{"id":318341,"date":"2026-05-25T12:54:18","date_gmt":"2026-05-25T12:54:18","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/comment-spam-cleanup\/"},"modified":"2026-05-25T14:37:15","modified_gmt":"2026-05-25T14:37:15","slug":"aos-comment-spam-cleanup","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/aos-comment-spam-cleanup\/","author":23306166,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.5.0","stable_tag":"1.5.0","tested":"7.0","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"AOS Comment Spam Cleanup","header_author":"AOS Digital","header_description":"Bulk-delete comment spam by URL pattern, schedule auto-cleanups, block bots with a honeypot, and auto-score comment quality \u2014 all from one admin panel.","assets_banners_color":"fcfcfc","last_updated":"2026-05-25 14:37:15","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/ko-fi.com\/aosdigital","header_plugin_uri":"https:\/\/wordpress.org\/plugins\/aos-comment-spam-cleanup\/","header_author_uri":"https:\/\/aos-digital.de\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":33,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.4.0":{"tag":"1.4.0","author":"aosdigital","date":"2026-05-25 12:54:01"},"1.5.0":{"tag":"1.5.0","author":"aosdigital","date":"2026-05-25 14:37:15"}},"upgrade_notice":{"1.5.0":"<p>New privacy features: block Gravatar external requests and disable comments globally. The automation and protection settings are now saved independently \u2014 please re-save both tabs once after upgrading.<\/p>","1.4.0":"<p>Plugin renamed to AOS Comment Spam Cleanup (slug: aos-comment-spam-cleanup). All internal option keys updated. After upgrading, existing settings will not migrate automatically \u2014 please re-save your settings once.<\/p>","1.3.0":"<p>Security hardening: nonce verification, output escaping, and input sanitization improved throughout. Plugin renamed to AOS Comment Spam Cleanup; text domain updated to comment-spam-cleanup. Recommended upgrade for all users.<\/p>","1.2.0":"<p>Fixes a PHP 7.4 compatibility bug in the quality scorer (str_contains \u2192 strpos). All strings are now English-first with full translation support. Recommended upgrade for all users.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.gif":{"filename":"icon-128x128.gif","revision":3547778,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.gif":{"filename":"icon-256x256.gif","revision":3547778,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3547630,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3547630,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.4.0","1.5.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3547630,"resolution":"1","location":"assets","locale":"","width":1400,"height":1070},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3547630,"resolution":"2","location":"assets","locale":"","width":1400,"height":1210},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3547630,"resolution":"3","location":"assets","locale":"","width":1400,"height":440},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3547630,"resolution":"4","location":"assets","locale":"","width":1400,"height":1090},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3547630,"resolution":"5","location":"assets","locale":"","width":1260,"height":1260}},"screenshots":{"1":"Scanner tab \u2014 search for URL patterns and take bulk action on matching comments","2":"Spam analysis \u2014 automatically surfaced top spam domains from your trash and spam folder","3":"WordPress Blocklist overview \u2014 manage your disallowed keys directly from the plugin","4":"Automation tab \u2014 configure recurring scheduled cleanup with WP-Cron","5":"Protection tab \u2014 enable the