I’ve used Wordpress in the past for blogs that I write in. One thing that bothers me the most is the inadequate spam filtering they have. The blogs never really got any more than a few visitors a day, but the spam piled up and I was getting about 10 - 20 a day. Each one triggering an email notification that they’ve arrived. It’s such a let down to think you got a new comment for an article.

Anyway, I was forced to look into Wordpress’s plug-in library for spam filters finally choosing Akismet for all of the good reviews it got. Akismet worked okay, but there was still spam coming through. I wanted a solution that was transparent to the user, required no work on my part, and worked 100% of the time.

Unfortunately nothing I found existed for Wordpress and I wasn’t about to rewrite the commenting system. So I stumbled upon a neat little trick when looking through Ryan Grove’s Pants Blog Engine code (currently not being developed anymore). The code looks like this (you’d throw it into your comment form):

<input style="display:none;" type="text" name="content" value="" />

It’s simply a hidden input with the normal looking ‘content’ name to it. The trick here is that most, if not all spam bots will insert data into every form field that they can before submitting it. Since this one’s name is ‘content’ the spam-bot will assume that its the main content field and throw in its spam message. Once the comment is submitted, the server side logic then simply checks to see if any data exists in the $_POST[‘content’] variable. If so, you know that a human didn’t enter it, and you can process the bad request accordingly.

Now if you’re concerned that the bot could parse the display:none; and leave the info out, include it in an external stylesheet or have javascript hide that input. Even still, throw it in a <input type="text" /> tag that has display:none; set.

I’ve used this technique on this site as well as a few others I’ve done and have not once gotten a single spam message. It’s worth the effort to put it in.