New anti-spam measures

I’ve implemented a new system for avoiding comment spam. When you submit a comment, you must answer a simple question that anyone who speaks English fluently will be able to answer, and anyone who isn’t fluent should be able to google. The question never changes.

I’m relying on security through obscurity, that is, I’m assuming that no spammer will try to outwit it. Security by obscurity is usually derided by security professionals since it’s useless against a dedicated attacker. If I were Google or FaceBook, this would be an issue. But as long as there are thousands of less secure blogs, it’s not worth a spammer’s time to spend a minute or two to add a custom rule for my site.

For now, comments still need to be approved before they show up. If I don’t get any new comment spam in a while, I’ll change that rule.

In case you’re wondering, it took me about an hour to write the WordPress plug-in. That included reading the documentation, then looking at a few published plug-ins (one of which probably doesn’t really work) because the documentation is incomplete or misleading. I was inspired by this blog post. (The author uses a fixed image for his CAPTCHA. Based on his experience, I figured I could make one that’s accesible to the blind.)