Spams are a blogger worst enemy. For me, things went worse gradually, until last month, when I had to face about 10 spam comments per day on average, even though I had the WP-SpamFree plugin installed. When spams were fewer, this was not a problem since I had to moderate comments beforehand: users saw nothing. On my part, however, that meant some precious time managing comments and with the number of spam raising, I couldn’t do it anymore.
My first reflex was to turn authentication on: you couldn’t post a comment without being a legit user first. This was not really a good thing since I would have to manage users and legit comments would drop since people are not really interested in managing another account. However, relying on an external account provider (like Google, OpenId, or whatever) would adress both issues. The crucial point would be to choose the right third-party provider.
Before I could dive further into the problem, I noticed one plugin I regularly deactivated: the Akismet plugin is included in WordPress distribution since I first use the product. Akismet checks comments against their service: it automatically manages spam, either through a web-service or an API. In order to use Akismet, you had to get a license key first. Aye, there’s the rub! In the past, the key could be given free provided you ran on Wordpress.com, which is not my case. I don’t know when but those policies have changed: you can now get a key for hosted WordPress instances if those are personal blogs! In this case, you get to choose the price you pay (between 0 and 120$ per year). To be frank, I paid 0, but since I activated the plugin, it managed all the spams and let through 3 genuine comments. This doesn’t prevent me for paranoicaly sifting through all spams to check if it didn’t mark a real comment as spam but until yet, it has not.
In a month or two, I think I will be confident enough no to check anymore and I will pay for a new licence key: time is money.