Antispam Bee (original) (raw)

Say Goodbye to comment spam on your WordPress blog or website. Antispam Bee blocks spam comments and trackbacks effectively, without captchas and without sending personal information to third party services. It is free of charge, ad-free and 100% GDPR compliant.

Feature/Settings Overview

• Trust approved commenters.
• Trust commenters with a Gravatar.
• Consider the comment time.
• Allow comments only in a certain language.
• Block or allow commenters from certain countries.
• Treat BBCode links as spam.
• Use regular expressions.
• Search local spam database for commenters previously marked as spammers.
• Notify admins by e-mail about incoming spam.
• Delete existing spam after n days.
• Limit approval to comments/pings (will delete other comment types).
• Select spam indicators to send comments to deletion directly.
• Optionally exclude trackbacks and pingbacks from spam detection.
• Optionally spam-check comment forms on archive pages.
• Display spam statistics on the dashboard, including daily updates of spam detection rate and a total of blocked spam comments.

Support

• Community support via the support forums on wordpress.org
• Read the documentation
• We don’t handle support via e-mail, Twitter, GitHub issues etc.

Contribute

• Active development of this plugin is handled on GitHub.
• Pull requests for documented bugs are highly appreciated.
• If you think you’ve found a bug (e.g. you’re experiencing unexpected behavior), please post at the support forums first.
• If you want to help us translate this plugin you can do so on WordPress Translate.

Credits

• Author: Sergej Müller

• Maintainers: pluginkollektiv

• If you don’t know how to install a plugin for WordPress, here’s how.

Requirements

• PHP 5.2.4 or greater
• WordPress 4.5 or greater

Settings

After you have activated Antispam Bee the plugin will block spam comments out of the box. However, you may want to visit Settings Antispam Bee to configure your custom set of anti-spam options that works best for your site.

Does Antispam Bee prevents spam registrations or protects form plugins?

Antispam Bee works best with default WordPress comments. It does not help to protect form plugins and does not prevent spam registrations. Hopefully we can provide better hooks for third party plugins to use Antispam Bee to fill this gap in the forthcoming new major version.

Does Antispam Bee work with Jetpack, wpDiscuz, Disqus Comments and similar comment plugins?

Antispam Bee works best with default WordPress comments. It is not compatible with Jetpack, wpDiscuz or Disqus Comments as those plugins load a new comment form within an iframe. Thus Antispam Bee can not access the comment form directly.

Whether Antispam Bee works with a comment form submitted via AJAX depends on how the AJAX request is made. If the request goes to the file that usually also receives the comments, Antispam Bee could work with it out of the box (the WP Ajaxify Comments plugin does this, for example).

If the comments are sent to the admin-ajax.php, the antispam_bee_disallow_ajax_calls filter must be used to run ASB for requests to that file as well. If the script does not send all form data to the file, but only some selected ones, further customization is probably necessary, as exemplified in this post by Torsten Landsiedel (in German).

Does Antispam Bee store any private user data, and is it compliant with GDPR?

Antispam Bee is developed in Europe. You might have heard we can be a bit nitpicky over here when it comes to privacy. The plugin does not save private user data and is 100% compliant with GDPR.

Will I have to edit any theme templates to get Antispam Bee to work?

No, the plugin works as is. You may want to configure your favorite settings, though.

Does Antispam Bee work with shortened IPs?

Generally yes. However, commissioning the Antispam Bee plugin for canceled or shortened IP addresses in comment metadata is not recommended. Because the name and the e-mail address of the comments are not unique, an IP address is the only reliable measure. The more complete the stored IP addresses, the more reliable the assignment or detection of spam.

How can I submit undetected spam?

If the antispam plugin has passed some spam comments, these comments can be reported for analysis. A Google table was created for this purpose.

Antispam Bee with Varnish?

If WordPress is operated with Apache + Varnish, the actual IP address of the visitors does not appear in WordPress. Accordingly the Antispam-Plugin lacks the base for the correct functionality. An adaptation in the Varnish configuration file /etc/varnish/default.vcl provides a remedy and forwards the original (not from Apache) IP address in the HTTP header X-Forwarded-For:

if (req.restarts == 0) {
set req.http.X-Forwarded-For = client.ip;
}

Are there some paid services or limitations?

No, Antispam Bee is free forever, for both private and commercial projects. You can use it on as many sites as you want. There is no limitation to the number of sites you use the plugin on.

A complete documentation is available on pluginkollektiv.org.

How can I report security bugs?

You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team helps validate, triage and handle any security vulnerabilities. Report a security vulnerability.

Very Well Done, easy to get started, clear nav, easy easy easy, thank you.

