The other day, while trying to auto-approve all comments on my blog the other day, I saw a big box that I had never paid much attention to before in the past—the comment word blacklist.
Have you seen this before?
You can get there by traveling to Settings > Discussion in your WordPress Dashboard.
Then I thought, there’s probably a master blacklist out there somewhere… Lo and behold there is!
Click here to visit the WordPress Comment Blacklist on GitHub.
Here’s the raw file, just select all, copy, and paste, and you’re set!
What’s your favorite means of SPAM protection?
While I use Akismet and Disqus, I thought this was just one extra way to protect my blog without turning off comments altogether.
Eric J says
I use http://wordpress.org/plugins/comment-blacklist-manager/ to download the blacklist for me.
Eric Dye says
Nice. I may need to check these out…
Eric J says
It only helps with the spam unfortunately, i wish there was a 100% foolproof way.
Katie Allred says
Sweet. Thanks Eric J! This is a nice, non-plugin version way just in case people have an aversion to plugins (like me…) 😉
Eric Dye says
I’ve found this to be VERY powerful. Closest thing to 100% I’ve ever used… http://www.benmarshall.me/wordpress-zero-spam-plugin/
Worli says
Hello Katie,
Yes its a great feature, but not really effective. You can block someone by email id, ip address and even websites. But, the main problem is spamming is done by sophisticated bots and its all automated, which keep changing its email, ip and URL. In such case a plugin is very necessary. I use “Advanced Invisible Anti-Spam”, a very effective plugin to combat spam.
Grant Hutchinson says
Hi Worli.
As the author of this blacklist, I’d like to rebut your statement by saying that it is very effective. My blacklist contains phrases, terms, and other snippets that spammers (whether automated bots or not) use in their comment text and addresses. I don’t rely on IP or email addresses entirely, because — as you mention — they are the most likely thing to change.
I would put my comment blacklist up against Akismet or any other standalone spam-busting plugin, in terms of comparing the number of false positives or negatives. I run Akismet on several of my sites and I use my blacklist (with the aforementioned Comment Blacklist Manager plugin) on the rest. The end results are nearly identical.
Katie … thanks for the mention.
Eric J says
Thanks for improving the WordPress community Grant!
Eric Dye says
Srsly.
Grant Hutchinson says
Thanks Eric and Eric … I’m just glad that people have found the blacklist useful.
Cheers.
Katie Allred says
I have used this on all my sites and I love it! So there’s how I feel about it. 🙂
Grant Hutchinson says
Thanks, Katie.
I’m pleased that it works so well for you. Please let me know if there are any spam comments that it doesn’t catch and I will update the blacklist accordingly. Likewise, make sure to tell me if it catches anything it shouldn’t.
Alan German says
Grant:
Does your blacklist work on wordpress.com blogs or is it restricted to blogs on wordpress.org?
I thought that the Comment Blacklist on wordpress.com would allow me to blacklist specific senders because the description of the feature states: “When a comment contains any of these words in its content, name, URL, email, or IP, it will be put in the trash.” However, it appears that this description is not correct and such comments are actually directed to the spam folder. This, of course, requires me to manually send the comments to the trash – over and over again!
Since I am receiving obvious spam from a number of readily-identifiable sources, the ability to blacklist such comments and have them automatically sent to trash would be a huge benefit. However, I don’t believe that wordpress.com allows me to include any items such as plug-ins.
Alan
Alan German says
On checking the link to the blacklist noted here, I realized that this identifies comments as spam and doesn’t send blacklisted items to trash. And, the instructions on the Comment Blacklist in the Admin panel of the WordPress blog are incorrect in the latter respect. (See: http://en.forums.wordpress.com/topic/comment-blacklist?replies=3#post-2898342) So, I am not aware of any system that will have the desired effect.
Alan
Rich says
On the current list there appears to be just a lower-case “o”, but, of course, this would block pretty much any comment, as I’ve used several of these already. What am I missing? Does it have to be an “o” by itself, because it was my understanding that the WordPress black list function would find word parts also, not just complete, matching words. Is this actually some symbol from a foreign language? Granted, I’m a beginner, so my apologies if this is a stupid question (but still help a brother out). Thanks.
Grant Hutchinson says
Hi Rich.
I’m the maintainer of the blacklist and I’m not quite sure what “lower-case o” you’re referring to. There are no entries in the blacklist that consist of only a lower-case ‘o’ on a line by itself, it will always be used in conjunction with another character or word. Each line in the blacklist is treated as a phrase which gets applied against a comment.
Can you give me an example of what you’re referring to?
Rich says
Following is an excerpt from near the bottom of the “raw list” linked in the article above. Surely it can’t work the way I thought it should or else very few comments would get through, so what am I missing? I guess I’d be surprised if you see this because these should all be blocked. Good luck
ոo
սa
օd
օf
օm
օn
օp
օr
օs
օt
օw
օx
օy
ויקיפדיה
السياحة العلاجي
ߋ
ขายเสื้อผ้าเด็ก
คาสิโน
ต่างหู
Grant Hutchinson says
Hi Rich.
What you’re seeing in the list are not standard (Latin) lowercase ‘o’ characters, but what are know as ‘armenian small letter oh’ (Unicode) characters. Spammers often replace letters of the alphabet with non-Latin characters that look similar in strings of text. In reality, you would never find an ‘armenian small letter oh’ next to a Latin ‘m’, ‘p’, or otherwise.