In the beginning of June, I wrote about the rising number of spam missed by Akismet. The main issue was a noticeable increase in the number of spam messages which get through Akismet, which is kind of the de-facto spam filtering for WordPress. Twice a day, on avearage, I had to manually mark comments as spam, which really got under my skin. After writing that post, I’ve looked at a number of solutions.
The best one in my opinion (which I’m currently using), is a plugin called WP-reCAPTCHA. While looking a bit outdated (last updated more than a year ago), it works great with the latest WordPress version. As it’s name suggests, it add reCAPTCHA challenges to comment and contact forms, as you can see for yourself in the comment form for this post. Installing it cut the number of drastically: having in May 76 missed spam, I’m down so far in July to a single spam comment. It seems, that WP-reCAPTCHA can probably handle all the spam by itself, but as it plays along nicely with Akismet, I don’t see a reason not to keep both.
If you read my previous post, I also complained about the spam queue itself. I had a staggering 20,000+ comments in the spam queue. Unfortunately, the one downside of having both Akismet and WP-reCAPTCHA is that messages that the latter marks as spam get into Akismet’s spam queue. In my opinion, it is a bad design. A legitimate user who doesn’t solve the CAPTCHA correctly, will resubmit his comment. No need to keep the faulty submission (along with real spam) in the queue. Anyway, understanding that I’ll never go through a 20,000+ spam comments in the queue to make sure I don’t miss a legitimate one, I enabled auto-deleting of spam messages in old posts (via Jetpack->Akismet->Settings). This cut the queue to merely 100+ messages, making my backups much easier to manage.