WordPress WhiteList BlackList Plugin Wanted

WordPress PluginsUPDATE: Andy Bailey who created the WordPress Plugin CommentLuv has created an anti-spambot plugin that is far more effective than Akismet. Read this page about our Akismet alternative.

SPAM REVIEW WORKAROUND: I wanted to share a tip to get your regular commentators comments approved faster. If most of your readers are CommentLuv bloggers, search for the wording that precedes their featured blog post. That should bring up all the real comments for fast approval. (There are spammers using CommentLuv so be sure to check and delete those.)

As Gardening expert Stephanie Suesan Smith and I brainstormed about the best way to control spam, it occured to us that what we really want are blacklist and whitelist functions under our own control.

Any spam control plugin that censors our favorite bloggers and new real visitors while allowing the same junk through to the spam folder – which we then have to trudge through every day – simply is NOT the solution we need.

Is there a blacklist whitelist WordPress plugin that WE can control?

The SI-Captcha I tested blocked hundreds of spam per day, but because it relies on cookies it sometimes told commentators that they were entering the captcha incorrectly no matter how many times they tried. That was the same issue I ran into with the math plugin.

Clearing cookies on the commentator’s computer would probably resolve those issues, so one potential fix would be to turn math or a captcha back on and add text near the comment function suggesting clearing cookies if they entered correctly but it said they didn’t.

Stephanie suggested we “start with something that has false negatives but not false positiives, then teach it to recognize the false negatives for what they are”

Does anyone know about (or have the ability to correct) a WordPress plugin that can be used to whitelist our regular readers and blacklist obvious spam?  Specifically, we need to be able to blacklist:

  1. Specific URLs (because spammers leave 100s of comments and that is the one field they have to make accurate or their spam is useless)
  2. Commonly used spam phrases – We need to block specific PHRASES and NOT the words within the phrases.

I don’t know that a plugin can over-ride WordPress refusing to immediately allow comments to go live when the commentator has been flagged as a spammer by Akismet.

The way I have this blog configured, if you have one comment approved your subsequent comments should appear immediately – but they don’t. Since Akismet is turned off in this blog, that indicates that WordPress is using Akismet or some other blacklist function to prevent comments from appearing.

If the plugin can not force WordPress to immediately publish comments left by our whitelisted commentators, it could at least put them into a separate section for fast approval or include a way to notify us by email or Twitter so we can approve it quickly.

If you know of any plugin that does this OR can create one or know someone who could do please leave information including related links in the comments of this post.

The WordPress IP Ban is the closest we’ve found but it doesn’t block URLs or phrases. Incorporating some of what it does into the blacklist whitelist plugin we are seeking might be useful.

We have 3,043 comments we are reviewing right now; we WILL rescue yours as soon as we find it. The Akismet delete comments fucntion is NOT active in this blog.

I have temporarily reenabled SI-Captcha because in the few hours since this post was published over forty more spam dropped in primarily left by bots. If you get a message that you entered the captcha incorrectly when you didn’t try clearing your cookies. That is the most likely cause.

If you ever have difficulty leaving a comment please do let me know using the information on the contact tab or by an @GrowMap message (not a DM) to me at Twitter.

The following two tabs change content below.

Gail Gardner

Small Business Marketing Strategist at GrowMap
Creator and owner of GrowMap.com, Gail is primarily known for mentoring small businesses and encouraging bloggers to join collaborations to share skills and support small business.


  1. Blacklist Cloud plugin allow you to blacklist IP address from visiting your wp site.
    Thanks for sharing this post.

  2. I’m new wordpress blogger this article is very informative for me and plz more suggestion about wordpress soon. Thanks for this sharing.

  3. Ya sure plugins plays vital role in wordpress. As i know that SEO Pack is very important plugins for SEO promotion in wordpress. In same way if one’s have blacklist and white list in worpress. He/she can perform in best way..

  4. I have been using lately a combination of Akismet and Growmap Anti-Spam plugin and I must say I am very pleased with what’s happening on my blogs.

    Thanks for offering this plugin for free.

