A few months ago WordPress and WordPress MU merged with the release of the Wordpres 3 series. This was awesome if you ran multisites as now the code bases were a single branch. Unfortunately, the problem with spambots creating blogs to simply load links back to their spam sites didn’t get any better. If anything, it’s gotten worse and the problem isn’t just limited to multisite installations, single site WordPress installs are just as prone to comment spam and/or bogus users being created. A new WordPress installation can expect to be attacked by bots within days of going live and if you have an open comment or registration process, your going to be spending a lot of time weeding out bogus blogs and comments.
A year ago I released a plugin I’d been tinkering with called WPMU Block Spam By Math. It’s was based on the simple, yet highly effective plugin Block Spam By Math created by Alexander Grau. The WPMU version solely addressed the need in WPMU to try and control spam blog creation. While nothing is 100% both plugins together provided some pretty nice protection. Since the release of WordPress 3 and the ever increasing use of Buddypress, I decided to combine both plugins, updated for the current code bases with a few enhancements built in. The result is Block Spam By Math Reloaded.
It’s still a simple plugin based on an even simpler concept but it’s proven to be highly effective at what it does. By simply adding a math question to the workflow processes (something like “what is 5+2″) you can dramatically reduce the amount of spam you have to deal with. In fact, I rarely get comment spam and if it does get by (usually because someone actually posted the spam not a bot) Akismet nabs it. I’ve been running this plugin on my other site Reality Wired for several weeks and it’s been (in my opinion) 100% effective. Another advantage is you don’t have to worry about GD2, Imagemagic or other graphics library issues when using the random image generators. Block Spam By Math Reloaded just works.
Installation is simple:
- Download the plugin from WordPress.org.
- Copy it into the wp-content/plugins directory of your blog.
- Go into your wp-admin/plugins and activate the plugin.
- Go to wp-admin/settings/block-spam-by-math-reloaded and set your options.
That’s all there is to it. You should now start to see a dramatic reduction in the amount spam blogs and comment spam. NOTE: This does not protect against those spammers who take the time to manually create spam blogs on your site. For those I still recommend barbed wire and toothpicks under the fingernails.
Buddypress Users
If you are using Buddypress, the plugin has been tested against the latest version 1.2.7 using the default Buddypress theme. I’m fairly certain it won’t work with any version prior to 1.2.7 due to a missing hook. If you don’t have the latest version of Buddypress I recommend you look into updating anyway.
FAQ
- Does this plugin work with the original Block Spam By Math plugin?
- Does this plugin work with the regular WPMU Block Spam By Math plugin?
- Does this plugin work on WordPress versions prior to the 3.x series?
- Can I change the math questions?
- Does this plugin work on regular Buddypress?
No, this plugin uses some of the same functions and function names and will most likely cause you problems if you try and run them together.
No, this plugin uses some of the same functions and function names and will most likely cause you problems if you try and run them together.
Not sure, although it won’t run on anything older than 2.7 for sure.
Yes, just edit the two rand functions in the plugin file to generate whatever type of numbers you want.
Yes. Requires Buddypress 1.2.7 or higher using the default Buddypress theme
Future Updates
I’ve got a few more things I want to add to this plugin, mostly convenience things that have annoyed me with the previous ones. I hope to have them included in a few weeks. If you have a suggestion please leave a comment with your ideas.
Support
I’ll do my best to support any issues that crop up with the plugin. If you run into an issue, either shoot us a note via the contact page or simply leave a comment below.
If you like this plugin and want to support me, leave a comment or check out my donations and support page!
Version 2.0 Update
Version 2.0 of this plugin has been released. It includes a number of changes to base code, bringing it more inline with current WordPress standards.
* Added a number of enhancements that allow for field validation.
* Added the option to add the security form to the stand alone WordPress user registration form.
* Added customization for almost every available object
* Added the ability to change when the security form appears on the comment form (see the note below).
The biggest piece of this was adding the ability to change where the security form appears on the comments form. The issue with this was there is no default WordPress hook for this location and not all templates integrate the necessary part of the form into the template code making a manual edit of a template not very feasible. What I chose to do was provide 3 options that I believe will cover most cases.
- The default option is to use the default hook location. In most cases this places the security form below the comments submit button.
- The second option is the ability to use a predefined hook location. This won’t exist in most templates but several of the frameworks are starting to use it. Thesis Theme for example uses it’s own comment code and adds a hook for us. Therefore we are able to make use of that hook to relocate the form above the submit button rather easily.
- The third option will be the most difficult for some to grasp. This involves a manual edit to a core WordPress file. This means that everytime an upgrade is performed this edit will have to be readded. Instructions are included on the plugins options screen.
Maybe in the future WordPress will add additional hooks or alter the whole comments system to make the comment form use a template thus allow for easier manual placement. Until then, a little pain was necessary to make this happen.
Version 2.1 Update
After a few quick releases to fix some minor issues, I’ve pushed version 2.1 to the repository. No functional changes have been made, most are all cosmetic but I think it makes the admin options page a little less cluttered.
The two biggest things I’ve added aside from the cosmetic are:
- A help link for registering the plugin that should fix the issues some of you have emailed me about.
