Support » Plugin: WP-SpamShield » Ineffecient, Inefective, Bloated and Incompatible with Server Side Caching

  • SpamShield does too many different things and does them poorly. Rather than focusing on stopping comment spam it also tries to address form spam, email harvesting, pingbacks, trackbacks, and the user registration form. SpamShield provides its own limited contact form generator as well. All of these different, distracting functions are better handled by other plugins or simply unnecessary. Useless features like publicly advertising how much spam you’ve caught are simply obnoxious — SpamShield actually gives you a widget for this.

    If you are using a high quality host that provides server side caching or you have set it up yourself, avoid SpamShield. Its description omits and its documentation buries the fact that SpamShield is likely to cause performance problems with modern, managed WordPress hosting — i.e., any hosting environment that uses Varnish or similar server-side caching. If this is a problem for you the dubious workarounds are tedious to implement and require use of a “compatibility mode.” “Compatibility mode” adds more code to a plugin that is already deep in the weeds with too many pointless features and user options.

    SpamShield’s problem with Varnish and caching methods common to WordPress hosts is that it sets and updates a cookie on all your pages even if comments are not present or active. This prevents server-side caching/accelerators like Varnish from working. Since the top managed WordPress hosts use Varnish or similar server-side caching, use of this anti-spam method is not a small drawback. The developer of this plugin responds to this fact deep within the lengthy “Known Issues” list on his website. In his view the problem is standard high-performance hosting methods and the wisdom of the best WordPress engineers. You may or may not be able to resolve this problem in a given hosting situation, but I would suggest not wasting your time. There really is no reason to use this plugin as opposed to Google ReCAPTCHA or other, more effective methods that will simply work and do one thing very well: stop spam from being submitted at all.

    During the time I’ve used SpamShield in multiple hosting environments and watched it go through many small updates, it’s been impossible to “set it and forget it.” Either it is failing to catch spam or it is blocking legit users, or both. Just when you seem to have it dialed in, something changes. This is pretty common for anti-spam plugins other than Akismet and Google ReCAPTCHA. Akismet and Google’s “I’m not a robot” test both draw on the power of enormous networks and expertise while also using a minimum of code and taking the burden off your server. At this point in time, SpamShield is one of the weaker representatives of a type of anti-spam solution that has become obsolete.

    Updated 19 February 2016.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Contributor Red Sand Media Group


    Hi Dan,

    I’m sorry to hear that you had an issue.

    However, I have to ask, why would you post a negative review without even submitting a support request first? You have submitted a support request in the past for a different issue, and we resolved the issue within a day, so you already know that we provide excellent support. I’ve even said that you could email me directly instead of submitting an official support request if you ever had another issue in the future.

    To say this plugin is “bloated”, is simply not accurate. If you’re relying solely on Varnish for your website speed optimization, then you’re doing it wrong. When optimizing a site for speed, the server side caching should be the icing on the cake, not the meat and potatoes.

    The plugin is extremely optimized and will actually speed up your site. Benchmarking and speed has been a primary focus from the beginning.

    If setting a cookie – a very standard element of websites and web development – is causing your site to slow down that dramatically, then your site development practices have some fundamental problems. Even so, you can choose not to have the plugin set a cookie, by using Compatibility Mode, which we have noted, may help users who wish to use Varnish.

    Varnish is known to cause a lot of problems with WordPress. This is a fact, not my opinion. Simply do some web searches on the topic if you don’t believe me. Unfortunately Varnish is known to have issues with Cookies and PHP SESSIONS. It will have issues with many plugins or web apps that use these. So, it’s not specifically the plugin that isn’t compatible with Varnish…it’s the fact that Varnish can reduce PHP functionality and impact these very standard features of PHP that WP-SpamShield uses. Use of Varnish will conflict with many open source web apps (including WordPress and many of its plugins). It’s better used, IMO, on a site that is specifically designed to be used with it, and coded to work with its unique characteristics.