  5. I always clear cookies and i find it helpful..this task is a must do for me
    buffalo tees would love you to read ..Buffalo Cool Place T-ShirtMy Profile

  6. Beside akismet, i use conditional captcha plugin in my wp blog. It can blocks spammers more effectively. I have 100 comment spams a day before i use it, but right now almost no spam at all.
    Andy would love you to read ..Which Android is the best in the market today according to Vellamo?My Profile

  7. philippine typhoons says:

    Im looking forward to use a plugin like this. But im worried about its security.
    philippine typhoons would love you to read ..Local weather condition forecast using satellite imagesMy Profile

  8. nicely explained to use webmaster tools for better results

  9. I must agree that akismet is good at detecting spam, but the fact that even some legitimate comments from a commenters that are marked as spam by others before will affect them a lot because even how good their comment are it still won’t appear. I have read on a blog that they are using a plugin called Growmap Anti-Spambot Plugin as an alternative to akismet.


  10. Garagentore says:

    It`s nothing wrong to promote site by using a comment, which is releted to the post subject. Spammers leaves comments unrelated. They don`t even read the post and that`s the difference.

    • I totally agree with you. Businesses that are building links are often very interested in what bloggers who write about related subjects have to say and can become regular readers and commentators.

      Bloggers should welcome them instead of deleting their comments. I wrote about that in my post about CommentLuv.
      growmap would love you to read ..How CommentLuv Grows Businesses and BlogsMy Profile

  11. I use Bad Behavior on my larger sites. Monday, I installed it on my much smaller sites like Celebrate Life. It keeps a log of the bots that are blocked, which is helpful. Although small, I get a lot of spam.

    I used to use a plugin that did a lot what you are mentioning, sadly that’s doesn’t exist anymore, however, I did find a plugin this morning that seems to do a lot of the same things. You can find it here http://herselfswebtools.com/2008/06/wordpress-security-plugin-block-scrapers-hackers-and-more.html
    I just stumbled upon her site this morning, so really haven’t had a chance to check it out. However, I’m liking that I can add bad links to the list. I like that type of control.

    I’ve recently increased the security on my newer sites, and have been looking for ways to increase the security and shut down comment spam on all my sites. Towards the end of last week, I had a successful attack on my newer sites. Although I have the security measures in place on my larger sites, I didn’t get around to doing that on my smaller sites. A stupid mistake, I won’t be making again.

    Google alerted me about the phishing links. Which made me aware of the attack. I contacted my hosting provider and they pulled my affected sites offline. I got the sites cleaned, and they went back online on Labor Day. I’ve followed up with Google so they could release the warning, that some people might have seen when they visited my sites.
    .-= HealtyOpal´s featured blog ..Right on track Compromised websites and Interesting stats with newest sites =-.

    • Hi Opal,

      We tried Bad Behavior in this blog and it locked out every admin and I could have lost everything. It caused quite a scare and took three WP experts to figure out how to find and delete every file it created.

      Andrew Rondeau and others still recommend it and it works well for many. Why it didn’t work here I do not know, but I don’t want to risk using a plugin that can do that.

      Have you seen our new GrowMap anti-spambot plugin Andy @CommentLuv wrote that adds the “are you a spammer checkbox? It saves me a ton of time and aggravation.
      growmap would love you to read ..Small Business Advice Fast and Easy to Find at BizSugarMy Profile

  12. turmeric health benefits says:

    This sounds like a great plug-in. Hopefully, someone that knows programming will be able to come up with something.


  13. ReputationManagementConsultants.com says:

    That is really a neat trick to screen the real commenter from the spammers. Thanks for sharing.

  14. Paul Sylvester says:


    I would caution you into going back in time with WP for the one fact that even if you did that there will be several things that you will need to consider:

    (1) No support for that version
    (2) More exploitable, code that isn’t being updated regularly means that you will be more vulnerable for hack attacks.
    (3) Might not be support with themes and other plugins.

    You should really think long and hard over doing that. I understand the problems of spam. Actually all of the sudden I was getting 50 to 60 spam messages a day, but it seems to have slowed down to trickle again. These are just a few things you need to consider before going back in time!!
    .-= Paul Sylvester´s featured blog ..How to Cloak links on a WordPress Multisite and subdomains the easy way!! =-.

    • Hi Paul,

      Perhaps I did not make my intent clear. I was not suggesting running that version – I was suggesting using that version as base code and then having developers create an INDEPENDENT version that is supported and updated by those who oppose censorship.

