Spam Free WordPress comment spam plugin blocks 100% of the automated spam with zero false positives, and with no CAPTCHA.
This plugin was born out of necessity in September of 2007. A comment spam fighting plugin was needed that could handle huge visitor traffic, and huge spam attacks. Today the plugin can scale to handle any amount of comment spam on the highest traffic blogs.
Spam Free WordPress Features
- Automatically blocks 100% of automated comment spam
- Local manual spam and ban policy set with local IP address blocklist
- Significantly reduces database load compared to other spam plugins
- Zero false positives
- Option to strip HTML from comments
- No CAPTCHA
- Saves time and money by eliminating the need to empty the comment spam folder
- Option to automatically delete comments marked as spam, trackbacks/pingbacks, and unapproved.
- Hundreds of thousands of Spam Free Blogs and Counting!
The plugin has the option to generate a custom comment list and comment form for themes that do not work automatically with the plugin.
Comment spam damages a blog’s SEO ranking. This plugin preserves your Search Engine Optimization.
The comment form is secured in the background, so your readers just see your comment form.
Automatically Blocks Automated Comment Spam
Spam Free WordPress several security methods to block spam bots, while allowing real readers to leave a comment without any problem. All security is pass or fail, which means a real person can leave a comment, but a bot cannot. There are no filters to try to guess what is a legitimate comment, ham, or spam.
Local Blocklist
Spam Free WordPress uses an IP address blocklist to block comment spam that is manually submitted by a real person. The blocklist can also be used to ban readers that leave offensive comments. The local blocklist is stored in the database, so it can be used to set policy for a local blog. If someone has their IP address listed in the blocklist that person can still read the blog, but will not be able to leave a comment.
Reduces Database Load
Comments that are blocked are never written to the database, which eliminates all the load on the database that spam creates, and other plugins allow. Blocked comments are sent to an error page that allows the reader to return to their comment, without a loss of data, to try to correct the error. Comments that are blocked have failed security methods that only spam bots would fail.
Option to Strip HTML from Comments
It is very common for manual and automated comment spam to include a URL that links to a web site. Spam Free WordPress has an optional feature that will automatically strip out HTML from comments, so URL links show up as plain text, and will also remove the allowed HTML tags from below the comment text box.
Pingbacks and Trackbacks
The plugin will close pingbacks and trackbacks on all posts and pages automatically when the plugin is installed, and it also has an option to open pingbacks again if so desired.
JetPack Comments
JetPack has introduced a Comments module that takes over the comment form. Spam Free WordPress disables the JetPack Comments module because it doesn’t work with any other plugin that manages the comment form. Spam Free WordPress plays nice with all plugins.
Spam Free WordPress in Action
Comment Form Example
The comment form is secured in the background, so your readers just see your comment form.
Spam protection is invisible to the reader.
Installation Instructions
1. Upload to the /wp-content/plugins directory
2. Activate
3. Turn on the Spam Stats, and try to leave a comment to make sure it is working.
Support
Spam Free WordPress requires a free license key for support, and to activate advanced features, that you can get here.
Requirements
Self-hosted WordPress 3.1 or above. PHP 5 or above. Works with single-site, or multi-site, versions of WordPress.
Download
Download latest version of Spam Free WordPress
Troubleshooting version 1.9.3
Error Messages
Here’s what to do if the plugin displays an error message:
- Error message:
- “Spam Free WordPress disabled the comment form because it could not retrieve the password from the server. It may be necessary to do one, or all, of the following. Turn on the Old Password Fields option, turn off Nonce Security, or to turn on Generate Comment Form.”
- Solution:
- It may be necessary to do one, or all, of the following. Turn on the Old Password Fields option, turn off Nonce Security, or to turn on Generate Comment Form.
- Error message:
- “Spam Free WordPress nonce security check failed. Troubleshooting.”
- Solution:
- Uncheck the box next to Nonce Security.
- Error message:
- “Spam Free WordPress could not retrieve the password from the server. It may be necessary to do one, or all, of the following. Turn on the Old Password Fields option, turn off Nonce Security, or to turn on Generate Comment Form. Troubleshooting.”
- Solution:
- It may be necessary to do one, or all, of the following. Turn on the Old Password Fields option, turn off Nonce Security, or to turn on Generate Comment Form.
- Error message:
- “Comment blocked by Spam Free WordPress because your IP address is in the local blocklist, or you forgot to type a comment.”
- Solution:
- Either your IP address is in the plugin blocklist, which can be found under Settings >> Spam Free WordPress, or you did not type in a comment.
- If All Else Fails
- Switch themes.
- Disable all plugins until the problem plugin is found.
- Request help with the Spam Free WordPress support request form (must have a free license key, and must be logged in to use).
Comment form and Comment List Are Not Styled Properly
- Uncheck the Generate Comment Form box. If you then get an error message when leaving a comment, turn the Generate Comment Form option back on, because your theme isn’t working properly. The Generate Comment Form option that displays the comment list and comment form has a CSS style sheet that can be found in the plugin’s css folder where you can make changes. Be aware however, that css folder will be overwritten on plugin updates.
Plugins That Cause Problems
- Minify plugins such as WP Minify, Better WordPress Minify, W3 Total Cache etc. may need to have minification of JS files turned off, or you can have the plugin exclude the file: sfw-ipwd.js. Some minify plugins, like Better WordPress Minify, require a script handle rather than a filename, so the script handles that should be excluded are: sfw_ipwd. All of the Spam Free WordPress JavaScript files are already minified, or more correctly, compressed.
- Minify plugins can prevent JavaScript files from loading, or from loading properly.
Incompatible Plugins
- Disqus Comment System – Since it takes over your comments completely
- JetPack Comments module – Since it takes over your comments completely
Languages Supported
- English
- German – Deutsch (de_DE)
- Italian – Italian (it_IT)
- French – Français (fr_FR)
- Hebrew – עברית (he_IL)
- Japanese – (日本語 – ja)
- Chinese – 中文 (zh_CN)
- Hong Kong – (香港) (zh_HK)
- Taiwan – (台灣) (zh_TW)
- Swedish – Svenska (sv_SE)
- Norwegian – (norsk)
Free License Key Required
Spam Free WordPress requires a free license key for support, and to activate advanced features, that you can get here.
Hi,
I really love this plugin, but this whole click for password thing is confusing for users. A password for what? This needs either rewording or plugin files editing to explain it all and takes up space… and editing on every update.
May I suggest the ability to easily enter any text on the button/define the button size?
I see there’s an option to put some text above the comment area which can be used to explain things but the text remains when the password is generated. And…
I’d like to also suggest to hide the password if possible now that none needs to copy/paste it anymore since this string of numbers and letters looks kinda weird.
Thank you for your attention :o)
The plugin broke my website beyond repair. I installed it, updated it, and the latest updated version made it so that no one can post comments on any pages or posts of my website no matter what the settings are under Settings and Discussion. Nothing makes any difference. I posted the problem on the WordPress plugin forum and got no response and my issues was labeled as “resolved” automatically. I deactivated the plugin and deleted it, but now my website still cannot receive any comments of any kind on any page or post. For a blog, it’s ruined and there’s nothing I can do.
Will you please help? I didn’t do anything to you except download a plugin I hoped would work and now that my blog is broken, I’m SOL.
Hi, I have tried now to use it on a multilanguage site (qtranslate) but the Polish partly translation I used was not picked up. I used qtranslate tags inside function file and it works. How do I make a translation picked up when using 2 languages at least? Anyone here having simmilar problem?
I don’t have a Polish translation yet for Spam Free WordPress. When version 1.75 comes out in the next hour, perhaps you could translate it using POEDIT, and send me the files so I can add them to the next release. This may solve part of your problem. (3:22 am on August 12, 2012)
I did it for my self, I have translated only the line “Click password…” using POEDIT and placed the Polish file in the language folder of the plugin but it didn’t work. Are you sure that it works with qtranslate with two languages? I will test the new update from today and see if it works. I agree with comment above, the line “Click for password” maybe could be changed to “Click to comment”?
Ok, just installed the latest version.
On firefox, on my comment form, and yours, there is no hand or arrow when hovering over “Click for password”. No problem with chrome. Didn’t try with explorer or safari (ipad).
Can you please fix this ? it is minor to a webmaster, but probably confusing to a user.
Thanks
It is now fixed in version 1.75 coming out tonight. Thank you for the suggestion. (2:16 am on August 12, 2012)
New version is not as good. Blocks some valid users. Disabled.
What is your definition of a “valid user?”
The plugin works exactly the same as before. The only difference is that it requires JavaScript now, and it notifies the reader to turn on JavaScript to leave a comment if JavaScript is disabled. (5:52 pm on August 11, 2012)
Since the 1.7 Update, the integration with “Social” (http://wordpress.org/extend/plugins/social/) is broken. Before it was working smoothly together. Now only one or the other works, so we had to remove “Spam Free WordPress”. is that a bug or a feature? Or whw can we switch back to 1.6?
I read through the Social plugin code, and it takes over your comment form, so here’s what you need to do:
Go to Settings > Spam Free WordPress, and change “Autogenerated Comment Form” to “Off.” (4:19 pm on August 11, 2012)
Hey Todd, thanks for the fast answer.
I did that, with no effect. the plugin does not work as it should, because the password field is missing and a new user’s comment is blocked by “Spam Free WordPress”. additionally, Social’s comment display is disabled by your plugin, actually I suppose social is disabled completly by it. I don’t understand the problem. url is http://greenbyte.ch with both plugins turned on.
BTW: the german translation is a complet disgrace of our language: not understandable. I can do it for you, because I like the plugin a lot, when it was working.
Completly reworked German Translation Files
http://dl.dropbox.com/u/56752831/spam-free-wordpress-de_DE.mo
http://dl.dropbox.com/u/56752831/spam-free-wordpress-de_DE.po
I have included your translation files in the new version, which will be released in another hour or two, as I’m working in some other additions. Thank you very much for taking the time to translate. (12:56 am on August 12, 2012)
I will be releasing version 1.75 tonight. I discovered a code error that prevents the automatically generated comment form from being turned off. In the 1.75 version it will work as it is supposed to. Once you have 1.75 installed turn off the automatically generated form, and see if everything is working as it should be. (11:41 pm on August 11, 2012)
Yes, man! Thank you very much!
Hi, Todd,
I have the latest Spam Free WordPress.
During testing, I deliberately left the password empty, so after submitting, I get the corresponding error warning.
I then click on “Back” to correct it. I “Click For Password”, and the password gets filled in. I submit again, and get the following error:
“Comment blocked by Spam Free WordPress because your IP address is in the local blocklist, or you forgot to type a comment.”
My IP is definitely not in the local blocklist (which is empty), and I do have text in the comment section.
Any ideas ? Thanks
Caching, maybe ? I use W3TC …
Incidentally, there is no problem with your comment system here in your support forum …
Sorry, please ignore … I found the problem, it is indeed caching. I disabled all caching for the folder spam-free-wordpress, and all ok.
I am happy to see everything is working as expected. (1:09 pm on August 11, 2012)
thanks for the fix :)
i dont’t find your email here – can you send me one, so i can reply? i want you to mail a better german translation ;)
What is the URL of the blog you are using the plugin on? (6:26 am on August 10, 2012)
an old version is here http://holospirit.eu/blog/der-blick-in-den-spiegel/ (modified – click in the pw-field copys it in the other field)
the latest version is on an new page and at the moment under maintaince. i tell you when you could see it in action ;)
hi,
i have 2x
in my header and it’s loaded with “.js&ver=3.4.1″ — so i get a 404.
what can i do?
best regards and thanks for the plugin :)
…..wp-content/plugins/spam-free-wordpress/js/sfw-load-pwd.js&ver=3.4.1
script tag was cut off….
changes in 244
$js_path = SFW_URL . ‘js/sfw-load-pwd.js?’ . filemtime( SFW_PATH . ‘js/sfw-load-pwd.js?’ );
so it works – but why is it loaded twice?
could you please add a spinner for the button and hide it instant? sometimes it takes 5 secs while it generates the password.
I’m looking at it now. Will have an update ready in a few minutes. Thanks so much for notifying me of this issue. I will have to add a spinner on a different day, but I’ve put it on my to-do list. (5:18 am on August 10, 2012)
thanks a lot. i really love your plugin – it’s the best – i’ve tried a lot :)
Thank you Thomas. The fix is now ready in version 1.7.2. (5:48 am on August 10, 2012)
Is there anyway to change the style of the comment box?
Yes with Cascading Style Sheets. (12:39 pm on August 9, 2012)
Hi Todd,
My Blog: www.awildduck.com <== SpamFree stopped showing password fields
I wonder if my php page has changed with a recent WordPress update?!
In the past few weeks, SpamFree shows no password at all. My readers submit feedback, but next screen says to "GO BACK and enter the password". (Arrggh! There is nothing to enter!).
I had to deactivate the PlugIn–or else there is no feedback at all.
I see your comment about JetPack comments. But isn't this the form that SpamFree works with? How can I disable that? It includes all of the features that I have always used including Blog subscriptions, Gravatars, modersation, Foul language filters, etc. Wtihout the Comment feature, is there any reader feedaback at all?
Ellery
JetPack has a settings page that allows you to disable individual modules like the comments module. (8:20 pm on August 4, 2012)
Now I am really confused, Todd… If I disable Comments, how can readers respond? Isn’t the Comment Form the whole point?…
How can I deactivate the same form to which SpamFree adds the password fields? I have always used the Comment feature and SpamFree has always worked.
JetPack comments prevent your theme’s comment form from displaying, which is why Spam Free WordPress can’t work. Try it and you’ll see. (8:32 pm on August 4, 2012)
One other thing, Todd…
I looked at the JetPack Comment settings. There is no “deactivate”. It is just the usual WordPress reader comment feature options.
I very much respect what you do, but I’m really lost, Buddy! Are you aware of the breand new WP version update? Perhaps that new WordPress update might no longer be compatible with SFWP.
–Ellery
Follow these instructions:
http://jaspreetchahal.org/how-to-deactivate-jetpack-comments-system/ (8:47 pm on August 4, 2012)
Where, exactly, do you want JetPack Comments disabled? I can see only two possible screens — and neither offers an option to Disable or Deactivate:
(1) The JetPack features page has a tile for Comments. It offers “Learn More” and “Settings”.
(2) When you click :”Settings”, it takes you to two options at the bottom settings for WordPress Discussion settings. The options are “Greeting Text” and “Color Scheme”… There is nothing about deactivating.
Wow. This is frustrating! Again: Your plugin stopped working with this mornings WP upgrade.
Oh… Just saw your last comment after I posted mine. I will try “Learn More”. Seems an unlikely place to hide a control (under “Learn More” and not under “Settings”).
Thank you for this. I am really hoping that defeating this feature will not suddenly blow away a year of comments from my readers. It sure seems that JetPack is what I have used all along. But perhaps not.
Thank you for explaining the hidden JetPack Comment feature deactivate button.
My thoughts on both JetPack comment GUI and Spam Free WordPress conflict:
1. It’s a bit surprising that JetPack has such a glaring defect in it’s GUI. Imagine that an action button is hidden behind “Learn More” rather than under “Configure” or, even better, a separate top-level button. It’s ludicrous. With just a little common sense, this whole thread could have been avoided–as well as as the page that explains how to deactivate the JetPack Comment feature!
2. Now, you have shown me how to prevent Jetpack from conflicting with SpamFree Word Press, but good God, man! You are asking your users to shut down the biggest improvement to WordPress in months. One of the JetPack Comment features facilitates user login with Disqus, Facebook, LinkedIN and G+. That’s a critical feature…These popular social sites are quickly becoming the defacto method of logging in for reader feedback all over the web. It not only increases reader trust, it avoids the hassle of signing up for every little Dick and Jane Blog site. Finally, it helps to weed out Spam and get data on your visitor from a whole community new level.
You are asking your your users to choose between SFWP and quick/friendly reader login. Brother, that’s a very tall demand, and I fear that you may lose a lot of users.
Just my 2c
–Ellery
You are misunderstanding the issue. JetPack developers designed their modules to trap you into using only their JetPack plugin and modules like comments. JetPack will not allow any plugins to work with their software, so they are asking you to choose to become dependent on them, or to continue to have freedom of choice to use other software. I’m not asking anyone to choose which software to use, I simply offered you a solution to your stated problem. (9:18 pm on August 4, 2012)
in wordpress you told me:
“You are seeing pingback spam, not comment spam. To fix this go to Settings >> Spam Free WordPress, in the Pingbacks and Trackbacks section select “Closed,” then Save Changes.”
here: http://wordpress.org/support/topic/plugin-spam-free-wordpress-epic-antispan-but
Nope, I’m not seeing pingbacks, i’m seeing spam comments under my comment section, I have all ping and trackbacks closed and some spam sitill entering, I was only saying this for you to know, I’m really happy with your work, but I’m having a SPAM attack, now it says: 9,040 SPAM comments blocked, but some still entering
If you follow the directions in my comment the plugin will close pingbacks in older posts that may still have them open. To be sure the spam is only comments you can use the Comments page, then change “Show all comment types” to “Pings” and click filter to make sure the spam is not Pings. (2:38 pm on August 4, 2012)
Hi, I am not good at this I don’t know if I do this right. It is a little bit diffecult for me to understand I am Danish. Can you please help me install this? Thank you.
Can you provide a link to your WordPress blog? Are you having trouble installing the plugin, or are you having trouble making the password field show up on the comment form once the plugin is activated? (6:19 am on August 2, 2012)
I have trouble making the password field show up on the comment form once the plugin is activated, I can’t find out how to do sorry….my blog: http://www.rasmus-seebach.dk
I can fix this. Please visit http://www.toddlahman.com/spam-free-wordpress-support/ for instructions on how to get support to modify your comments.php file. (11:38 am on August 2, 2012)
Okay thank you I will try :-)
Todd, I hope you’ll respond to this. I TRIED to pay for support with Paypal (the wheel kept turning and turning, “processing, processing”…). After two minutes of that, I finally clicked on it and it said, “You have already paid; return to merchant”. But the paid support page I was on did not indicate that I could proceed to the next page and actually give you the link to the pastebin page where my comments.php code is (at http://pastebin.com/8Kgf95gR )…
All I was hoping for was a fix for the problem I’m having. I’m getting no spam comments, but also, I’m not getting ANY comments. After retyping in the password, a person’s comment is still not accepted (it goes to that error page, “retype the password”). I imagine this would be very frustrating for any of my friends who may have tried commenting in the last couple weeks. MAYbe there was a plugin disrupting this, so I deactivated everything except my online backup. Still not working. My friend informed me of this issue this morning, and despite trying to add a thing or two to the php code, I’ve had no success. Is spamfree wordpress just not designed for my “Showycase” premitheme?!?!
One of the PayPal options is having some issues, but your payment did go through. I left you a response at http://www.toddlahman.com/forums/forum/spam-free-wordpress/. (2:50 pm on August 1, 2012)
I would like to modify the comments.php file myself, I can. But how can get to it.
All I need is to change the text labels to be in Arabic language… simple, right?
I will be releasing a plugin version that is configured for translation, then you will be able to use Poedit to make a permanent translation file. (12:50 pm on July 31, 2012)
Thanks. Does that mean comments.php is not viewable and no one is allowed to modify it?
The password form field text on your comment form is generated by the plugin where it is not easy to modify. When using Poedit to generate a .mo file for the plugin, the translated text will appear without any changes to the plugin. The ability for the plugin to use a .mo file will be available in the next release. (3:40 pm on July 31, 2012)
This is a great plugin, thank you!
I am wondering if there is somehow to see the comment’s not being posted, ie I have had a few people say that the password doesn’t work, or isn’t working, or their comment isn’t being posted.
Thanks!
To test if it is working leave yourself a comment. The plugin works like this, if the visitor supplies the correct password the comment is accepted, if the wrong password or no password is supplied they get a message that says click back and enter the password. It’s a pass or fail authentication test. The plugin takes the stress off your database by not saving messages that fail the test. (1:47 pm on July 27, 2012)
This seems to work for comments but users can no longer get to my contact form. There’s a message that the server timed out. I use Contact Form 7; my theme is Continuum by Outer Spice Web Company sold through Themeforest. Everything worked before i activated this plugin — it looks great, I want it to work!
I don’t know how to edit/write code.
thanks,
Jane
Spam Free WordPress only works in the comment form, it will not work in a contact form, and will not affect the contact form. I haven’t added contact form capability yet. (12:36 pm on July 26, 2012)
Hi,
I am unable to copy the password and have to manually type it.
URL: http://alturl.com/pkopo
This is caused by a CSS issue in your theme. You can switch to another theme like Twenty Eleven to confirm this. The problem can be fixed with the appropriate changes to your style file. (11:48 am on July 25, 2012)
can you give me a hint what I need to change?
Hi Experts,
Please look into this Pastebin.
http://pastebin.com/3h3HtqkE
Thanks in advance!!
:)
Please use this link to request comments.php support.
http://www.toddlahman.com/spam-free-wordpress-support/ (4:06 am on July 25, 2012)
Hi,
would be great if you can take a look: http://pastebin.com/2qhVzb6y
JT
It’s set to “Private,” which means only you can see it. (8:48 pm on July 24, 2012)
Never mind. Figured it out.
I’m using the Mantra theme on my site at http://ohrh.law.ox.ac.uk/?p=1 and while it all works perfectly well in Firefox and IE, if I look at the site with Safari (on pc or Mac) or Chrome, or Opera, then the password field appears in the wrong place, a few lines high and obscuring the ‘Name’ field. Try it and see.
Unfortunately, this is a corporate (actually, university) multi-user installation and mere humble local admins like me running one or two blog instances don’t have ftp access to the core of it, so I can’t get at comments.php, or whatever variant is being used by this theme. I can, however, edit the stylesheet, if that offers a fix.
(It may or may not be relevant that the page currently fails HTML Validation on the very next line, with my test utility reporting, ‘Error: Bad value for attribute tabindex on element input: The empty string is not a valid integer.’)
That ‘very next line’ referred to in the previous post is of course:
input type=’text’ name=’passthis’ id=’passthis’ value=” size=’20′ tabindex=”
The tabindex validation error is fixed in the next version release.
The problem is in your CSS file. You will have to find the areas that deal with the comment form, and edit it accordingly. (7:02 pm on July 24, 2012)
I use Intense Debate. Am I able to use your plug-in with that? If not, there are several plug-ins available from the Intense Debate dashboard. Could you make yours available with them?
Intense Debate takes over your comments, and it does not provide any hooks for Spam Free WordPress to insert a password field. (11:05 pm on July 20, 2012)
Hey Todd, The plugin is not working… below is a copy of my comments.php
The site is here: www.whereintheworldischarliegraham.com
Looking forward to getting this working properly.
Thanks in advance!
Charlie
Please use this link to request comments.php support.
http://www.toddlahman.com/spam-free-wordpress-support/
Be sure to use pastebin.com to post your comments.php file code as it says in the instructions.
(4:07 am on July 18, 2012)
I like this. Very nice. I appreciate you making a good spam killer available to everyone.
your plugin – so it seems – rejected 100′s of comments in my site. for no reason.
There was a reason. The plugin is very simple. If a visitor types in the correct password, then the comment is accepted, if the visitor types in no password or the wrong password, then an error message is displayed.
There is also one more possibility. If you don’t see a password field on your comment form then all comments will be rejected, until you modify your comment form to work with the plugin, if your comment form does not use the comment_form() function required for the plugin to work automatically. This is most likely the problem on your blog.
This pages explains all this so these problems can be avoided. User error is not something the plugin can solve.
It’s too bad you gave up so easily, since there is a Hebrew translation for the plugin coming out soon. (2:49 am on July 17, 2012)
I will agree with Todd, i have been facing the same problem you will have to call the plugin in the comments page until you can see it then it will work.
Todd Thank you for the good work you have saved me the spam i was manually deleting every day. Cheers