Usually, spambots is run in a botnet. Botnet is a network which consists of computers that are controlled by black-hat hackers. If suddenly your friends complained that you send them spammy messages from your email/instant Messenger, check your PC. Your PC may already become a botnet members.

Back to the topic of this post, this blog is used to be plagued by many spam comments/trackbacks. But with my recent configuration, I am confident that it will able to thwart most of the spam comments without causing too much of irritation to the good visitors of this blog.

If you think your WordPress blog is currently being targeted by spammers, you should try these two WordPress plugins will keep them at the bay:

1. Akismet

Akismet works by intercepting all submitted comments & trackback. It will submit the comments and trackbracks to their web service for test. If the result turns out positive, it will allow the comments/trackback. If negative, they will go to spam folder. I highly recommended you to use Akismet.

2. Spam Free WordPress

Although Akismet is good, it’s not enough. With Akismet, the comments/trackbacks are still be saved in the database anyway. So if you have many spambots posting comments to your blog, it could slow down your blog. Because of that, I recently deployed Spam Free WordPress. This plugin works by generating a unique password for each post. This way, a spambot can’t directly hit you with a FORM submit. Instead, it needs to download the whole page, parse the HTML, extract out the password, and finally submit the FORM.

So yes, this plugin has a weakness. But parsing a whole page is not economical to the spammers, so this plugin will deter most of the spammers. But if they somehow managed to submit the spammy comments/trackbacks, Akismet will be ready to catch them and throw these SOB to the spam folder.

Conclusion

Once you have these two plugins deployed in your blog, your blog will have two security layers to defend from spambots attacks. On the outer layer you have Spam Free WordPress plugin that requires the bot to read the post before posting. And there’s Akismet standing behind, ready to catch any comments/trackbacks that managed to bypass Spam Free WordPress.

Goodluck with your blog!