WordPress blog today! Just install the WP-SpamFree plugin, sit back and relax to watch it do all its magical work.

Akismet is Not Enough, Get WP-SpamFree

After trying multiple plugins and multiple approaches, I have finally found a spam blocker that works. It’s WP-SpamFree. Before using WP-SpamFree I used to get more hundred spam comments (often in excess of two hundred). Now, on an average I get zero spam comment every day!! … WP-SpamFree is the best antispam plugin I have come across. Give it a try and you may just be tempted to ditch all other antispam plugins.

WP-SpamFree – Banish Comment Spam

There was some kind of javascript comment spam attack on my blog and although, I was using Akismet, it wasn’t enough to stop all sorts of problems that I was facing because of those spam bots. Thanks to Dreamhost that they told me that which all plugins will be able to help me resolve this problem. … When I came to know about WP-SpamFree, I installed it right then and there. Now, I realize that how effective this plugin is and that how it has helped me in fixing up the problem that DreamHost kindly brought in front of me.

WP-SpamFree: Fight Blog Comment Spam and Avoid Fat Database in WordPress

Lately, comment spam has been a big problem and I was sick of clearing around 15 – 20 or so spam comments that wordpress catches. Some of them escaped and were getting published. I knew about Akismet but the problem with that is you have to get an account on wordpress.com and give the API key. Annoying.

I’ve used re-captcha in the past but it creates more problems than it solves. Often times I find it frustrating if I have to go through a captcha which is unreadable. Sometimes you get it wrong several times and lose the interest to comment and you just go away.

During my quest for a world with zero spam without any captchas, I stumbled on the awesome WP-SpamFree plugin. Zero comment spam so far! w00t. Rock on Scott!

WP-SpamFree: Eliminating Comment Spam

If you like WP-SpamFree, please let others know by giving it a good rating on WordPress.org!

How It Works

Most of the spam hitting your blog originates from bots. Few bots can process JavaScript. Few bots can process cookies. Fewer still, can handle both. In a nutshell, this plugin uses a combo of JavaScript and cookies (on steroids) to weed out the humans from spambots, preventing 99%+ of automated spam from ever getting to your site. Almost 100% of web site visitors will have these turned on by default, so this type of solution works silently in the background, with no inconveniences. There are extremely few users (less than 2%) that have JavaScript and/or cookies turned off by default, but they will be prompted to turn those back on to post their comment.

Stats show that among all Internet users, less than 2% have JavaScript turned off, and less than 1% have cookies turned off. This requirement isn’t anything out of the ordinary because most modern websites require the use of JavaScript and cookies for key features — AJAX, for example, won’t work if JS is disabled.

Overall, the very few that might be inconvenienced because they have JS and cookies turned off will be far fewer than the 100% who would be annoyed by CAPTCHA’s, challenge questions, and other validation methods.

As of Version 1.5, WP-SpamFree has multiple randomly generated keys across several methods, along with a few additional security features that further decrease the likelihood of an automated spam comment getting through. These security keys re-generate on a regular basis.

Some would argue that this is too simplistic an approach. Many programmers prefer using some type of basic AI to fight bots by trying to figure out if a comment is spam. While that isn’t a bad idea, it falls short because no machine can ever accurately judge whether a comment is spam – many spam comments get through that could easily have been stopped, and there are many false positives where non-spam comments get flagged as spam. Others may argue that some spammers have programmed their bots to read JavaScript, etc. In reality, the percentage of bots with these capabilities is still extremely low – less than 1%. It’s simply a numbers game.

Statistics tell us that an effective solution would involve using a technology that few bots can handle, therefore eliminating their ability to spam your site. The important thing in fighting spam is that we create a solution that can reduce spam noticeably and improve the user experience, and a 99% reduction in spam would definitely make a difference for most bloggers and site visitors. The bottom line, is that this plugin just plain works, and is a powerful weapon against spam.

