In the beginning of June, I wrote about the rising number of spam missed by Akismet. The main issue was a noticeable increase in the number of spam messages that get through Akismet, which is kind of the de-facto spam filter for WordPress. Twice a day, on average, I had to manually mark comments as spam, which really got under my skin. After writing that post, I looked at a number of solutions.
The best one, in my opinion (which I’m currently using), is a plugin called WP-reCAPTCHA. While looking a bit outdated (last updated more than a year ago), it works great with the latest WordPress version. As its name suggests, it adds reCAPTCHA challenges to comment and contact forms, as you can see for yourself in the comment form for this post. Installing it cut the number drastically: after having 76 missed spam comments in May, I’m down so far in July to a single spam comment. It seems that WP-reCAPTCHA can probably handle all the spam by itself, but as it plays along nicely with Akismet, I don’t see a reason not to keep both.
If you read my previous post, I also complained about the spam queue itself. I had a staggering 20,000+ comments in the spam queue. Unfortunately, the one downside of having both Akismet and WP-reCAPTCHA is that messages that the latter marks as spam get into Akismet’s spam queue. In my opinion, it is a bad design. A legitimate user who doesn’t solve the CAPTCHA correctly will resubmit their comment. No need to keep the faulty submission (along with real spam) in the queue. Anyway, understanding that I’ll never go through 20,000+ spam comments in the queue to make sure I don’t miss a legitimate one, I enabled auto-deleting of spam messages in old posts (via Jetpack->Akismet->Settings). This cut the queue to merely 100+ messages, making my backups much easier to manage.