    You would be absolutely incorrect to say the “top managed WordPress hosts use Varnish”. I know exactly which hosts you speak of, and there are many web hosts out there that offer better performance without Varnish. Yes, some do use it, and interestingly enough, they have no problem functioning with the plugin. Many web hosts recommend our plugin, which they would not do if it was “bloated” or hindered performance as you say. I’m not against server-side caching altogether…there are other better server-side caching options IMO.

    WordPress site slowdowns are most often caused by undiagnosed PHP errors, configuration issues, memory issues, database issues, missing modules, old mySQL versions, and old PHP versions. Slapping a caching mechanism on top of these can mask the issue but it’s not fixing the real problem.

    Please take special note of FAQ 15, as it specifically addresses your issue:
    Q: Will WP-SpamShield slow down my site, and is there anything I can do to optimize my site for it?” Real the full FAQ:

    Excerpt from the FAQ:

    A: WP-SpamShield will not slow down your site, and no further optimization is necessary. It is a very efficient plugin and has been optimized to use a very light server load. Because it keeps spam out of the WordPress database, and helps prevent database bloat, it actually speeds your site up in the long term compared to a site that does not use it.

    Clients hire us day in and day out to optimize their sites, and we write plugins that help improve PageSpeed, so that’s one area we specialize in and would never let a plugin slow a site down.

    Here is a breakdown…

    For the rest of the FAQ, please click here to read it.

    If you want to resolve the actual issue on your site please head over to the WP-SpamShield Support Form, and take a moment to fill out a support request. That will allow us to help you diagnose this, find out what the real issue is, and get things working right for you.

    Please ask yourself this…When developers spend so much time developing free plugins for the WordPress community, is it really ok to post a 1-star review without making any reasonable effort to receive support? That’s simply not the right way to handle things.

    If you have an issue with something, submit a support request first, and give the author time to respond. We provide free support for our plugins…all you have to do is submit a support request at the WordPress Plugin Support Page. We provide some of the best support out there.

    You might want to take a moment to check out these two posts:

    I would understand the negative review if what you were saying was accurate, or if you had submitted a support request and we had treated you poorly or not resolved the issue. However, that is not the case.

    I would ask that you reconsider your rating, as it simply isn’t accurate.

    – Scott

    Your verbose overreaction to simple facts speaks volumes. Please stop emailing me with your antagonistic rants and disinformation.

    I don’t have an “issue.” It’s a fact that SpamShield is incompatible with the best hosting available for WordPress as ranked by independent performance testing and customer satisfaction ratings. It sounds like you need to decide whether to keep defending this position or to get on board with the present and future reality of WordPress.

    “Bloated” refers to your default automatic support for form plugins even if they’re not in use. It refers to email obfuscation as a totally random added feature that has nothing directly to do with form spam.

    Plugin Contributor Red Sand Media Group


    Hi Dan,

    I’m sorry that you feel it is OK to post inaccurate statements, and that somehow I don’t have a right to respond them. That isn’t overreacting – it’s simply clarification.

    However, since you don’t seem willing to have an open and reasonable discussion, I’m not going to get into an argument with you here. That doesn’t benefit anyone.

    I never emailed you antagonistic rants…I sent you a friendly email offer to help. You responded by calling me expletives for no reason. Please don’t post false information about me like that.

    We have helped you in the past, and we have offered to help you now. I’m sorry that you don’t see that our only goal here is to help people.

    Take care.

    – Scott

    The only inaccuracies here are your irrelevant attacks on hosting environments that, by doing things right, make it more difficult to sustain the fiction that SpamShield is a worthwhile plugin.

    You haven’t disagreed with the facts that lead me to disrecommend SpamShield, especially the way its primary, default mode interacts with server side caching. My comment on your attitude toward that problem apparent in everything you’ve written. On the one hand there is “compatibility mode” and other workarounds which add bloat and complexity to SpamShield in an attempt to support the widest range of hosting environments. On the other hand there is your persistent blaming of these increasingly common hosting environments as ones that are “known to cause a lot of problems with WordPress.”