Installation Instructions

  1. After downloading, unzip file and upload the enclosed ‘wp-spamfree’ directory to your WordPress plugins directory: ‘/wp-content/plugins/’.
  2. As always, activate the plugin on your WordPress plugins page.
  3. Check to make sure the plugin is installed properly. Many support requests for this plugin originate from improper installation and can be easily prevented. To check proper installation status, go to the WP-SpamFree page in your Admin. It’s a submenu link on the Plugins page. Go the the ‘Installation Status’ area near the top and it will tell you if the plugin is installed correctly. If it tells you that the plugin is not installed correctly, please double-check what directory you have installed WP-SpamFree in, delete any WP-SpamFree files you have uploaded to your server, re-read the Installation Instructions, and start the Installation process over from step 1. If it is installed correctly, then move on to the next step.
  4. Select desired configuration options. Due to popular request, I’ve added the option to block trackbacks and pingbacks if the user feels they are excessive. I’d recommend not doing this, but the choice is yours.
  5. If you are using front-end anti-spam plugins (CAPTCHA’s, challenge questions, etc), be sure they are disabled since there’s no longer a need for them, and these could likely conflict. (Back-end anti-spam plugins like Akismet are fine, although unnecessary.)

You’re done! Sit back and see what it feels like to blog without comment spam!

If you’re not familiar with WordPress plugin installation, you may want to read these two articles:

For Best Results

WP-SpamFree was created specifically to stop automated comment spam (which accounts for over 99% of comment spam), and it does have features that help combat human comment spam, as well as trackback/pingback spam. Unfortunately, no plugin can perfectly detect human comment spam. As other experts will tell you, the most effective strategy for blocking spam involves applying a variety of techniques. For best results, enable comment moderation, and if you desire a backup, feel free to use Akismet (although unnecessary), as the two plugins are compatible.

Displaying Spam Stats on Your Blog

Want to show off your spam stats on your blog and tell others about WP-SpamFree? Simply add the following code to your WordPress theme where you’d like the stats displayed:

<?php if ( function_exists(spamfree_counter) ) { spamfree_counter(1); } ?>

where ‘1′ is the style. Replace the ‘1′ with a number from 1-9 that corresponds to one of the following sample styles you’d like to use. To simply display text stats on your site (no graphic), replace the ‘1′ with ‘0′.

To add stats to individual posts, you’ll need to install the Exec-PHP plugin.

Small Counter

To add smaller counter to your site, add the following code to your WordPress theme where you’d like the stats displayed:

<?php if ( function_exists(spamfree_counter_sm) ) { spamfree_counter_sm(1); } ?>

where ‘1′ is the style. Replace the ‘1′ with a number from 1-5 that corresponds to one of the following.

Installing a WordPress Contact Form on Your Blog

First create a page (not post) where you want to have your contact form. Then, insert the following tag (using the HTML editing tab, NOT the Visual editor) and you’re done: <!--spamfree-contact-->

There is no need to configure the form. It allows you to simply drop it into the page you want to install it on. However, there are a few basic configuration options. You can choose whether or not to include Phone and Website fields, whether they should be required, add a drop down menu with up to 10 options, set the width and height of the Message box, set the minimum message length, set the form recipient, enter a custom message to be displayed upon successful contact form submission, and choose whether or not to include user technical data in the email.

If you want to modify the style of the form using CSS, all the form elements have an ID attribute you can reference in your stylesheet.

What the Contact Form feature IS: A simple drop-in contact form that won’t get spammed.

What the Contact Form feature is NOT: A configurable and full-featured plugin like some other contact form plugins out there.

Note: Please do not request new features for the contact form, as the main focus of the plugin is spam protection. Thank you.

Configuration Information

Spam Options

M2 – Use two methods to set cookies.

This adds a secondary non-JavaScript method to set cookies in addition to the standard JS method.

Blocked Comment Logging Mode

This is a temporary diagnostic mode that logs blocked comment submissions for 7 days (changed from 3 days to 7 in version 2.1.0.4), then turns off automatically. If you want to see what spam has been blocked on your site, this is the option to use. Also, if you experience any technical issues, this will help with diagnosis, as you can email this log file to support if necessary. If you suspect you are having a technical issue, please turn this on right away and start logging data. Then submit a support request, and we’ll email you back asking to see the log file so we can help you fix whatever the issue may be. The log is cleared each time this feature is turned on, so make sure you download the file before turning it back on. Also the log is capped at 2MB for security. This feature may use slightly higher server resources, so for best performance, only use when necessary. (Most websites won’t notice any difference.)