The plugin does exactly what you are expecting it to do: it stops comment spam. It is non-intrusive and extremely efficient. I haven’t seen a single spam comment on my blog for many years now. Kudos.

Have used this for years. Should have left a review before now. This is a real gem of a plugin. Have it on all my sites. Long may it continue!

On one of my sites, I was having a real tough time with crap like, slot machines and by bitcoin and just all this junk I had to go and delete. Today I found “1” after months of not going into the back end of this site, ONE spam and I hit spam and it went away… Later today, I’m going to go load antispam bee on all my clients sites…. I’ve had clients with thousands of spams and I don’t have time for this… Oh and I tried jetpack, it caused issues and I deleted it won’t bother with it again.

I tried so many, even the most famous ones, but they all still passed spam, and I was forced to delete them at least every 3 days. With this plugin spam zero, you read it right zero!

Read all 224 reviews

“Antispam Bee” is open source software. The following people have contributed to this plugin.

Contributors

2.11.8

• Tweak: Minor code changes and housekeeping
• Tweak: Add link to Patchstack in readme
• Maintenance: Tested up to WordPress 6.8

2.11.7

• Tweak: Use SCRIPT_NAME instead of REQUEST_URI to check path
• Fix: Remove add_reasons_to_defaults() from general initialization for better WordPress 6.7 compatibility
• Maintenance: Tested up to WordPress 6.7

2.11.6

• Fix: Delete missed out option on uninstall (Thanks @okvee!)
• Tweak: Minor i18n improvements (Thanks Pedro!)
• Tweak: Minor code changes and housekeeping
• Tweak: Updated dependencies

2.11.5

IMPORTANT: If you use the country check and are behind a proxy or similar, you need to use the antispam_bee_trusted_ip filter to get the correct IP from a header like HTTP_X_FORWARDED (don’t return an empty value here, otherwise all comments are marked as spam).

• Fix: Usage of core filter pre_comment_user_ip breaks ASB if the IP address is removed for GDPR compliance

2.11.4

IMPORTANT: If you use the country check and are behind a proxy or similar, you need to use the pre_comment_user_ip filter to get the correct IP from a header like HTTP_X_FORWARDED.

• Fix: Read client IP for country check from REMOTE_ADDR only (filterable via pre_comment_user_ip)
• Fix: No spam reason in spam notification email, and related PHP warning
• Fix: Remove outdated info from readme
• Enhancement: Show upgrade notice on plugin overview page
• Maintenance: Tested up to WordPress 6.3

2.11.3

• Fix: Multiselect for “Delete comments by spam reasons” was not saving values
• Fix: Fix broken link for ISO country codes
• Maintenance: Added test for PHP 8.2
• Maintenance: Tested up to WordPress 6.2

2.11.2

• Tweak: remove superfluous translations
• Tweak: make FAQ link an anchor link
• Fix: spam counter no longer raises a warning with PHP 8.1 if no spam is present yet
• Fix: spam reasons are now localized correctly
• Fix: Translations were loaded twice on some admin pages
• Maintenance: Tested up to WordPress 6.1

2.11.1

• Tweak: remove superfluous type attribute from inline script tag
• Maintenance: Tested up to WordPress 6.0

2.11.0

• Fix: Allow empty comments if allow_empty_comment is set to true
• Fix: Add aria-label to work around bug in a11y testing tools
• Fix: Change priority for comment_form_field_comment from 10 to 99
• Tweak: Updated some FAQ entries
• Tweak: Updated build tooling

2.10.0

• Fix: Switch from ip2country.info to iplocate.io for country check
• Enhancement: Use filter to add the honeypot field instead of output buffering for new installations and added option to switch between the both ways
• Tweak: Added comment user agent to regex pattern check
• Tweak: Make the ping detection filterable to support new comment types
• Tweak: Updated internal documentation links
• Tweak: Several updates and optimizations in the testing process
• Tweak: Adjust color palette to recent WP version
• Tweak: Adjust wording in variables and option names
• Readme: Add new contributor and clean up unused code

2.9.4

• Enhancement: Add filter to allow ajax calls
• Tweak: Better wording for BBCode feature in plugin description
• Tweak: Better screenshots in the plugin directory
• Maintenance: Tested up to WordPress 5.7

2.9.3

• Fixed: Compatibility with WordPress 5.5
• Fixed: Undefined index on spam list page
• Tweak: Better wording on settings page
• Tweak: AMP compatibility
• Tweak: Protect CSS from overwrite through bad themes