    In a similar vein, you attack critical reviews and people who write them, impugning their motives and passively suggesting they have no right to leave a critical review without going through other channels and of course bowing down before your great generosity for creating such a poor, deleterious, redundant plugin.

    This is not my idea of a “discussion,” nor did I wish have one with you — certainly not on multiple channels. Emailing me persistently after I told you to stop crosses the line from obsessiveness to harassment. You need to step back and think about the likely success of a public strategy of hectoring and bullying people into liking your plugin.

    Plugin Contributor Red Sand Media Group



    The only person here who seems to be attacking…is you. I’ve never attacked anyone online. I stand by everything I have said anywhere online, and can back it up with fact. When I’m wrong, I am happy to admit it, and have done so.

    As a plugin developer, I’m not out of line for feeling that it is completely inappropriate to post a negative review without submitting a support request first. That’s just common decency. Many more developers feel that way. I’m not afraid to say what I think. If I get flack for stating my opinion publicly, so be it. Again, I’m proud to stand by everything I’ve said online.

    C’mon now, don’t misstate the facts…I did not email you incessantly. I merely responded to your email with a quick reply, and said to take care.

    I have nothing but goodwill towards you my friend, so, like I said, I’m not going to argue with you.

    Take care.

    – Scott

    Seeing as this is the most recent slowdown 1-star review, let me add that we may be canaries in the coal mine here for issues the author is unwilling to look into.

    So I’m using this before submitting a low-rated opinion myself, after the exchange in messages and the latest update that made my site next to unusable for me with it on.

    Issue in my case is that me and the dev are talking about entirely different issues and after an apparently friendly initial exchange this last time it was a case of know-it-all “expert” talking down to assumed idiot user, just shoving his ideas at me again and ignoring what I was saying the issue actually was. And then the latest update made it far worse.
    At first, after an ISP switch, the first time the site created the session cookie it had an 24-second delay. I submitted a support request, we went through it at length and kept being told it’s my host’s fault or my fault, and maybe at the time I half-bought it and dropped it, though it was clearly something that didn’t also affect others I asked to check, so obviously not a general site issue and couldn’t have been due to hosting or versions of anything used.
    Then, after some WPSS update along the way, this issue no longer appeared when creating that cookie, but only if I tried to submit a test comment or, in the back end, went to the plugins page or updated (or (re)activated) WPSS, so whatever it was doing was only done when it should be done, WPSS no longer got in the way when it wasn’t its business. And at that point I just shrugged it off.
    However, updating to 1.9.8 (straight from, so the change may have been in between too) caused that delay to reappear for me whenever I tried to save to the database, so also when autosaving drafts or when posting or editing posts. At which point I meant to continue the discussion and we got to the situation I described above, being told nothing changed in the plugin to cause this to happen so it’s still my or my host’s fault, though the change was obviously after a WPSS update.
    And now after the update it happens on every single page, every single time. Same fixed 24 second delay. For me. Had someone else test it just now again, behavior not noticed.

    So I keep saying there’s an issue with certain IPs or some other user data, tries certain checks, certain connections, no idea what it does, but besides looking into what happens here exactly, the main point is that it shouldn’t do it unless you try to post a comment, so the fact that it happens all the time now means WPSS is getting its digital nose where it doesn’t belong.

    So… Worked through some of the anger left after last time and trying to get to the bottom of it before dropping it, but that takes willingness on both sides.

    Plugin Contributor Red Sand Media Group



    We bent over backward trying to help you. The bottom line is that you were unwilling to follow all of the diagnostic steps we asked you to follow. You’re using outdated PHP versions, and outdated WordPress versions. After we asked you to use WP_DEBUG to diagnose things, there were no WP-SpamShield errors, but many errors in your theme and other plugins, but yet still want to blame the issue on WPSS. We made suggestions for you to work through to help fix these issues. Diagnosing issues is a process, and if you follow the steps we ask, you can fix things. If you don’t want to try what we suggest, then there is no more we can do to help you.

