I tried to search for topics dealing with this, but the top dozen pages all point to posts that are years old and closed.
I'm part owner of a small web-hosting company. We push WP as a great solution for our clients who aren't web-savvy (that's almost all of them).
The problem, however, is the spam. I'm seeing 10-20 spam comments per day on sites that are lucky to get that many hits in a day. I have a site that has been idle for at least 2 years (a WP install), that I upgraded and repurposed as a personal blog just this week. 2 years without a single spam, and an upgrade and initial post results in instant spam.
So my question is 2-fold:
1) I manage quite a few sites for clients (and some for myself) where spam comments are regularly marked as spam. From what I can tell, this does absolutely nothing (except increase the size of the database). What, exactly, is the point of marking a comment as "spam"? I've flagged the exact same comment several dozen times within a blog, and it keeps showing up. To me that means the "mark as spam" feature is worse than useless (it does nothing, and it wastes db/drive space)
2) WP is *obviously* being targeted quite aggressively. Aside from purchasing an Askimet license from Automattic, what is WP doing to combat this? It's becoming much more difficult to sell WP to clients when I have to say "Oh.. yeah... you'll also be getting several dozen spam comments (and associated e-mail notices) every day.
I have e-mail addresses published in plain text on several sites. I get (and I am *not* exaggerating) 100 times more comment spam from WP than I do from blatantly-harvestable e-mail addresses.
Asking people to pay more for Askimet is a very difficult sell. It comes across as extortion (pay us more money or you'll get flooded with spam!)--Especially since our company is targeting the very low end of the spectrum (hey, *someone* needs to provide affordable services to them).
WP is gaining serious market share. As they become more popular, they become more of a target. Is WP doing anything to address this attack on their platform? Or do we just need to start including the cost of an askimet license with every package?