In WordPress, you can choose how to moderate comments. I HIGHLY recommended that you moderate all comments!
If you have “Comment author must have a previously approved comment” selected in “Discussions” under Settings in the WordPress Admin dashboard, you’re exposing your blog to comment spam and links to malicious sites. If you feel that this is a hassle to moderate every comment, than you can select WordPress to notify you anytime a comment is held in moderation.
In your WordPress Admin area, go to Settings and click on Discussions. You should see “Discussion Settings” on your dashboard. Check the following boxes as picture below.
By selecting these options, you will protect your blog from comment spam and links to malicious sites. You know the old saying, fool me once shame on you, fool me twice shame on me. It’s important to understand that once your blog becomes infected with links to bad sites (also called neighbors), you’re jeopardizing the reputation of your blog.
If your blog has the NoFollow attribute removed, you’re passing a vote to all external links on your site in Google’s eyes. It’s like being an accomplice to a crime, so to speak. You could get your site removed from Google’s index.
Here’s an example of a comment author that I approved, who came back and left a second comment with a link to a malicious site.
First Comment
Blog Post: Beware of Fake Swine Flu Emails
Comment: It’s a shame that people pray on other people during a time in which we are all vulnerable to this Flu. I just hope when they answer to god, they get what they deserve.
URL: http://www.good-web-site.com
Second Comment
Blog Post: The Best Antivirus for Removing Malware
Comment: This is awesome, keep them coming! Again, very useful information.
URL: http://www.malicious-site.com
I left out the actual URLs to prevent anyone from clicking on the links. The comment author had the same email and IP for both comments.
This person was able to get under my radar, pretty sneaky.
“It’s HIGHLY recommended that you moderate all comments!”
Highly recommended by…. whom? Can you source that comment?
There are several very good antispam plugins available for WordPress that will eliminate 98% of all spam attempts. In light of that I would say it is a better user experience to post comments automatically, assuming those that get past the bot checks have good intentions, then retroactively moderate by removing anything that crops up.
Perhaps adding a few “bad words” to push things most likely to be egregious into a moderation filter, but honestly, i odn’t even do that.
Dane,
Not all comments look like spam. I highly recommend it! If you rely on Akismet alone, you are still vulnerable. My post explains that if you have “Comment author must have a previously approved comment” set, and someone leaves a well written comment and the URL is legitimate, what makes you think, once you let them in the door, they won’t come back and leave a link to a malicious site.
It’s best to review everything manually, and never assume.
I notice your blog is relatively new and most times, I will remove a link as a precaution when I see a new blog site. Many new blogs, not all, comment on blogs with nofollow removed that also have a good PR and Compete rank to gain some needed link juice, which is not a bad thing.
My AntiSpam Bee plug-in removes all automated comments easily :) Only then it goes to my Akismet
I moderate all comments for the first time only (just to make sure it’s a real human and not a bot)
Michael,
What if they post a quality comment the first time and than spam the next one?
The thing I’m looking at is user experience. I’m arguing that for your readers, the core purpose of your blog, placing every post in moderation is not as pleasing a user experiences as seeing their posts publish when they hit the button.
The vast majority of spam comes in through bots, not humans. Kill the bots before they post and it’s a simple matter of reading your comments, as you do here, to spot any abuse. I have three different plugins running to corral the bot spam, and I check in for new comments periodically, marking the spam as such, which adds it to my black list.
I don’t disagree that we need to weed out the spam, I just think the work flow should assume a good comment and then remove it if the assumption was incorrect.
I’m not so much new as i am new again. ;)
Dane,
I receive on average about 10 comments a day and I a notification is sent to my smart phone. I usually approve or mark a comment as spam relatively quick, unless I am a sleep of course. Since I have enabled moderation for all comments, I have not noticed any drop off in the volume of comments thus far.
I use wordpress and they cant always see spam so using a plugin to is necessary.
Bunny,
Nothing beats human intervention. :)
I know there are tools misused to hurt people. That is the sad thing. Good people use them to make a living while others use them to rob and rape others.
Bunny,
There are a few automated comment tools that are widely used by spammers.
Thanks Frank – now this may explain what had happened to my “other blog” lately. If I go to it from a dell, in IE I get sent to the dell search page, saying it can’t find share4webmasters.com. If I get rid of the dell redirect thing, I get to the site but I can see it, “Transferring data from site x y z..” etc. before it loads. Thumbs up.
Christie,
Spammers are crafty and they know how to trick you.
I look at all comments, but I don’t have them all go into any kind of moderation. Askimet seems to catch almost all the spam, so I have very little to do with the real stuff, and when I look through Askimet, it rarely moves someone who’s leaving a nice post in there.
Mitch,
Akismet works fine, but it takes more to combat human spam.
Frank,
I do moderate comments since long time to avoid 3 types: spam comments, irrelevant comments to the topic of the post and of course linking to bad neighbourhood.
Even with excellent anti-spam plug-in you need a human review and this is at least I do believe in this in my case!
Hicham,
Human intervention is the best defense.
Anyway, thank you so much for the tips and advice.