Log All Comments

Requires that Blocked Comment Logging Mode be engaged. Instead of only logging blocked comments, this will allow the log to capture all comments while logging mode is turned on. This provides more technical data for comment submissions than WordPress provides, and helps us improve the plugin. If you plan on submitting spam samples to our us for analysis, it’s helpful for you to turn this on, otherwise it’s not necessary. If you have any spam comments that you feel WP-SpamFree should have blocked (usually human spam), then please submit a support request. When we email you back we will ask you to forward the data to us by email.

This extra data will be extremely valuable in helping us improve the spam protection capabilites of the plugin.

Enhanced Comment Blacklist

Enhances WordPress’s Comment Blacklist – instead of just sending comments to moderation, they will be completely blocked if this is enabled. (Useful if you receive repetitive human spam or harassing comments from a particular commenter.) Also adds one-click blacklisting – a link will now appear in the comment notification emails that you can click to blacklist a commenter’s IP. This link appears whether or not the feature is enabled. If you click the link and this feature is diabled, it will add the commenter’s IP to the blacklist but blacklisting will operate according to WordPress’s default functionality.

The WP-SpamFree blacklist shares the WordPress Comment Blacklist data, but the difference is that now when a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be completely blocked, not just marked as spam. One word or IP per line…add each new blacklist item on a new line. If you’re not sure how to use it, start by just adding an IP address, or click on the link in one of the notification emails. It is not case-sensitive and will match included words, so “press” on your blacklist will block “WordPress” in a comment.

Disable trackbacks.

Use if trackback spam is excessive. It is recommended that you don’t use this option unless you are experiencing an extreme spam attack.

Disable pingbacks.

Use if pingback spam is excessive. The disadvantage is a reduction of communication between blogs. When blogs ping each other, it’s like saying “Hi, I just wrote about you” and disabling these pingbacks eliminates that ability. It is recomended that you don’t use this option unless you are experiencing an extreme spam attack.

Allow users behind proxy servers to comment?

Most users should leave this unchecked. Many human spammers hide behind proxies. Leaving this unckecked adds an extra layer of spam protection. In the rare even that a non-spam commenter gets blocked by this, they will be notified what the situation is, and instructed to contact you to ask you to modify this setting.

Hide extra technical data in comment notifications.

The plugin now addes some extra technical data to the comment moderation and notification emails, including the referrer that brought the user to the page where they commented, the referrer that brought them to the WordPress comments processing page (helps with fighting spam), User-Agent, Remote Host, Reverse DNS, Proxy Info, Browser Language, and more. This data is helpful if you ever need to submit a spam sample. If you dislike seeing the extra info, you can use this option to prevent the info from being displayed in the emails. If you don’t mind seeing it, please leave it this unchecked, because if you ever need to submit a spam sample, it helps us track spam patterns.

Help promote WP-SpamFree?

This places a small link under the comments and contact form, letting others know what’s blocking spam on your blog. This plugin is provided for free, so this is much appreciated. It’s a small way you can give back and let others know about WP-SpamFree.

Contact Form Options

These are self-explanatory.

Changelog / Version History

For a complete list of changes to the plugin, view the Version History.

Known Plugin Conflicts

Plugins that are reported to be incompatible with WP-SpamFree, or have certain compatibility issues.

  1. AskApache Password ProtectUsers have reported that using its feature to protect the /wp-content/ directory creates an .htaccess file in that directory that creates improper permissions and conflicts with WP-SpamFree (and most likely other plugins as well). You’ll need to disable this feature, or disable the AskApache Password Protect Plugin and delete any .htaccess files it has created in your /wp-content/ directory before using WP-SpamFree.
  2. WP-PXSMail (de)
  3. Some front-end anti-spam plugins, including CAPTCHA’s, challenge questions, etc.There’s no longer a need for them, and these could likely conflict. (Back-end anti-spam plugins like Akismet are fine, although unnecessary.)

Plugins that may have issues with WP-SpamFree. Recent updates to WP-SpamFree (1.9.8.0+) include workarounds and improvements that may alleviate compatibility issues. If you plan to use any of these with WP-SpamFree, it’s recommended you do some testing. Enabling the option “M2 – Use two methods to set cookies.” may also improve the compatibility with plugins in question.

