WordPress.org

The Stop Spammer Registrations Plugin checks against StopForumSpam.com, Project Honeypot and BotScout to to prevent spammers from registering or making comments.

The Stop Spammer Registrations Plugin works by checking the IP address, email and user id of anyone who tries to register, login, or leave a comment. This effectively blocks spammers who try to register on blogs or leave spam. It checks a users credentials against up to three databases: Stop Forum Spam, Project Honeypot, and BotScout. In order to use the Project HoneyPot or BotScout spam databases you will need to register at those sites and get a free API key. Stop Forum Spam does not require a key so this plugin will work immediately without getting a key. The API key for Stop Forum Spam is only used for reporting spam.

In addition to checking on the top forum spam databases, the plugin will optionally check agains several email spam DNSBL sites such as spamhaus, dsbl, sorbs, spamcop, ordb, and njabl. In testing, this sometimes caught spam that the comment spam databases missed.

Optionally, a webmaster can specify that disposable emails be denied. These disposable emails are frequently used by spammers to hide their identity. They have a certain legitimate use in that they can provide anonymity to users. Legitimate commenters will probably not feel the need to remain annonymous, though. The plugin detects about 500 disposable email domains, but there are probably many more.

This plugin keeps track of a number spammer emails and IP addresses in a cache to avoid pinging databases more often than necessary. The results of the most recent checks are saved and displayed under settings. The size of the history and bad user lists can be set from 10 to 100. This information is stored in an array in the WP options table. The size of the array can raise the resource requirements of WordPress, which is already pushing the resource limits of some hosts, so keep the cache small.

In case a user results in a false positive on one of the spam databases there is a white list that can be entered of email address or IP addresses. This will allow such users to register, login and comment on the bog.

Requirements: The plugin uses the WP_Http class to query the spam databases. Normally, if WordPress is working, then this class can access the databases. If, however, the system administrator has turned off the ability to open a url, then the plugin will not work. Sometimes placing a php.ini file in the blog's root directory with the line "allow_url_fopen=On" will solve this.

The plugin is ON when it is installed and enabled. To turn it off just disable the plugin from the plugin menu..

The plugin keeps a count of the spammers that it has blocked and displays this on the WordPress dashboard.

The plugin will also reject registrations, comments and pings where the HTTP_ACCEPT header is missing. This header is present in all browsers and its absence indicates that a program, not a human, is attempting to leave spam.

If you are running a networked WPMU system of blogs, you can optionally control this plugin from the control panel of the main blog. By checking the "Networked ON" radio button, the individual blogs will not see the options page. The API keyes will only have to entered in one place and the history will only appear in one place, making the plugin easier to use for administrating many blogs. The comments, however, still must be maintained from each blog. The Network buttons only appear if you have a Networked installation.

The plugin adds links to the Comment Moderation page to check a comment's credentials agains the spam databases. If you have entered the Stop Forum Spam API key you can also report the spammer to the SFS database. Please make sure that the comment is actually spam and not from some clueless commentor who likes to salt his comments with spammy links. (I find that comments that do not specifically reference the post are always spam. "Nice Blog" comments I tend to report immediately.)

The Stop Forum Spam site requires an email and an api key to report spam. If the commentor did not leave an email address (as in a pingback) then the link to report the spam will not be visible.

Problems: In systems with constraints on memory and many other plugins, this plugin will sometimes fail trying to retrieve its options. This results in resetting the configuration. The plugin uses two or three thousand bytes to store the history, cache, and settings. This is not very much, but some plugins use much more memory, and they will cause this plugin to fail. The solution is to remove or disable some of the plugins that are hogging all the memory.

StopForumSpam.com limits checks to 10,000 per day for each IP so the plugin may stop validating on very busy sites. I have not seen this happen, yet. Results are cached in order to thwart repeated attempts.

You may see your own email in the cache as spammers try to use it to leave comments. You may have to white list your own email if that is the case, to keep the plugin from locking you out.

Watch the youtube spam trap video! The video shows one of my plugins that anti-spam cops use. They run honey pots or sites that do nothing but attract spammers. These sites report as many as 500 spammers per hour to the same database that this plugin checks.