    The reason we suggested that you change hosts is that you told us they were unwilling to upgrade your server past PHP 5.3, which reached EOL two years ago. It’s one thing if you were choosing to use 5.3, but the fact that the highest PHP version they offer is a dead, unsupported branch, was a sign of bad hosting.

    As we told you several times, if you have a 24 second delay, then you have a serious configuration issue or PHP error happening on your site server. Nothing should ever take that long. We have optimized the plugin to be extremely efficient, as noted in the FAQs with benchmarks and explanations.

    You keep saying that it’s a WPSS issue and that a recent update caused the issue, but we literally did not change any code in the plugin that could cause the issue you’re talking about.

    We’ve been diagnosing these issues on this plugin and its predecessor for almost a decade. We’ve done tech support on thousands of sites, all kinds of server setups, and each of us has at least a couple decades of experience in this field. We do happen to have an excellent system for tech support diagnosis. If you don’t want to accept our expertise, that’s perfectly fine, but that’s your choice. Our only goal is to help you have a flawless experience.

    After we tried extensively to help you extensively for several days, you became abusive to tech support, and we had to cut it off. That is simply not acceptable.

    We have a clean conscience that we only tried to help you. You’re free to accept that or not.

    – Scott

    There were no theme errors, just a few warnings related to the use of deprecated functions. Those warnings remained whether WPSS was on or off, but the 24 second delay only appeared with it on. And I keep saying there is no error there, just a delay in something WPSS tries to do.
    Seriously, run the operations WPSS does on my IP, see if those delays appear; I’m sure this would have taken far less than this exchange so far. And again, they do not happen for others, and if there was anything related to theme or WP version or hosting they’d happen for everyone, but I ran Google PageSpeed Insights and the whole process completes far faster than any single page loads for me and it usually says server response is fine, occasionally throws up a warning that it’s a few hundredths of a second over the 0.2s it considers as fine (and you said you ran other tests yourself and it seemed good enough but could be better, definitely no 24 sec delay there). Also said I had others test and the problem doesn’t appear, and I tested myself on another connection and the problem doesn’t appear, and I had someone else on the same ISP test and the problem does appear. And since it’d really be bad practice for WPSS to request the user to make some other connections (which my ISP may for some reason block) before being allowed to view the page and I don’t want to believe it does that, only reasonable explanation is that it has some issues with these IPs.
    I’d really like to know how you can argue that it’s not WPSS and IP related if it doesn’t happen for other IPs and doesn’t happen with WPSS off but those warnings appear either way.

    And yes, a WPSS update mostly solved the issue some time ago and these recent ones made it far, far worse than it ever was. (And you wonder why I’m wary about updating…) This last time at least I definitely didn’t do anything else, nor did my host, but as soon as I updated WPSS things changed. And if nothing was intended to create this behavior, maybe it just happened to slip through, hence my canary in the coal mine comment.

    So you didn’t “bend over backwards”, though you did admittedly make it appear so at first. You just keep feeding your ideas to me and refuse to listen (er, read) what I’m saying.

    And I definitely wouldn’t call any of that exchange abusive. Just frustrated. On both sides.

    Plugin Contributor Red Sand Media Group



    I stand by what I said.

    I’m sorry, but the things you’re saying simply are not accurate.

    We absolutely did bend over backward to help you. And, yes, you absolutely were abusive to support.

    I’m not going to argue with you.

    – Scott

    Moderator Jan Dembowski


    Brute Squad and Volunteer Moderator

    @cavalary This isn’t your topic. You’re opining on a 7 month old review and that’s just rude.

    I’m closing this review. If you need support please start your own topic instead.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Ineffecient, Inefective, Bloated and Incompatible with Server Side Caching’ is closed to new replies.