Allow anonymous comments, but prevent spam

  1. Captcha, reCapthca and the like have serious usability issues. And basically anything that requires a user to fill an extra field (other than the comment) each time the user posts a comment, is considered bad usability.

    (NOTE: I hope you do realize that users need only enter their name and email address once when it comments on a website, unless he clears the cache.)

    So, plugins like Better WordPress reCAPTCHA, WP-reCAPTCHA, Spam Free WordPress, etc. although are extremely good at what they do, are out of the question considering the aforementioned concerns.

  2. Plugins like Bad Behavior, WP-Hashcash Extended (successor of WP-Hashcash), .htaccess rules for preventing recognized spamming techniques and bots, etc. aren’t without false positives.

    Sometimes, they are known to even block search engine crawlers coming from a new IP address range. Also, depending on JavaScript to basically authenticate comments isn’t really a great way, IMO. Just saying.

As I see it, it all boils down to Akismet, Impostercide, and Cookies for Comments anti-spam plugin combo.

(AntiSpamBee, Defensio, and TypePad AntiSpam, among others, are aimed to be Akismet alternatives. While many don’t like Akismet because it’s from a company that believes in open source, but isn’t free, many of us still acknowledge that it’s next to none.)


  • What else should I do? (rather, should I be doing something else that’s more effective?)

  • Has anyone tried ZigTrap? How does it compare to others? (Too many false positives is a moderation/spam queue overhead.)

PS: I am sure that there’s no “best for all” solution. But it will help if you can share what works best for you.

TLDR: How do I prevent spam on WordPress comments without requiring manual approval or user login/registration?

Solutions Collecting From Web of "Allow anonymous comments, but prevent spam"

Okay, I’ve (probably) done just enough reading since asking this question, and apparently this combo of anti-spam plugins, works to a very appreciable extent in mitigating spam:

Akismet + Cookies for Comments + Impostercide

Knowledgeable people agree:

  • Alex aka Viper007Bond uses Akismet and Cookies for Comments on his own blog, alongside having Trackbacks disabled. (Source)

  • Donncha O Caoimh says (via email), “I use cookies for comments and it works just fine with WP Super Cache!” — He also happens to be a co-developer of a number of anti-spam plugins. He also, most probably, uses Akismet.

The need for the use of “Impostercide” plugin should be obvious, unless the email you administer your blog with is unknown to the world, or you just don’t care even if the spammers post comments on your blog using your Name and Email (and hell if you use Gravatar).

And yes, this setup may not fit everyone. Especially those blogs that want to enforce a stricter set of rules and techniques.