Tutorial: Stop Comment Spam with Cookies for Comments WordPress Plugin

cookiesforcommentsWe have recently taken you through a detailed tutorial on how to stop WordPress Comment Spam, but a new plugin called Cookies for Comments has recently been gaining some positive reviews for their more novel approach.  Spam can be incredibly annoying, and even negatively affect the SEO of your site, both diluting the keyword density, or linking to sites in a bad neighborhood causing penalties or worse.  It is for this reason, that dealing with any comment spam issues is essential, and whilst we still stand by the methods in our recent tutorial, this plugin is a great option to consider.

What does Cookies for Comments do?

Essentially, the plugin adds a style-sheet or image to your site’s HTML, which when a real visitor loads your site a cookie is dropped.  When a user leaves a comment the cookie is checked to make sure it is there, and if it is not, then the comment is marked as spam.  Another useful feature of the plugin, is that it can also check to see how long the user visited the site before leaving a comment.  Many automated programs will visit the site and leave a comment in under a second.  Any non-spam comment is likely to occur after the reader has time to digest and read the article.  Any comment that is left too quickly is marked as spam.

The problem with using the Cookies for Comments WordPress plugin, is that the spammer still gets to visit your site and waste server resources.  For this reason we use CloudFlare as part of our own strategy, however, the main reason that this plugin came to our attention was the ability to use it to configure your .htaccess file so as to prevent the spammers getting to your site altogether.  We have put together a small tutorial below showing you how to configure the Cookies for Comments plugin to do this:

Cookies for Comments Advanced Tutorial to Stop Comment Spam

1.  Install Cookies for Comments Plugin

To do this do a plugin search for “Cookies for Comments” from within your WordPress admin dashboard as shown below:



Once you click “Search Plugins” the “Cookies for Comments” plugin will be the top entry.  Click “Install Now”, wait whilst it is installed, and then activate the plugin.

2. Manage the Cookies for Comments Settings

Under “Settings” -> “Cookies for Comments” you can reach all the configuration options for the plugin.  You have the option of the following:

  • You can choose whether the comments caught by the plugin are sent to the spam box, or deleted
  • You can choose the payload delivery Mechanism, being either a CSS file or an Image file.  It is recommended that you use the Image version, as this loads at the end of the page, so doesn’t slow down your sites loading speed.
  • Determine the length of time a person must spend on your page before leaving a comment.  The recommended values are between 3 and 6 seconds.
  • You can set a rejection message.

3.  Advanced Usage of the Cookies for Comments WordPress Plugin

The point of this tutorial was mainly to show you how to use this advanced feature.  What this does is stop the comments from spam-bots from ever reaching the database or execute php.  This significantly reduces server resources, and is highly recommended.  The first thing you need to do it scroll to the bottom of the Cookies for Comments settings, where you will find the following code:

Cookies for Comments code

Please note that this code will be unique to your installation.  Do not copy the code above.

4.  Add code to your .htaccess file

You need to add the code before the regular WordPress mod_rewrite rules in your .htaccess file.  This can be done using any FTP program, but we personally just use the cPanel File Manager code editor.  Once you have loaded up the .htaccess file (make sure if you are loading from within your control panels File Manager you select “show hidden files”) find the line that says:

# BEGIN WordPress

Add the following code (this is unique to you, so grab it from your settings page as described above) BEFORE that line:

RewriteRule^wp-comments-post.php -[F,L]

Once you have added the code it should look something like this:


Obviously, what other plugins you have installed will alter how much code is actually in your .htaccess file.

Final Thoughts

This is a great plugin, and definitely worth trying if you are experiencing a lot of WordPress Spam Comments.  Whilst we have not seen the need to carry out this kind of solution ourselves, as we use alternative methods, we can see that it would be very effective.

We will be happy to see your thoughts

Leave a reply