  1. Head Cleaner (and similar plugins that condense JS)

Plugins that previously had compatibility issues, but are now compatible. (Plugins that we’ve had reports of no conflict whatsoever with recent versions of WP-SpamFree.)

  1. AJAX Edit Comments
  2. WordPress Thread Comment
  3. WP-OpenID

Please let us know about any undocumented plugins that you suspect conflict, or if you have any other issues. If you have any of these working with WP-SpamFree without issues, let us know.

Troubleshooting Guide / Support

If you’re having trouble getting things to work after installing the plugin, here are a few things to check:

  1. Check the FAQ’s.
  2. If you haven’t yet, please upgrade to the latest version.
  3. Check to make sure the plugin is installed properly. Many support requests for this plugin originate from improper installation and can be easily prevented. To check proper installation status, go to the WP-SpamFree page in your Admin. It’s a submenu link on the Plugins page. Go the the ‘Installation Status’ area near the top and it will tell you if the plugin is installed correctly. If it tells you that the plugin is not installed correctly, please double-check what directory you have installed WP-SpamFree in, delete any WP-SpamFree files you have uploaded to your server, re-read the Installation Instructions, and start the Installation process over from step 1.
  4. Clear your browser’s cache, clear your cookies, and restart your browser. Then reload the page.
  5. If you are receiving the error message: “Sorry, there was an error. Please enable JavaScript and Cookies in your browser and try again.” then you need to make sure JavaScript and cookies are enabled in your browser. (JavaScript is different from Java. Java is not required.) These are enabled by default in web browsers. The status display will let you know if these are turned on or off (as best the page can detect – occasionally the detection does not work.) If this message comes up consistently even after JavaScript and cookies are enabled, then there most likely is an installation problem, plugin conflict, or JavaScript conflict. Read on for possible solutions.
  6. If you have multiple domains that resolve to the same server, or are parked on the same hosting account, make sure the domain set in the WordPress configuration options matches the domain where you are accessing the blog from. In other words, if you have people going to your blog using http://www.yourdomain.com/ and the WordPress configuration has: http://www.yourdomain2.com/ you will have a problem (not just with this plugin, but with a lot of things.)
  7. Check your WordPress Version. If you are using a release earlier than 2.3, you may want to upgrade for a whole slew of reasons, including features and security.
  8. Check the options you have selected to make sure they are not disabling a feature you want to use.
  9. Make sure that you are not using other front-end anti-spam plugins (CAPTCHA’s, challenge questions, etc) since there’s no longer a need for them, and these could likely conflict. (Back-end anti-spam plugins like Akismet are fine, although unnecessary.)
  10. Visit http://www.yourblog.com/wp-content/plugins/wp-spamfree/js/wpsf-js.php (where yourblog.comis your blog url) and check two things.First, see if the file comes normally or if it comes up blank or with errors.That would indicate a problem. Submit a support request (see last troubleshooting step) and copy and past any error messages on the page into your message.Second, check for a 403 Forbidden error. (Or a 404 Not Found error.) That means there is a problem with your file permissions. If the files in the wp-spamfree folder don’t have standard permissions (at least 644 or higher for files and 755 for folders) they won’t work. (You may need to try 666 for files and 775 for folders.) This usually only happens by manual modification, but strange things do happen. The AskApache Password Protect Plugin is known to cause this error. Users have reported that using its feature to protect the /wp-content/ directory creates an .htaccess file in that directory that creates improper permissions and conflicts with WP-SpamFree (and most likely other plugins as well). You’ll need to disable this feature, or disable the AskApache Password Protect Plugin and delete any .htaccess files it has created in your /wp-content/ directory before using WP-SpamFree. If changing the files permissions does not fix it, then you may need to contact your web host to see why a file that you know is there, does not have appropriate permissions on the server to be shown in a browser. (Occasionally there is a file ownership issue that only a System Administrator can fix.)
  11. Check for conflicts with other JavaScripts installed on your site. This usually occurs with with JavaScripts unrelated to WordPress or plugins. However some themes contain JavaScripts that aren’t compatible. (And some don’t have the call to the wp_head() function which is also a problem. Read on to see how to test/fix this issue.) If in doubt, try switching themes. If that fixes it, then you know the theme was at fault. If you discover a conflicting theme, please let us know.
  12. Check for conflicts with other WordPress plugins installed on your blog. Although errors don’t occur often, this is one of the most common causes of the errors that do occur. I can’t guarantee how well-written other plugins will be. First, see the Known Plugin Conflictslist. If you’ve disabled any plugins on that list and still have a problem, then proceed.To start testing for conflicts, temporarily deactivate all other plugins except WP-SpamFree. Then check to see if WP-SpamFree works by itself. (For best results make sure you are logged out and clear your cookies. Alternatively you can use another browser for testing.) If WP-SpamFree allows you to post a comment with no errors, then you know there is a plugin conflict. The next step is to activate each plugin, one at a time, log out, and try to post a comment. Then log in, deactivate that plugin, and repeat with the next plugin. (If possible, use a second browser to make it easier. Then you don’t have to keep logging in and out with the first browser.) Be sure to clear cookies between attempts (before loading the page you want to comment on). If you do identify a plugin that conflicts, please let me know so I can work on bridging the compatibility issues.
  13. Make sure the theme you are using has the call to wp_head() (which most properly coded themes do) usually found in the header.php file. It will be located somewhere before the </head> tag. If not, you can insert it before the </head>tag and save the file. If you’ve never edited a theme before, proceed at your own risk:
    1. In the WordPress admin, go to Themes (Appearance) – Theme Editor
    2. Click on Header (or header.php)
    3. Locate the line with </head> and insert <?php wp_head(); ?> before it.
    4. Click ‘Save’
  14. On the WP-SpamFree Options page in the WordPress Admin, under “General Options”, check the option “M2 – Use two methods to set cookies.” and see if this helps.
  15. If have checked all of these, and still can’t quite get it working, please submit a support request at the WP-SpamFree Support Page.

