Tutorial: Stop Comment Spam with Cookies for Comments WordPress Plugin

By Jonathan Griffin. Editor, SEO Consultant, & Developer.

· 4 min read

We have recently taken you through a detailed tutorial on how to stop WordPress Comment Spam, but a new plugin called Cookies for Comments has recently been gaining some positive reviews for their more novel approach.

Spam can be incredibly annoying, and even negatively affect the SEO of your website, both diluting the keyword density or linking to websites in a bad neighborhood causing penalties or worse.  It is for this reason that dealing with any comment spam issues is essential, and while we still stand by the methods in our recent tutorial, this plugin is a great option to consider.

What does Cookies for Comments do?

Essentially, the plugin adds a stylesheet or image to your site’s HTML, which when a real visitor loads your website a cookie is dropped.  When a user leaves a comment, the cookie is checked to make sure it is there, and if it is not, then the comment is marked as spam. 

Another useful feature of the plugin is that it can also check to see how long the user visited the website before leaving a comment.  Many automated programs will visit the website and leave a comment in under a second.  Any non-spam comment is likely to occur after the reader has time to digest and read the article.  Any comment that is left too quickly is marked as spam.

The problem with using the Cookies for Comments WordPress plugin is that the spammer still gets to visit your website and waste server resources.  For this reason, we use CloudFlare as part of our own strategy. However, the main reason that this plugin came to our attention was the ability to use it to configure your .htaccess file so as to prevent the spammers getting to your website altogether. 

We have put together a small tutorial below showing you how to configure the Cookies for Comments plugin to do this:

Cookies for Comments Advanced Tutorial to Stop Comment Spam

1.  Install Cookies for Comments Plugin

To do this do a plugin search for “Cookies for Comments” from within your WordPress administration dashboard as shown below:

Cookies for comments.
Cookies for comments. CREDIT: SCREENSHOT.

Once you click “Search Plugins” the “Cookies for Comments” plugin will be the top entry.  Click “Install Now”, wait while it is installed, and then activate the plugin.

2. Manage the Cookies for Comments Settings

Under “Settings” -> “Cookies for Comments” you can reach all the configuration options for the plugin.  You have the option of the following:

  • You can choose whether the comments caught by the plugin are sent to the spam box, or deleted
  • You can choose the payload delivery Mechanism, being either a CSS file or an Image file.  It is recommended that you use the Image version, as this loads at the end of the page, so doesn’t slow down your site’s loading speed.
  • Determine the length of time a person must spend on your page before leaving a comment.  The recommended values are between 3 and 6 seconds.
  • You can set a rejection message.

3.  Advanced Usage of the Cookies for Comments WordPress Plugin

The point of this tutorial was mainly to show you how to use this advanced feature.  What this does is stop the comments from spam-bots from ever reaching the database or execute PHP.  This significantly reduces server resources and is highly recommended.  The first thing you need to do it scroll to the bottom of the Cookies for Comments settings, where you will find the following code:

Cookies for Comments code.
Cookies for Comments code. CREDIT: SCREENSHOT.

Please note that this code will be **unique ** to your installation.  Do not copy the code above.

4.  Add code to your .htaccess file

You need to insert the code before the regular WordPress mod_rewrite rules in your .htaccess file.  This can be done using any FTP program, but we personally just use the cPanel File Manager code editor.  Once you have loaded up the .htaccess file (make sure if you are loading from within your control panels File Manager you select “show hidden files”) find the line that says:

BEGIN WordPress

Add the following code (this is unique to you, so grab it from your settings page as described above) BEFORE that line:

RewriteRule^wp-comments-post.php -[F ,L]

Once you have added the code it should look something like this:

Cookies for comments htaccess.
Cookies for comments htaccess. CREDIT: SCREENSHOT.

Obviously, what other plugins you have installed will alter how much code is actually in your .htaccess file.

Final Thoughts

This is a great plugin, and worth trying if you are experiencing a lot of WordPress Spam Comments.  While we have not seen the need to carry out this kind of solution ourselves, as we use alternative methods, we can see that it would be very effective.