honeypot field and comment quality scoring"}},"plugin_section":[],"plugin_tags":[4867,107,1756,599,10877],"plugin_category":[44,54],"plugin_contributors":[264317],"plugin_business_model":[],"class_list":["post-318341","plugin","type-plugin","status-publish","hentry","plugin_tags-comment-spam","plugin_tags-comments","plugin_tags-moderation","plugin_tags-spam","plugin_tags-spam-filter","plugin_category-discussion-and-community","plugin_category-security-and-spam-protection","plugin_contributors-aosdigital","plugin_committers-aosdigital"],"banners":{"banner":"https:\/\/ps.w.org\/aos-comment-spam-cleanup\/assets\/banner-772x250.png?rev=3547630","banner_2x":"https:\/\/ps.w.org\/aos-comment-spam-cleanup\/assets\/banner-1544x500.png?rev=3547630","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/aos-comment-spam-cleanup\/assets\/icon-128x128.gif?rev=3547778","icon_2x":"https:\/\/ps.w.org\/aos-comment-spam-cleanup\/assets\/icon-256x256.gif?rev=3547778","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/aos-comment-spam-cleanup\/assets\/screenshot-1.png?rev=3547630","caption":"Scanner tab \u2014 search for URL patterns and take bulk action on matching comments"},{"src":"https:\/\/ps.w.org\/aos-comment-spam-cleanup\/assets\/screenshot-2.png?rev=3547630","caption":"Spam analysis \u2014 automatically surfaced top spam domains from your trash and spam folder"},{"src":"https:\/\/ps.w.org\/aos-comment-spam-cleanup\/assets\/screenshot-3.png?rev=3547630","caption":"WordPress Blocklist overview \u2014 manage your disallowed keys directly from the plugin"},{"src":"https:\/\/ps.w.org\/aos-comment-spam-cleanup\/assets\/screenshot-4.png?rev=3547630","caption":"Automation tab \u2014 configure recurring scheduled cleanup with WP-Cron"},{"src":"https:\/\/ps.w.org\/aos-comment-spam-cleanup\/assets\/screenshot-5.png?rev=3547630","caption":"Protection tab \u2014 enable the honeypot field and comment quality scoring"}],"raw_content":"<!--section=description-->\n<p><strong>AOS Comment Spam Cleanup<\/strong> helps you remove comment spam in bulk using URL pattern matching, and prevents future bot submissions with a honeypot and quality scoring. Whether you have hundreds of shortlink spam comments or want ongoing protection, this plugin has you covered.<\/p>\n\n<p>It works <em>alongside<\/em> Akismet and other spam filters, not instead of them.<\/p>\n\n<h4>\u2728 What you can do<\/h4>\n\n<p><strong>\ud83d\udd0d Pattern Scanner<\/strong>\nType a URL fragment (e.g. <code>shorturl.fm<\/code>) into the scanner, click <strong>Check Count<\/strong> to see exactly how many comments match, then choose your action: mark as spam, move to trash, or delete permanently.<\/p>\n\n<p><strong>\u23f1 Scheduled Auto-Cleanup<\/strong>\nSet a WP-Cron job to run hourly, twice daily, daily, or weekly. Configure your patterns and action once \u2014 the plugin keeps your comment section clean automatically.<\/p>\n\n<p><strong>\ud83e\udd16 Honeypot Bot Protection<\/strong>\nAn invisible form field is added to your comment form. Real visitors never see or fill it. Bots that automatically fill every form field get rejected with a 403 error \u2014 silently, without affecting real users who never see or fill the field.<\/p>\n\n<p><strong>\ud83d\udcca Comment Quality Scoring<\/strong>\nEvery new comment is automatically scored based on:\n- Number of external links (+2 per link)\n- Shortlink in author URL (+4 points)\n- Very short text under 15 characters (+2 points)\n- High symbol\/punctuation density (+3 points)\n- Known spam keywords like \"casino\" or \"viagra\" (+3 points)\n- Excessive ALL-CAPS usage (+2 points)<\/p>\n\n<p>If the score exceeds your threshold, the comment is held for review or marked as spam automatically.