Spam Free WordPress comment spam plugin blocks 100% of the automated spam with zero false positives, and with no CAPTCHA.
This plugin was born out of necessity in September of 2007. A comment spam fighting plugin was needed that could handle huge visitor traffic, and huge spam attacks. Today the plugin can scale to handle any amount of comment spam on the highest traffic blogs.
Spam Free WordPress Features
- Automatically blocks 100% of automated comment spam
- Local manual spam and ban policy set with local IP address blocklist
- Significantly reduces database load compared to other spam plugins
- Zero false positives
- Option to strip HTML from comments
- No CAPTCHA
- Saves time and money by eliminating the need to empty the comment spam folder
- Option to automatically delete comments marked as spam, trackbacks/pingbacks, and unapproved.
- Hundreds of thousands of Spam Free Blogs and Counting!
The plugin has the option to generate a custom comment list and comment form for themes that do not work automatically with the plugin.
Comment spam damages a blog’s SEO ranking. This plugin preserves your Search Engine Optimization.
The comment form is secured in the background, so your readers just see your comment form.
Automatically Blocks Automated Comment Spam
Spam Free WordPress several security methods to block spam bots, while allowing real readers to leave a comment without any problem. All security is pass or fail, which means a real person can leave a comment, but a bot cannot. There are no filters to try to guess what is a legitimate comment, ham, or spam.
Local Blocklist
Spam Free WordPress uses an IP address blocklist to block comment spam that is manually submitted by a real person. The blocklist can also be used to ban readers that leave offensive comments. The local blocklist is stored in the database, so it can be used to set policy for a local blog. If someone has their IP address listed in the blocklist that person can still read the blog, but will not be able to leave a comment.
Reduces Database Load
Comments that are blocked are never written to the database, which eliminates all the load on the database that spam creates, and other plugins allow. Blocked comments are sent to an error page that allows the reader to return to their comment, without a loss of data, to try to correct the error. Comments that are blocked have failed security methods that only spam bots would fail.
Option to Strip HTML from Comments
It is very common for manual and automated comment spam to include a URL that links to a web site. Spam Free WordPress has an optional feature that will automatically strip out HTML from comments, so URL links show up as plain text, and will also remove the allowed HTML tags from below the comment text box.
Pingbacks and Trackbacks
The plugin will close pingbacks and trackbacks on all posts and pages automatically when the plugin is installed, and it also has an option to open pingbacks again if so desired.
JetPack Comments
JetPack has introduced a Comments module that takes over the comment form. Spam Free WordPress disables the JetPack Comments module because it doesn’t work with any other plugin that manages the comment form. Spam Free WordPress plays nice with all plugins.
Spam Free WordPress in Action
Comment Form Example
The comment form is secured in the background, so your readers just see your comment form.
Spam protection is invisible to the reader.
Installation Instructions
1. Upload to the /wp-content/plugins directory
2. Activate
3. Turn on the Spam Stats, and try to leave a comment to make sure it is working.
Support
Spam Free WordPress requires a free license key for support, and to activate advanced features, that you can get here.
Requirements
Self-hosted WordPress 3.1 or above. PHP 5 or above. Works with single-site, or multi-site, versions of WordPress.
Download
Download latest version of Spam Free WordPress
Troubleshooting version 1.9.3
Error Messages
Here’s what to do if the plugin displays an error message:
- Error message:
- “Spam Free WordPress disabled the comment form because it could not retrieve the password from the server. It may be necessary to do one, or all, of the following. Turn on the Old Password Fields option, turn off Nonce Security, or to turn on Generate Comment Form.”
- Solution:
- It may be necessary to do one, or all, of the following. Turn on the Old Password Fields option, turn off Nonce Security, or to turn on Generate Comment Form.
- Error message:
- “Spam Free WordPress nonce security check failed. Troubleshooting.”
- Solution:
- Uncheck the box next to Nonce Security.
- Error message:
- “Spam Free WordPress could not retrieve the password from the server. It may be necessary to do one, or all, of the following. Turn on the Old Password Fields option, turn off Nonce Security, or to turn on Generate Comment Form. Troubleshooting.”
- Solution:
- It may be necessary to do one, or all, of the following. Turn on the Old Password Fields option, turn off Nonce Security, or to turn on Generate Comment Form.
- Error message:
- “Comment blocked by Spam Free WordPress because your IP address is in the local blocklist, or you forgot to type a comment.”
- Solution:
- Either your IP address is in the plugin blocklist, which can be found under Settings >> Spam Free WordPress, or you did not type in a comment.
- If All Else Fails
- Switch themes.
- Disable all plugins until the problem plugin is found.
- Request help with the Spam Free WordPress support request form (must have a free license key, and must be logged in to use).
Comment form and Comment List Are Not Styled Properly
- Uncheck the Generate Comment Form box. If you then get an error message when leaving a comment, turn the Generate Comment Form option back on, because your theme isn’t working properly. The Generate Comment Form option that displays the comment list and comment form has a CSS style sheet that can be found in the plugin’s css folder where you can make changes. Be aware however, that css folder will be overwritten on plugin updates.
Plugins That Cause Problems
- Minify plugins such as WP Minify, Better WordPress Minify, W3 Total Cache etc. may need to have minification of JS files turned off, or you can have the plugin exclude the file: sfw-ipwd.js. Some minify plugins, like Better WordPress Minify, require a script handle rather than a filename, so the script handles that should be excluded are: sfw_ipwd. All of the Spam Free WordPress JavaScript files are already minified, or more correctly, compressed.
- Minify plugins can prevent JavaScript files from loading, or from loading properly.
Incompatible Plugins
- Disqus Comment System – Since it takes over your comments completely
- JetPack Comments module – Since it takes over your comments completely
Languages Supported
- English
- German – Deutsch (de_DE)
- Italian – Italian (it_IT)
- French – Français (fr_FR)
- Hebrew – עברית (he_IL)
- Japanese – (日本語 – ja)
- Chinese – 中文 (zh_CN)
- Hong Kong – (香港) (zh_HK)
- Taiwan – (台灣) (zh_TW)
- Swedish – Svenska (sv_SE)
- Norwegian – (norsk)
Free License Key Required
Spam Free WordPress requires a free license key for support, and to activate advanced features, that you can get here.
Hi,
Can you please help me?
I’ve changed a lot to the comment form and now i don’t know where to put the code to make the password field show up.
I’ve copied the code of comments.php here:
http://pastebin.com/xz1ppbJE
The website is www.littlelifestyle.nl
Ellen
Your comments.php file already appears to have the required comment_form() function, so it should work automatically. Check to make sure Spam Free WordPress is activated in the plugins page. Otherwise you will need to go back to the comments.php file you were using before Spam Free WordPress stopped working. (5:23 pm on July 16, 2012)
I use spam free wp, but when i want to change design of the comments with Jetpack Comments, and if somebody want to write a comment appear “Click back and type in the correct password. (Spam Free WordPress)”
I think JetPack Comments is not compatible with Spam free WP? What can i do? Because i want to keep Spam Free WP, but i like to change design the comments section with Jetpack.
sorry. now i find this:
JETPACK COMMENTS
JetPack has introduced a comments plugin that takes over the comments, and removes all hooks that other plugins, such as Spam Free WordPress, can use to access the comment form. If you want to use Spam Free WordPress you must disable JetPack comments first.
now i understand.
Hi-
Here is a link to my comments.php file. I don’t know why the plugin stopped working all of a sudden. It was working fine until today. This is somewhat urgent as my client is running a comment contest on his blog, and people are unable to comment – it’s asking for the password, but the password box is gone.
Thank you! I hope this is the correct place to past this link!
http://pastebin.com/gAw6khLc
I can fix this.
Please use this link to request comments.php support.
http://www.toddlahman.com/spam-free-wordpress-support/ (12:25 pm on July 11, 2012)
Have you seen spam free wordpress break using the new socratese theme (3.0)? If there is a break, then ok. Otherwise I will send comments.php to pastbin. Tried the fix you recomment with removing but no go.
Paste your comments.php to pastebin.com, and I’ll reply if I can fix it. If I can use this link please: http://www.toddlahman.com/spam-free-wordpress-support/ (6:54 pm on July 10, 2012)
I was curious if you considered creating something like this to add to the registration form.
I am considering it. (1:05 pm on July 9, 2012)
Hi there! I ‘m so grateful for your spam plugin. However, I can’t get the password form to show up! I don’t know if is just me since my FIL died a couple of weeks ago and we just got back home and I can’t think..lol..or what? Can you please help me get it up and running properly?
Thanks so much,
KimberlyRae
My website is http://kreationsbykimberlyrae.com/blog/wp-admin/theme-editor.php?file=comments.php&theme=KimberlyRae
The link in your comment can only be used by the administrator, who must login to your WordPress dashboard.
Please use this link to request comments.php support.
http://www.toddlahman.com/spam-free-wordpress-support/ (1:10 pm on July 9, 2012)
Hi there,
Hoping you can help with:
http://pastebin.com/i08FEYz1
Thanks!
That is not a comments.php file for a theme, it is a file filled with functions for comments. Look for the file at /wp-content/themes/you-theme-name/comments.php (1:48 pm on July 7, 2012)
Here you go.
Thanks again
http://pastebin.com/7ZwbU9fG
Please use this link to request comments.php support.
http://www.toddlahman.com/spam-free-wordpress-support/ (1:07 pm on July 9, 2012)
Hi,
I have been using this plug-in for a while and worked fine until few weeks ago. When I checked, “blocked spam comment” increased every time. But now “blocked spam comment” stayed same for few weeks. Every time I checked, same number there/42,861…..
I am wondering if it is working fine.
Thanks, Motoko
Disable JetPack comments since it takes over the comment form, and prevents all plugins, including Spam Free WordPress, from hooking into the comment form. (10:55 pm on July 5, 2012)
Hi Todd,
Thank you for your advice. I deactivated JetPack and it started working fine now.
Motoko
Hi there. I activated your plug-in 7 days ago. I received over 1200 comments in just over a month and for the last 7 days I have had none, except for 1 from my husband because he tested it. I feel as though something is going wrong. I mean I know I got some spam but I did get a lot that weren’t spam. Just wondering if there is some way to monitor this or some settings I haven’t got right? The password bar is showing up and jetpack comments is disabled so it all seems to be running correctly. Any ideas? If you want you can have a sticky beak on marionfroome.com/freeinfo maybe you can see what’s going on? Thanks heaps, Marion
I left a test message on your blog, and the plugin is working properly.
I noticed your blog is using a translation plugin. I have a premium plugin coming out in a few days that will speed up your blog’s translations by 75%. It will be listed under the Premium Plugins menu item when it is released. (1:56 am on July 4, 2012)
Hello Todd,
I came across the link to Spam Free WordPress while commenting on a blog that was using it. It seems like the perfect solution to all the spam comments I’m having to moderate. But then while reading through the comments I noticed that there is a problem with JetPack interfering with your plugin working properly. Has this issue been solved? And if not, does JetPack have to be completely disabled in order for your plug in to work?
Sue
JetPack has a bunch of modules. One of those modules is for comments, and it is the comment module that must be disabled for any comment plugin to work, including Spam Free WordPress (7:27 pm on July 3, 2012)
First of all: Is there a chance of localizing the plugin (german (and other languages!) translation) by now? Am i too blind to see it?
Do you use .po/.mo files? Would really appreciate this!
And secondly: I’m using tarskitheme.com which totally uses a different comment.php it seems. Please give advice, how to change the code (see http://pastebin.com/XE8FMgC9) so i can use you great plugin.
Maybe even add it to the special cases inside the plugin?
There’s some caffeeine waiting for you! ;)
Thanks for your help, dude!
http://www.toddlahman.com/spam-free-wordpress-support/
Use the link above to get help modifying your comments.php file.
The soon-to-be-released next plugin version has a German translation file. Both the .mo and .po will be included for each language to make it easier to correct any translation errors. The next plugin version will be released either this week or next, depending on how busy my schedule is. (1:14 pm on July 3, 2012)
So cool, thanks a lot, so i’ll be waiting for the german version and will go on then with the support, if i do not get along with it!
Do you need help with the translations or is there anyone around already, who’ll be doing it? Let me know via mail, if you are interested in help for german and french.
I would like someone to correct any errors in the German and French translations, so I will be contacting you. (2:44 am on July 4, 2012)
I’ve been trying to figure out why the “copy this password” line disappeared off my form, and discovered that JetPack for WordPress’s comment feature interferes with your plugin. So I disabled JetPack’s commenting and the line appears again now. Just thought I’d add this in case someone else has the same problem.
Thank you for pointing this out. This has been commented on before, and since there are so many comments I will add this to the page here. JetPack takes over the comments section, and removes all the hooks developers could use to interact with the comment form, thus eliminating any access Spam Free WordPress has to the comment form. Not sure why Auttomatic isn’t playing nice with their JetPack plugin, but until they do I recommend not using JetPack. (3:06 pm on July 2, 2012)
I’m too unsure/ scared to edit the code in the php file…..
Can you take a look at the paste bin and let me know what needs changing.
http://pastebin.com/SFhbKYrr
That is a core WordPress file, and should not be changed. The file you are looking for is located in /wp-content/themes/yourthemename/comments.php (6:57 pm on July 1, 2012)
Donated. Frustrated. LOL. I am using a theme entitled “Panacea” from a WP template club known as RocketTheme. There isn’t a comments.php in my editor. There is a single post.php file, which contains a couple lines of code for comments. I don’t know PHP and won’t touch it (you’re right when you say not to touch PHP unless knowledgable about it). Am I out of luck since I’m using a RocketTheme template?
It sounds like it could be a child theme. Check to see if there is a /wp-content/themes/yourthemename/comments.php. (4:58 pm on July 1, 2012)
I have three potential files…
In the root html folder, there is a file entitled “wp-comments-post.php” 3.44 kb
In the wp-includes folder, there is one file entitled “comment-template.php” 53.5 kb and another file near it entitled “comment.php” 65 kb
None of those 3 files should be touched.
The file you need is in /wp-content/themes/yourthemename/comments.php. If it is not, this might be a good time to switch themes. (6:55 pm on July 1, 2012)
No comments.php file exists. I can’t switch themes, have spent too much money getting the current template modified for client. I really like how your spam blocker works. Bummed out. :(
In the EDIT POST area of my theme’s control panel…I scroll down and pretty far down there is a custom field that has this in it: sfw_comment_form_password
And then beside it is another field that has Password: zgnPhXM0fvjo
It seems like it’s so close to working. Would you be open to me emailing you the hosting provider credentials so you can look? RocketTheme has been providing WordPress templates for years now. Surely they have a comments.php file but have just named it differently.
I suggest utilizing the RocketTheme support forum for help locating the correct file to edit the comment form. (9:57 pm on July 1, 2012)
Can’t figure out how to do this:
“Post all of the code from your original comments.php file to Pastbin, paste a link to that code here, and I will reply with a link to pastebin with the new code for your comments.php file.”
Not a techie … just a writer … and now am being told that there’s no “captcha” to copy.
Please take a look: http://www.compellingconcepts.com/
http://pastebin.com/ (1:40 pm on July 1, 2012)
Don’t understand the response — I’m supposed to do something with pastebin?
Can you e-mail me? Phone me? Will buy more coffee.
Have “Deactivated” until this is resolved.
I have refunded your donation. If in the future you are able to locate your comments.php file, and can copy and paste the contents to pastebin.com, then you can purchase support using this link http://www.toddlahman.com/spam-free-wordpress-support/. (4:22 pm on July 2, 2012)
Hello!
Can I add a label for passwords fields (like Name and Email have), I tried myself but always got an “unexpected T_STRING” error.
Will and break this antibot shield?
Thanks
If you’re not familiar with PHP programming it is best to not tinker with it. (3:53 am on July 1, 2012)
I also added a “readonly=’true’” for first password filed (this will protect against accidental deletion of password by user).
And maybe wp_kill is not the best solution? Can I make a page with an automated “Back” redirection within 3 sec or by manual link activated at choice? Or will this also kill all protection idea?
Thanks
The first password field isn’t saved with the form, so there’s no point in adding readonly to it. The password field the reader fills out is the field that is saved with the form.
The point of having the script die on password failure is to kill the script to preserve those resources if it is getting hammered by automated bots. Creating an automatic redirect means a bot would not have to click the back button to return to the form, which defeats the whole human test. (12:30 pm on July 1, 2012)
Sorry for annoyance, but what do you think about the security of the following changes:
http://pastebin.com/A2htZUEn
used javascript if needed (simple redirection with timer):
http://pastebin.com/nNqYGjPZ
Assigning name and id for the first passw field can make it open for copy/paste bot, can’t it? May I leave only “id” parameter?
About redirection: Can bots go to previous page by executing simple javascript, php or html code? Or are they useless as long as I don’t help them with auto redirection?
About “readonly”: User can erase the code by pressing a key “C” without “Ctrl” (it happens sometimes) while trying to copy it. And he would have to refresh the page for getting new code.
All my changes make this system more user-friendly…
Thanks
I have something else in mind. It will take some time for me to complete it, but I’m sure you will like it. (2:43 am on July 4, 2012)
Great plugin. Using a customized thematic theme, the “copy this password” field is not stopped on in the tab order. The “type or paste password here” field is the one that is jumped to via the tabindex setting. “copy this password” is last on the page. Any idea?
Set the Tab Index value in the plugin settings page. (11:12 am on June 28, 2012)
Here is a link to my comment php…can you help me getting your code installed correctly? Thanks!
http://pastebin.com/FkGygFpn
1. Make a backup copy of your comments.php file
2. Go to this link, http://pastebin.com/C471Ms6k, and use the code in the “RAW Paste Data” section to replace all the code in the comments.php file.
The pizza on your blog looks delicious.
(11:48 pm on June 27, 2012)
Hey Todd… need serious help on this… can’t get it to use the passord correctly. Can you email me for login details?
my original form is still showing so i have two forms…
Thanks sooo much.
my original form is still showing so i have two forms…
Post all of the code from your original comments.php file to Pastbin.com, paste a link to that code here, and I will reply with a link to pastebin with the new code for your comments.php file. (2:32 pm on June 27, 2012)
Hi Todd,
Can you give me the new code I should be using
http://pastebin.com/raw.php?i=htA9JJv7
Thank you!
1. Make a backup copy of your comments.php file
2. Go to this link, http://pastebin.com/VRQzitiM, and use the code in the “RAW Paste Data” section to replace all the code in the comments.php file. (2:38 pm on June 27, 2012)
Todd,
Where is the comments.php I dont see the file in the plugin, please advise. Thanks.
Look in the /wp-contents/themes/name-of-your-theme-directory (3:35 pm on June 26, 2012)
Todd,
Would you help me update my comment.php file?
http://pastebin.com/raw.php?i=D35nmUiM
Site is : http://www.eftmagic.com/blog/
Thanks
A
1. Make a backup copy of your comments.php file
2. Go to this link, http://pastebin.com/gT4j545N, and use the code in the “RAW Paste Data” section to replace all the code in the comments.php file. (3:46 pm on June 26, 2012)
Thanks,
I’ve pasted in the new code. Yet I still don’t see password boxes etc.
Do I need to change anything in my WP>Settings?
Thanks
A
The password field is displaying, so I left a test message to let you know it is working. (2:43 am on June 28, 2012)
Thanks, seen and got. All brill.
Thanks
A
Hi Todd,
Is your plug-in compatible with the Facebook Comments Importer plug-in? I use that plug-in to bring in comments from my Facebook fan page. I would like to keep that happening but Akismet/Bad Behavior are not doing enough for me. Thanks for any advice.
- Oliver
If you can see the password field on the comment form, then Spam Free WordPress is working.
Facebook Comments Importer imports comments, and doesn’t change the comment form, so should be compatible with plugins like Spam Free WordPress. (3:38 pm on June 26, 2012)
Hey, Todd.
Could you answer with the new code?
http://pastebin.com/ZQMK2sJ0
Cheers
1. Make a backup copy of your comments.php file
2. Go to this link, http://pastebin.com/LyjGRfqu, and use the code in the “RAW Paste Data” section to replace all the code in the comments.php file. (7:17 pm on June 25, 2012)
Is there any way this could be added to a contact form? I have the Village form and would like to add this.
There are plans to add this feature. (7:12 pm on June 25, 2012)