2.9.2

• Fix: Delete comment meta for deleted old spam. For the cleanup of older orphaned comment meta we suggest the usage of WP Sweep
• Fix: Statistic in dashboard showed wrong value
• Tweak: Change autocomplete attribute to “new-password”
• Tweak: Autoptimize compatibility improved
• Tweak: Renamed blacklist/whitelist to a better phrase
• Tweak: Added new pattern
• Tweak: UI and text optimizations
• Tweak: Better compatibility with some server configurations
• Tweak: Make spam reason sortable and filterable
• Tweak: Add spam reason for manually marked spam
• Maintenance: Deleted unused code
• Maintenance: Removed Fake IP check (unreliable and producing false positives)
• Maintenance: Fix some coding standard issues
• Maintenance: Tested up to WordPress 5.4
• Maintenance: Tested up to PHP 7.4

2.9.1

• Improved backend accessibility
• Prefilled comment textareas do now work with the honeypot
• Compatible with the AMP plugin (https://wordpress.org/plugins/amp/)
• Improved dashboard tooltips
• Improvements for the language detection API
• Scalable IP look up for local spam database

2.9.0

• Introduction of coding standards.
• Switch to franc language detection API for the language check.
• Do not longer overwrite the IP address WordPress saves with the comment by using pre_comment_user_ip.
• Do not show “Trust commenters with a Gravatar” if the “Show Gravatar” option is not set.
• Skip the checks, when I ping myself.
• Fixes some wrong usages of the translation functions.
• Use the regular expressions check also for trackbacks.
• Add option to delete Antispam Bee related data when plugin gets deleted via the admin interface.
• Save a hashed + salted IP for every comment
• New check for incoming trackbacks.
• Introduction of behat tests.
• Updates the used JavaScript library for the statistics widget.
• Bugfix in the “Comment form used outside of posts” option.

2.8.1

• PHP 5.3 compatibility
• Bugfix where a spam trackback produced a fatal error
• For more details see https://github.com/pluginkollektiv/antispam-bee/milestone/8?closed=1

2.8.0

• Removed stopforumspam.com to avoid potential GDPR violation
• Improves IP handling to comply with GDPR
• Improves PHP7.2 compatibility
• Fixes small bug on mobile views
• Allow more than one language in language check
• Minor interface improvements
• Remove old russian and Dutch translation files
• For more details see https://github.com/pluginkollektiv/antispam-bee/milestone/4?closed=1

2.7.1

• Fixes an incompatibility with Chrome autofill
• Fixes some incompatibilities with other plugins/themes where the comment field was left empty
• Support for RTL
• Solve some translation/language issues
• A new filter to add languages to the language check
• For more details see https://github.com/pluginkollektiv/antispam-bee/milestone/6?closed=1

2.7.0

• Country check is back again (thanks to Sergej Müller for his amazing work and the service page)
• Improved Honeypot
• Language check through Google Translate API is back again (thanks to Simon Kraft of https://moenus.net/ for offering to cover the costs)
• More default Regexes
• Unit Test Framework
• Accessibility and GUI improvements
• An english documentation is now available, too. Some corrections in the german documentation.
• Some bugfixes – Among other things for WPML compatibility
• For more details see https://github.com/pluginkollektiv/antispam-bee/milestone/3?closed=1

2.6.9

• Updates donation links throughout the plugin
• Fixes an error were JavaScript on the dashboard was erroneously being enqueued
• Ensures compatibility with the latest WordPress version

2.6.8

• added a POT file
• updated German translation, added formal version
• updated plugin text domain to include a dash instead of an underscore
• updated, translated + formatted README.md
• updated expired link URLs in plugin and languages files
• updated plugin authors

2.6.7

• Removal of functions Block comments from specific countries and Allow comments only in certain language for financial reasons – more information

2.6.6

• Switch to the official Google Translation API
• Release time investment (Development & QA): 2.5 h

2.6.5

• Fix: Return parameters on dashboard_glance_items callback / thx @toscho
• New function: Trust commenters with a Gravatar / thx @glueckpress
• Additional plausibility checks and filters
• Release time investment (Development & QA): 12 h

2.6.4

• Consideration of the comment time (Spam if a comment was written in less than 5 seconds) – more information
• Release time investment (Development & QA): 6.25 h

2.6.3

• Sorting for the Antispam Bee column in the spam comments overview
• Code refactoring around the use of REQUEST_URI
• Release time investment (Development & QA): 2.75 h

2.6.2

• Improving detection of fake IPs
• Release time investment (Development & QA): 11 h

2.6.1

• Code refactoring of options management
• Support for HTTP_FORWARDED_FOR header
• Release time investment (Development & QA): 8.5 h

2.6.0

• Optimizations for WordPress 3.8
• Clear invalid UTF-8 characters in comment fields
• Spam reason as a column in the table with spam comments

For the complete changelog, check out our GitHub repository.