<\/p>\n\n<p><strong>\ud83d\udeab Gravatar Privacy (GDPR-friendly)<\/strong>\nOptionally block all external requests to gravatar.com. When enabled, avatar images are suppressed completely, preventing third-party data transfers without visitor consent \u2014 helpful for GDPR \/ DSGVO compliance.<\/p>\n\n<p><strong>\ud83d\udcac Disable Comments Globally<\/strong>\nClose comments and trackbacks \/ pingbacks on all posts, pages, and custom post types in one click. Existing comments are not deleted \u2014 only new submissions are blocked. Disabling the toggle restores original comment status immediately without any database changes.<\/p>\n\n<p><strong>\ud83d\udee1 WordPress Blocklist Integration<\/strong>\nAdd URL patterns directly to WordPress's native disallowed_keys list \u2014 new comments containing those patterns are caught before they even reach the scanner.<\/p>\n\n<p><strong>\ud83d\udccb Spam Domain Analysis<\/strong>\nAutomatically scans your existing spam and trash comments to surface the most common offending domains, so you always know what to block next.<\/p>\n\n<h4>\ud83c\udfaf Who is this for?<\/h4>\n\n<ul>\n<li>Site owners who suddenly find hundreds of shortlink spam comments (you know who you are)<\/li>\n<li>Bloggers who want passive spam protection without a heavy third-party service<\/li>\n<li>Developers managing multiple WordPress sites who need efficient bulk moderation<\/li>\n<li>Anyone frustrated by shortlinks like <code>bit.ly<\/code>, <code>shorturl.fm<\/code>, <code>cutt.ly<\/code> in their comments<\/li>\n<\/ul>\n\n<h4>\u2753 Why not just use Akismet?<\/h4>\n\n<p>Akismet is great for real-time filtering \u2014 but it doesn't help you <em>clean up<\/em> existing spam, and it doesn't support pattern-based bulk actions. AOS Comment Spam Cleanup fills that gap. Use both.<\/p>\n\n<h4>\ud83d\udd12 Privacy<\/h4>\n\n<p>This plugin does not collect, transmit or store any personal data on external servers. All processing happens on your own server. No external API calls are made during normal operation.<\/p>\n\n<h4>\ud83c\udf0d Translations<\/h4>\n\n<p>Ships with English and German (<code>de_DE<\/code>). Help translate at <a href=\"https:\/\/translate.wordpress.org\/\">translate.wordpress.org<\/a>.<\/p>\n\n<h4>\ud83d\udc68\u200d\ud83d\udcbb Developer<\/h4>\n\n<p>Made by <a href=\"https:\/\/aos-digital.de\/\">AOS Digital<\/a> \u2014 WordPress development from Germany.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>aos-comment-spam-cleanup<\/code> folder to <code>\/wp-content\/plugins\/<\/code><\/li>\n<li>Activate the plugin in <strong>Plugins \u2192 Installed Plugins<\/strong><\/li>\n<li>Go to <strong>Comments \u2192 Comment Cleanup<\/strong><\/li>\n<\/ol>\n\n<p><strong>Quick start to delete shorturl.fm spam:<\/strong>\n1. Open the <strong>Scanner<\/strong> tab\n2. The pattern <code>shorturl.fm<\/code> is pre-filled \u2014 click <strong>Check Count<\/strong>\n3. Once you see the count, click <strong>Execute Action<\/strong> (default action: Mark as Spam)\n4. Done!<\/p>\n\n<!--section=faq-->\n<dl>\n<dt id=\"is%20it%20safe%20to%20delete%20comments%20permanently%3F\"><h3>Is it safe to delete comments permanently?<\/h3><\/dt>\n<dd><p>Permanently deleted comments cannot be recovered. We strongly recommend using <strong>Mark as Spam<\/strong> or <strong>Move to Trash<\/strong> first, reviewing the results, and only choosing \"Delete Permanently\" when you are certain.<\/p><\/dd>\n<dt id=\"will%20this%20slow%20down%20my%20site%3F\"><h3>Will this slow down my site?<\/h3><\/dt>\n<dd><p>No. The plugin only loads on your admin page and during comment submission (honeypot + quality check). There is zero frontend performance impact for visitors.