Hi, I am a bit new to WordPress and just started a blog, but even then I have received a lot of spam (moderated so they never show up).
I know I can use anti-spam plugins etc, but I imagine that spam robots know about Word Press and therefore know what HTTP Posts to construct because they know the name of the input fields.
How about randomizing the input names somewhat? Of course, you can't use anything predictable like the domain name or the time because robots can pick that up.
However, what if
- You provided a configuration option for blog owners to enter some special key name, maybe encourage special characters like $, etc.
- Then, your code uses this to somehow create random names for form controls, such that the HTML generates those
(WordPress would need some new tags so that theme files can get those names in their comments HTML.)
When comments are posted, the WordPress PHP code can then recalculate the expected field names and request their content.
This would make it a LOT harder for spam robots to automatically create tons of spam posts for so many word press users. They would have to visit and understand each particular blog. (So the problem doesn't go away, but does get minimized.)
I have done this for another site that gets about 15 million page views a year (not Word Press; custom code), and not had an instance of spam comments.