- An Uninstall option that will clear all plugin settings from the database. When you deactivate the plugin the settings are still there, but if you want to completely remove it or just revert to default settings this is the quickest way. The plugin is automatically deactivated as part of the uninstall.
I think I’m fairly happy with this release and I think you guys will like it better. As always, leave a comment with any bugs or feature requests you have or drop us a note via the contact form.
{ 102 comments… read them below or add one }
← Previous Comments
Update 2.2.2 is uploaded, should be available shortly. This “should” fix the registration issue when running in network mode.
My security question is showing below the submit button, not above like on your site. How do I fix that?
Scroll to the lower portion of the plugins settings in wpadmin, there is instructions on how to do this.
Hey,
first off, I love this plugin.Simple, yet very effective.
Now to the problem: I edited the notice message in my admin panel and wanted to put in line breaks with html tags, since the description says “You can use html here.” I thought that wouldn’t be a problem, but in fact, it was, cause it doesn’t work, no matter how often I try …
After I hit the “Save Changes” button, the html just disappear in the text field and there are no line breaks.
Any idea why? Is this maybe a bug? Am I just stupid?
Oh, btw, should’ve mentioned that in the first comment: Line breaks don’t work in the “Incorrect Answer Error Message” & “Empty Field Error Message” either. However, other html tags work, like making the text bold and stuff …
Thanks for this
We could not find a good and simple answer to comments spam bots and yours worked a treat and first time!
For those of us who use Multisite with a caching plugin… does this work using PHP or Javascript?
If a user gets served a cached page with an old math problem, will this still work?
Hi there – I installed and activated this plugin today, but I am still receiving TONS of spam constantly. Does it take any time to take effect?
Works perfectly. Just one question though — the Security Question appears below my submit button. Is there a way to make it appear before the Submit button.
http://www.bethannerankinforcongress.com/blog/2011/08/shell-see-me-stand/.
Thank you. Yael
Has this exploit been patched yet?
http://www.exploit-db.com/exploits/17702/
No, and to be honest it’s not a high priority for me right now. The exploit isn’t an exploit against this plugin, it’s a Wordpress exploit. I’ve talked to the Wordpress people and suggested some changes they make and I have some enhancements to add to the plugin from their feedback that I will get in there sometime. Right now I’m caught up in finishing a deliverable for the J.O.B.
Regardless, enhancing the plugin will not make the real vulnerability that exploit takes advantage of go away.
Has the bypass exploit been patched yet?
http://www.exploit-db.com/exploits/17702/
Thanks.
Is a there a way to remove the line “Security Question:” ??
I tried to erase only the text, but the empty line remains…?!
Thanks!
Max, not without altering the code but that’s a great idea for an upgrade. For now, you can just comment out this line in the plugin file.
echo '';
Should be around line 202.
I installed this on a multisite, but it seems each site can set up their own settings. Is there a way to set the options once for the entire network?
So, potentially bad news: This plugin took hundreds of plugins that were hitting my Akismet filter and killed them dead as a doornail. And they stayed dead for a long, long time. But starting yesterday afternoon, my spam filter has been getting slammed once again. I can only assume that somebody out there has cracked the plug-in and is auto-answering the math question.
Not sure what can be done about it, but I’m hoping somebody cleverer than I will be able to modify the plug-in so that it can go back to killing my spam problem.
A small question:
I have changed the value:
define (‘BSBM_NOTICE_MESSAGE’,'Udfyld venligst ovenstÃ¥ende’);
However it does not come through – it still displays.
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human)
I have gone around it by deleting:
echo $options['bsbm_notice_message'];
But can I do some kind of “refresh” instead?
Thanks for the Spam block plugin! I am using Plugin 2.2.2 which has been working until yesterday when some people managed to populated bunch of spams on my blog.
What could be the problem? Thanks.
It depends on how they got in there. If your using Akismet that should catch any that manage to get past the plugin.
Thanks, James. There are two or three random posts that full of garbage and mis-spelled words on some pages. I am currently not using payment required Akismet. Will have to find a free plugin similar to Akismet if any.
Sky, you can still get Akismet free. You just need a personal key and donate $0.
Thanks, James.
I’ve installed a free plugin named Growmap Anti Spambot yesterday. There are no spams this morning so far. Hopefully, my blog will be spam free with your plugin and Growmap Anti Spambot activated.
In the settings fields that allow HTML, how do I code a link? The typical HTML link code doesn’t work. Thanks.
And how about for multisites? Is there a way to apply it across the network or does it need to be activated on a site by site basis?
Hi ! I was just about to translate your plugin into the languages my blog is using when I noticed that version 2.2.3 is not quite “standard” as far as po/mo files are handled in wordpress…
Were you by any chance looking for new possible enhancements ?
The plugin has helped kill nearly 90% of spam, however, i am now starting to get some comment spam despite this plugin. I would suggest that authors of plugin extend/renew the options as the more popular it becomes, the more spammers will try to crack it.
But overall, thumbs up for the plugin authors. The plugin works great and i am a very satisfied user.
← Previous Comments