<\/p><\/dd>\n<dt id=\"does%20the%20honeypot%20work%20with%20page%20caching%3F\"><h3>Does the honeypot work with page caching?<\/h3><\/dt>\n<dd><p>Yes. A tiny inline JavaScript snippet empties the honeypot field for real users on page load, so cached pages work correctly. Bots that do not execute JavaScript still fill the field and get caught.<\/p><\/dd>\n<dt id=\"what%20is%20regex%20mode%3F\"><h3>What is Regex Mode?<\/h3><\/dt>\n<dd><p>Regex Mode uses MySQL REGEXP instead of LIKE for pattern matching, allowing complex patterns like <code>shorturl\\.[a-z]+<\/code> to match any <code>shorturl.*<\/code> domain. Standard mode (LIKE) is recommended for simple domain matching. Patterns are validated before execution.<\/p><\/dd>\n<dt id=\"does%20it%20conflict%20with%20other%20comment%20plugins%3F\"><h3>Does it conflict with other comment plugins?<\/h3><\/dt>\n<dd><p>AOS Comment Spam Cleanup uses only standard WordPress hooks (<code>pre_comment_approved<\/code>, <code>preprocess_comment<\/code>, <code>comment_form_after_fields<\/code>) and does not override or replace other plugins' functionality. It has been tested alongside Akismet and Antispam Bee.<\/p><\/dd>\n<dt id=\"does%20the%20quality%20scorer%20affect%20legitimate%20comments%3F\"><h3>Does the quality scorer affect legitimate comments?<\/h3><\/dt>\n<dd><p>The default threshold of 5 is conservative. A normal comment with one link scores 2 points \u2014 safely below the threshold. Test with \"Hold for moderation\" (not \"Mark as Spam\") first to see which comments get flagged before applying stricter settings.<\/p><\/dd>\n<dt id=\"how%20do%20i%20reset%20all%20settings%3F\"><h3>How do I reset all settings?<\/h3><\/dt>\n<dd><p>Use WP-CLI: <code>wp option delete aosc_settings<\/code>\nOr go to <strong>Tools \u2192 Site Health \u2192 Info \u2192 WordPress<\/strong> and look for the <code>aosc_settings<\/code> option.<\/p><\/dd>\n<dt id=\"does%20it%20work%20on%20multisite%3F\"><h3>Does it work on Multisite?<\/h3><\/dt>\n<dd><p>Yes, on individual sites. Network-wide management across all sites in a network is planned for a future version.<\/p><\/dd>\n<dt id=\"can%20i%20use%20this%20to%20block%20future%20spam%20as%20well%3F\"><h3>Can I use this to block future spam as well?<\/h3><\/dt>\n<dd><p>Yes \u2014 add patterns to the WordPress Blocklist (via the scanner or the blocklist card). Any future comment containing that pattern will automatically be marked as spam by WordPress before any other check runs.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.5.0<\/h4>\n\n<ul>\n<li>New: Disable Gravatar \u2014 blocks all external requests to gravatar.com (GDPR\/DSGVO-friendly)<\/li>\n<li>New: Disable Comments Globally \u2014 closes comments and pings on all post types via WordPress filters; no database changes, reversible instantly<\/li>\n<li>New: \"Rate this plugin\" link in the admin header and Ko-fi bar<\/li>\n<li>Fix: Automation and Protection tab settings are now saved independently (no longer overwrite each other)<\/li>\n<li>Improved: Plugin version bumped to 1.5.0; German translation updated with new strings<\/li>\n<\/ul>\n\n<h4>1.4.0<\/h4>\n\n<ul>\n<li>Fix: Plugin renamed to AOS Comment Spam Cleanup; slug changed to aos-comment-spam-cleanup<\/li>\n<li>Fix: All internal prefixes updated from WCC_ (3 chars) to AOSC_ (4 chars) per WP.org guidelines<\/li>\n<li>Fix: Honeypot inline script migrated from echo \"\" to wp_add_inline_script()<\/li>\n<li>Fix: Promotional claims (\"fastest way\", \"zero false positives\") removed from description<\/li>\n<li>Fix: Plugin URI updated to final WP.org plugin page URL<\/li>\n<\/ul>\n\n<h4>1.3.1<\/h4>\n\n<ul>\n<li>Fix: phpcs:disable\/enable