Frequently Asked Questions (FAQ’s)

  • Q: Where did all the spam go, and can I check it?A:In the admin options page for the plugin, under “General Options”, turn on “Blocked Comment Logging Mode”, a temporary diagnostic mode that logs blocked comments and contact form submissions for 7 days (changed from 3 days to 7 in version 2.1.0.4), then turns off automatically. If you want to see what’s been blocked, or verify that everything is working, turn this on and see what WP-SpamFree is protecting your blog from. The log is cleared each time you turn on this feature. Also, if you experience any technical issues, this will help with diagnosis, as you can email this log file to support if necessary.WP-SpamFree is different from other spam plugins in that it BLOCKS spam at the front door and doesn’t allow it into the WordPress database* at all. (Other spam plugins simply label a comment as spam, leaving you to sort through a queue, which wastes your valuable time.) Since the blocked spam comments aren’t stored in the database, it is not possible to restore them.*Not allowing these into the database improves security by preventing SQL injection exploit attacks through automated comment submissions. It also keeps your WordPress database slimmer and more efficient (keeping your site running faster) by not allowing the thousands of spam comments into it.Also, you’ll be interested to know that internally (both our blogs and our testers’ blogs) we use a special version of the plugin for testing and debugging. This “Debug Version” of the plugin tracks very detailed data about the each comment submission, both spam and legit. This allows us to ensure that everything is working well, and improve the plugin. It provides much more detailed data about each comment submission that you would ever see in WordPress.
  • Q: How is it possible to have no false positives?A: WP-SpamFree doesn’t have false positives because it uses a different method that can’t have false positives. Other spam plugins label a comment as spam, and aren’t always accurate. This incorrect labeling of a non-spam comment as spam is a “False Positive”. When WP-SpamFree blocks a spammy comment from a human, it gives the commenter another chance to submit a non-spam comment. (Note: In the rare event you are getting reports from multiple users that their comments are being blocked, these are not false positives — it means you most likely have a conflict that is preventing the plugin from functioning properly and you need to run through the Troubleshooting Guide.)
  • Q: Does WP-SpamFree work on WordPress MU?A:Yes it does.It’s one of the few free spam blockers out there for WPMU.The spam blocking features work fine, which is the main feature of the plugin.Currently sitewide activation does not seem to be working. We will try to have that up and running as soon as possible.There may be other features that are not yet fully compatible with WPMU.Install the plugin normally either through the WordPress admin, or through your FTP client. It should be placed in the plugins folder, not the mu-plugins folder. The plugin currently needs to be activated by each individual blog admin.
  • Q: The contact form says that email was successfully sent, but an email never seems to reach my inbox. What might be causing this?A:It’s most likely the problem is not with the plugin.You may need to check your spam filters, as well as who is set to be the contact form email recipient. On some email systems, if the email FROM address and TO address are the same, the email might not show up in your inbox. Keep that in mind if you are testing the form using the same email that the forms are set to go to.After that, check that everything is functioning properly on your server with the PHP mail() function – this is basic to most PHP programs that use mail. You may need to call tech support at your host.The plugin has been tested thoroughly, so if the mail still isn’t getting sent, then it’s most likely an issue with the server settings or with email spam filters.Please see this topic on the WordPress Support Forums. (This is for WordPress MU but the advice/solutions given apply universally.)
  • Q: I have “Blocked Comment Logging Mode” turned on and the spam counter is going up, but I’m getting a blank log file. How can I fix this?A:The file may be cached by your browser. Delete your browser’s cache (or “temporary files”) and then try to view the log file again. (You may need to manually reload it.)If that doesn’t work, it may be related to file permissions. The files need to have the proper read/write permissions, and it’s likely something has interfered with the server’s default settings.Some security plugins alter these. (In many cases, they overstep a bit by modifying permissions that don’t need to be modified. This only hampers other plugins and doesn’t actually increase security.) If permissions for the necessary files are incorrect, the plugin will attempt to fix the permissions, but in the event it cannot, they may need to be manually modified. Make sure that the “/wp-spamfree/data” folder has a permission setting of 755 and the files within to 644, which are common defaults for servers. If that doesn’t work (some server configurations vary in who they let write to a file) then you may want to try 775 for the “/wp-spamfree/data” folder and 666 for the included files. (More information is available on WordPress file permissions.)Also, be aware that the log file is cleared each time you turn it on.
  • Q: Why should I use WP-SpamFree instead of CAPTCHA-based anti-spam solutions?A:For several reasons, but here are two specific ones.Before creating this plugin, I did a lot of market research to see how people felt about current blog spam solutions being used. Statistics show conclusively that people hate CAPTCHA’s. They end up frustrating users and many end up not commenting or going away permanently.Why would we want to harass our users and customers this way?(Read more: A good article on how CAPTCHA’s may be killing your business.)Also, CAPTCHA’s are becoming less and less effective as programmers are equipping spambots with OCR software that can break CAPTCHA’s.Wow, so they both annoy users, and they often don’t work. Tough choice? WP-SpamFree is a clear winner.
  • Q: Will WP-SpamFree Be Available in My Language?A: Since the popularity of this plugin has spread across the world, there are now a lot of users whose native language isn’t English. We need to make WP-SpamFree more accessible to users in every language, and we do have localization/internationalization high on our to-do list. Please be patient with us, as this will take a fair amount of work, but we will do it. (Volunteers who speak various languages would be much appreciated for creating different translations.)

Let Others Know About WP-SpamFree

How does it feel to blog without being bombarded by automated comment spam?

If you’re happy with how effectively WP-SpamFree blocks spam on your blog, there’s a few things you can do to let others know:

  • Rate WP-SpamFree on WordPress.org.
  • Place a graphic link on your site letting others know how they can help end blog spam. ( </BLOGSPAM> )

WordPress Security Note

As with any WordPress plugin, for security reasons, you should only download plugins from the author’s site and from official WordPress repositories. When other sites host a plugin that is developed by someone else, they may inject code into that could compromise the security of your blog. We cannot endorse a version of this that you may have downloaded from another site. If you have downloaded the “WP-SpamFree” plugin from another site, please download the current release from the official site (https://www.polepositionmarketing.com/digital-marketing-learning-library/wp-spamfree/).

Download Plugin / Documentation

Download Latest Version

Plugin Homepage / Documentation: WP-SpamFree

WordPress.org Page: WP-SpamFree

Tech Support/Questions: WP-SpamFree Support Page

Twitter: @WPSpamFree