      I wish I only had 50-60 spam comments in any blog. The Bad Behavior option that Sammy mentioned sounds promising. Maybe that will be the solution.
      .-= growmap´s featured blog ..Support Small Businesses =-.

  15. This is the great article! I was really impressed with the information you presented in your blog, make our readers more knowledge may be useful. I think there are many different opinions from various SEO consultants and agencies even specifically because to understand the importance of backlinks and anchor text for small businesses locally and online. which should have a way to blacklist them and that really will cut the amount of spam received .. Whitelisting can be difficult because it looks like WordPress will not let comments through for review. this is the news or the people in the use of SEO. good job, continue to share with us when you get the latest information about the issues involved. thank you all.

    • Hello Paris,

      You are correct that whitelisting may not be possible because even if you disable Akismet WordPress will not allow the comments to go live. What a plugin could probably do though is put the whitelisted comments into a separate section for fast approval. That makes a big difference when you’re being hit by hundreds of spam at a time and the real comments are buried.

      Eventually we may even have to find an alternative to the official version of WordPress. That might require going back to the last version of WP that was truly open and building it from there. If anyone does that I will be the first one to volunteer to migrate.
      .-= growmap´s featured blog ..Building Traffic Using Anchor Text =-.

  16. Paul Sylvester says:

    I have found Recaptcha do to a better job at that. I haven’t had any trouble with people not being able to enter the captcha’s, unlike Si-Captcha. I wish I was a programmer but I do fully understand the problem at hand and think there has to be something that can be done about it.

    Some ideas to consider for all bloggers:

    Are we going to depend on something like a black list again and anything that might be spam in your eyes but not the readers?
    How do you classify a spam message? To many links or is just one link to many?
    Depending on a whitelist plugin can lead to so many problems and the possibility of someone getting accidentally onto the list and exploiting it. Are you willing to trust that plugin explicitly.

    I know that we have to trust plugins to a point but having that type plugin would only make t that much more enticing to the spammers to find a weakness and exploit it. Then they wouldn’t have to work so hard for blog comments. So you see it can lead to so many problems, in the future.
    .-= Paul Sylvester´s featured blog ..How to Cloak links on a WordPress Multisite and subdomains the easy way!! =-.

    • Hi Paul,

      The definition of spam is one of the major reasons Akismet will never work. If we (either individually or specific experienced bloggers using the same definition of what is spam) control the whitelist and blacklist we don’t have the problem we will never eliminate of some bloggers inaccurately calling comments spam that are not.
      .-= growmap´s featured blog ..TWTPoll- SI Captcha Anti-Spam WP Plugin =-.

  17. Hi GrowMap,

    Have you looked into Bad Behavior… I installed it on a clients blog at their request and to be honest… they don’t get a whole lot of spam.

    Might be worth looking into.

    .-= Sammy Russo´s featured blog ..My WordPress Site is Stuck In Maintenance Mode! =-.

  18. Well, I do not know about that, but what I do is to block the IP addresses of all spam bots that I encounter. I use the .htaccess file. So far I have blocked like a 100 IPs :)
    .-= Jake@Social Media´s featured blog ..Your Favorite Eric Schmidt Quotes =-.

    • Hi Jake,

      Don’t smart spammers spoof IP addresses? How do you know you are blocking them and not some random victim?

      Maybe there are dumb spammers we could block that way? Anyone else have feedback on that? Would you mind pasting your blocked IP addresses in a comment or do you think the spammers will change IP addresses if they find that?

      Real people who are blocked need to be able to search and find out why – and if you really have a list of spam bots blocking them would benefit many bloggers.
      .-= growmap´s featured blog ..Proper Ways Your Business Can Use Social Media Channels =-.

  19. Hey,

    I think I’ve found what we’ve all been looking for. It’s called Conditional CAPTCHA for WordPress. Thanks to ShoutMeLoud. I’ve tested it on my blog and it works 😉

    Here’s the link to the post.

    Cheers 😉
    .-= Udegbunam Chukwudi´s featured blog ..Blogging At A Glance With Karo Itoje =-.

    • Hi Chuks,

      That wouldn’t work for us because we have turned Akismet off in all our blogs. I am unwilling to allow any third party to prevent commentators from having a voice in my blogs.
      .-= growmap´s featured blog ..Best of GrowMap – