Spamming despite the plugin | Peter's Custom Anti-Spam for WordPress | Forum

Back to the custom anti-spam plugin page

Please consider registering

Log In

Lost password?
Advanced Search

— Forum Scope —


— Match —


— Forum Options —


Minimum search word length is 4 characters - maximum search word length is 84 characters

Topic RSS
Spamming despite the plugin
March 17, 2008
8:52 am

Hi there,

I've had your plugin installed for about a year after getting fed up with the level of spam comments trying to get onto my site. Recently I had some issues with the site where all the plugins would become disabled and the site effectively broke. I was getting spam coming through as well.

After upgrading WP to try and get round that, I noticed your plugin had a new release so I decided to upgrade that too (3.0.2).

Problem is now that the spam comments are still coming through. The plugin appears to work for me - i.e. I logout and try and add a comment and the plugin makes me put in the antispam word or does not let me proceed.

Is there something I am missing, or a hole I might have left open somewhere, that is letting these spam messages through? Surely it can't be actual people doing this (and therfore breaking the antispam protection)? :-S

The site is and any help or suggestions would be welcomed.

March 24, 2008
2:23 am
Forum Posts: 841

Sorry for the slow reply; I've been away from the computer for the past week.

Generally, if your own tests confirm that the plugin is working, either someone has cracked the anti-spam plugin on your site (quite possible) or there is a registered user that is bypassing the anti-spam protection. If it is the former case, you can try adding new fonts, switching up the words, trying the random or math versions, or, sadly, try a different anti-spam plugin. The latter case can be tested by simply forcing registered users to enter the anti-spam word.

Also, is the blog part currently broken?

March 25, 2008
8:21 am

Urggh. Thanks for the reply - yes currently my site seems to lose all its plugins every couple of weeks, which at present breaks the site.

It's my first major blog site and it's proving too hard to climb the learning curve without doing it full-time. And it is looking like the company wants to move to a different, easier to admin blogging platform so this may well become moot.

There are only 3 registered users to the site, and it is possible one of those has been hacked I guess, though none of the spam shows any sign of having come from one of those accounts.

I tried adding more words and it appeared to have no effect. I haven't added more fonts, as it didn't feel like this side of things (like adding words) would help (which it didn't), though obviously I don't know the workings of the font files in relation to spam protection for your plugin.

A more likely idea would be to try your maths plugin as an option - but when it is almost certain I will have to change up the site for a new blogging backend, the drive to sort it out is withering.

Thanks for getting back to me though! Until a month or two back your plugin was giving ace service - I just wish I knew what had changed. :-)

April 16, 2008
10:31 pm


Thanks for this great plugin, I installed it a long time ago and was thinking about disabling the Akismet plugin because no more spam was coming in. Fortunately I didn't! Recently spam is found again in my Akismet queue, so I guess your plugin has become popular enough that it was worth cracking it ... congrats???!!! ... I have updated to the last version 3.0.3 but I don't think it will stop them... spammers are just getting worse every day.

A few things I would like to comment:

My comment form requires entering a valid email but spam comes with no e-mail (blank field on wp_comments) so I'm not sure how they're calling the wp-comments-post.php script and bypassing the e-mail requirement.

The user-agent of these spammers is "Jakarta Commons-HttpClient" various versions so I'm thinking about blocking this user-agent.

My blog is in spanish ... so everytime I update the plugin, I have to update all the messages from English to Spanish. Could you please put these messages in a separate file?

I tried to use it with the subscribe-to-comments plugin and the captcha is no longer recognized, it always returns "anti-spam word is invalid".

Thanks again for this great plugin!


April 16, 2008
11:19 pm
Forum Posts: 841

Hi Quique,

Thanks for your input. If bots do crack the words that you use, you can always try switching up the words or install the math or random anti-spam varieties.

I will look into separating the translation information. In the meantime, just remember to copy those settings into a separate file before upgrading.

If the spammers that you are getting are bypassing the e-mail requirement, that means they are bypassing the WordPress comment checks altogether. That is a bit of a mystery to me. Perhaps they have gotten access to your file system?

I just tested this plugin with the subscribe-to-comments plugin and they work fine together. Perhaps the problem you are having is caused by something else?

May 9, 2008
12:20 pm

Hi Peter,
Great plugin. Was using it on our site for a couple of years, with great success. We recently had to disable everything, though, and restart with the latest WordPress (2.5.1, I think; we hadn't been keeping up to date). As a result, we were without our plugins when we relaunched, and were promptly inundated with spam, mostly from one source (concerning ringtones). The comment spam seemed to be hitting every post (though no in any identifiable order) in our two-year history. Once we got your plugin (the most recent version) up and running yesterday, there has continued to be spam from this same source, without an email address (as a commenter above noted). Can there be a lag in how soon the plugin can stop spam from coming? Also, does the fact that no email is included mean, as above, that the problem runs deeper than the comments section?

Thanks for your help.

May 9, 2008
12:27 pm
Forum Posts: 841

Hi Drew, no there shouldn't be a lag. This spam might be coming:

- from a registered user account (make sure the plugin forces registered users to enter the anti-spam word [there's a setting for that] OR lock down all registration)

- from pingbacks or trackbacks (I simply block those)

- someone might be manually spamming you

- a spambot might have cracked the image

For the latter two cases, you can simply put the spammer's IP in your installation's block list (see Settings > Dicussion > Comment Blacklist) or use the .htaccess file to block the spammer's IP from even accessing your site (do a Google search for that). This isn't a foolproof solution since IP addresses can be spoofed, but it helps.