What is honeypot and how is it associated with WordPress that it blocks spam comment bots that constitutes major headache to bloggers and website owners.

You’ll agree with me that spam comment is indeed a pain in the neck if you ever have a comment form on your site. It is an experience most blogger that do not know how to take decisive action on it would have to live by because it happens to everybody. So, you’re not really alone in the struggle.

Spam comment

Typical Example of a Spam Comment

But the good news is that there are tools on WordPress that have been developed to combat this serious menace. One of such tools is honeypot technology.

What is honeypot?

Honeypot is a form of spam prevention technique that creates an enticing trap noticeable only by spam bots which then allows it to recognize and filter off spam comments from bots appropriately separating them from legitimate comments posted by humans.

This technique creates additional fields on comment form that are not visible to humans but visible to bots. So, whenever those extra fields are attempted to be filled, the comments are trapped as spam and prevented from posting as comment. Simple and direct! Since the bots have been programmed to fill forms, they would definitely attempt to fill form fields they see, hence the effectiveness of honeypot technology.

The idea of spreading sugar on the floor to attract ants before applying insecticide is a good analogy to what honeypot does to spam comment bots.

It should be noted that humans can also post spam comments. This is rather easy to control from comment settings under ‘Discussion” and then given the fact that the number of comments posted by humans is not as much as the ones automated by the use of bots.

How can we use this technique to stop spam comment on website?

That is what I’m about to walk you through. But before then, let’s review why people would decide to spam your website.

Why people send spam comment

The principal reason is to get backlinks to their site through blackhat SEO. It is blackhat because the process is illegal and unethical. But know that these spams are not targeted to your site alone and most time it is not intended to harm your site either. Thank God that posted comments link are wrapped within “nofollow tag“. So, they don’t really pass link juice that could influence page rank on SERP and it wouldn’t attract Google penalty, but your blog reader and site visitors could be co-opted to click links on comments thereby diverting their attention mostly to shady sites.

However, it is still we (webmasters or bloggers or site owners) that engage the services of backlink companies (it could be individual) to help influence our site performance on SERP. (Because backlink still carries a unique value in ranking factors). Most of the people you turn to use shady tactics to get you backlink which in turn might give you quick returns but end up posing threat to your site at the long run.

This does not mean it is a bad idea to seek for backlink. Just ensure you use credible individual or companies with long standing integrity like Brian Dean of ‘BacklinkO’. Brian, apart from been a level headed individual, he collaborated with a seasoned marketer – Neil Patel to co-produce a digital copy of how to get backlink titled: “The Advanced Guide to Link Building“. A visit to his blog would convince you that he is indeed a guy that knows all about the intricacies of backlink techniques.

Okay! let’s come back to the main issue of the day.

How to block spam comment bots in WordPress with honeypot technique.

The first thing you need to do is to install and activate a WordPress plugin called ‘WP Spam Fighter‘. Go to ‘setting’ on your WP admin dashboard. Mouse-over it and click on WP Spam Fighter.

The setting page has three principal spam prevention stages.

1. Honeypot technique: To set your site for honeypot protection, simply check the box against ‘Honeypot protection’. Leave the other two settings as they are- Honeypot HTML form element name and honeypot type.WP Spam Fighter

2. Timestamp technique: This technique works on the assumption that before anybody would think of posting comment on a blog post, that person must have spent some time reading at least a part of the article or post. But in a situation where someone or something goes straight to the comment area to post a comment before a pre-defined time limit, it would be adjudged as spam.

This time limit can be set by inputting the value in seconds on the field against ‘Threshold’ after checking the box against ‘Timestand protection’.

In the same vein, you can edit the message that would pop-up on both users (audience) and bots in the fields provided. This is very important because some of your newsletter subscribers might want to comment on the content you sent to their mail. Some newsletters even include a direct link to the comment form on their newsletter template. They might want to click the link and post a comment especially when you send the full blog post.

This move could be seen as spam base on this spam setting hence, the need to customise the pop up message as a way of notifying audience about the prevention technique you adopted on your site.

3. reCaptcha protection: This is another layer of spam protection from Google that has been incorporated into the plugin. This spam protection experience is sometimes called the “nocaptcha recaptcha” because you do not have to answer a simple maths or quiz your intelligence as do other normal captcha.Google reCAPTCHA

All that is required is to signify that you are not a robot by checking a single box and then test your visual intelligence and ability.

To implement this layer of protection, click the ‘Recaptcha’ box and then click the link below to get your secret keys on Google by registering with your Google account.Register for Google reCAPTCHA

All you need to do on Google recaptcha page after log in is to input your site URL and give a name to your recaptcha tool. Click ‘Register’ and your ‘Secret key’ and ‘Site key’ would be generated. Copy and paste them into the appropriate boxes provided on the plugin setting page.

Other settings: These are other optional layers of protection that would make it extremely difficult for robots to comment on your site. Review these options and check the box against the ones you need.

For instance, you might want to send spam comments to ‘trash can’ where you can review before deleting them.

Click save and that’s all.

Conclusion: Gone are the days where bloggers or site owners do not have control over the incessant bombarding of spam comment on website especially blog post. This makes site maintenance hectic because you’ll have to review all the comments posted one after the other while sorting and replying legitimate ones.

Lot of working hours is lost doing so little on site that has relatively moderate traffic. With this plugin (WP spam fighter) it’s as good as going to sleep as far as comments’ coming from bots is concern.

However, this plugin do not have the capacity to detect spam comment submitted by real humans. So, you’ll have to check your comments before giving blanket approval. Though the comment spam that come from humans are not as much as the ones posted by bots. This depends greatly on the size of your site traffic, the kind of people that come to your site and then the niche.

If you want total control on spam, it would be expedient to get the premium version of Askimet. It would take care all that pertain to spam comments from real people. I’ll write a blog post on it next week Monday by evening Nigeria time.

How else have you been combating comment spam on your website?

Francis 'Toke
Share This