Lower your WordPress comment spam

I lowered the number of spam comments coming into WordPress from ~160/day to ~18/day by renaming wp-comments-post.php. That’s the file name that all WordPress installations use and it’s a welcome sign for spammers. It doesn’t matter what you rename it to, just make sure to also rename it in your template. It makes upgrades a bit more of a pain, but it’s just one tiny change to make after uploading the files.

Akismet is great and blocked most of the 160/d spams I was getting, but not ever having the spam enter the system is even better. I got the idea after seeing incoming POST requests to that URL without an existing GET request to a post. I now see 404 requests incoming to wp-comments-post.php which proved my theory and makes me smile.

Sidenote: I wonder why WordPress doesn’t default to requiring a random token in the form of a hidden input to be sent with a comment? An invisible CAPTCHA if you will, but it would require a lot more work to spam (a GET request before each POST is twice the work and would result in an even greater slowdown as you have to wait for the request to get back to process the page before you can send the POST). Perhaps to promote Akismet?