blocks replace per-line ignores in scanner \u2014 all Plugin Check warnings resolved<\/li>\n<li>Fix: Main plugin file renamed to comment-spam-cleanup.php matching the plugin slug<\/li>\n<li>Fix: Remaining \"WP Comment Cleanup\" name references cleaned from readme.txt<\/li>\n<\/ul>\n\n<h4>1.3.0<\/h4>\n\n<ul>\n<li>Fix: Inline nonce verification per AJAX handler (PHPCS NonceVerification.Missing resolved)<\/li>\n<li>Fix: Escape number_format_i18n() output via esc_html()<\/li>\n<li>Fix: wp_unslash() + absint() for quality_threshold input<\/li>\n<li>Fix: esc_attr() applied inline in honeypot field output<\/li>\n<li>Fix: wp_unslash() + sanitize_text_field() for honeypot POST check<\/li>\n<li>Fix: phpcs:ignore annotations for legitimate SQL interpolation in scanner<\/li>\n<li>Fix: Removed deprecated load_plugin_textdomain() call (auto-loaded since WP 4.6)<\/li>\n<li>Fix: Plugin name no longer contains restricted term; renamed to AOS Comment Spam Cleanup<\/li>\n<li>Fix: Tested up to updated to WordPress 7.0<\/li>\n<li>Improved: Text domain updated to comment-spam-cleanup<\/li>\n<\/ul>\n\n<h4>1.2.0<\/h4>\n\n<ul>\n<li>New: Ko-fi donation link in plugin action row and admin header<\/li>\n<li>New: \"Settings\" link in plugin action row for faster access<\/li>\n<li>New: Action description hint strip in scanner (explains the chosen action)<\/li>\n<li>New: Responsive layout for mobile admin<\/li>\n<li>New: German (<code>de_DE<\/code>) translation file<\/li>\n<li>New: Score factor reference table in Protection tab<\/li>\n<li>New: Validation of allowed values in settings save (security hardening)<\/li>\n<li>Fix: <code>str_contains()<\/code> replaced with PHP 7.4-compatible <code>strpos()<\/code> in quality scorer<\/li>\n<li>Fix: All hardcoded German strings in JavaScript replaced with localised <code>i18n<\/code> object<\/li>\n<li>Fix: Button labels after AJAX now use localised strings (no language regression)<\/li>\n<li>Improved: Full English-first UI with proper <code>Text Domain<\/code> internationalisation<\/li>\n<li>Improved: Accessible markup (role, aria-controls, aria-label throughout)<\/li>\n<li>Improved: Settings input validation for cron_interval, cron_action, quality_action<\/li>\n<li>Improved: Clearer descriptions and help text for every setting<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>New: Scheduled cleanup via WP-Cron (hourly\/daily\/weekly)<\/li>\n<li>New: Action selector \u2014 mark as spam, move to trash, or delete permanently<\/li>\n<li>New: Regex mode (MySQL REGEXP) in scanner<\/li>\n<li>New: Honeypot comment form field (Feature 5)<\/li>\n<li>New: Comment quality scoring with configurable threshold (Feature 4)<\/li>\n<li>New: Three-tab admin UI (Scanner \u00b7 Automation \u00b7 Protection)<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release \u2014 URL pattern scanner, bulk delete, WordPress blocklist integration, preset shortlink patterns, spam domain analyser<\/li>\n<\/ul>","raw_excerpt":"Clean up comment spam by URL pattern, schedule auto-cleanups, block bots with a honeypot, and auto-score comment quality \u2014 all in one panel.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/318341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=318341"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/aosdigital"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=318341"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=318341"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=318341"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=318341"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=318341"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=318341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}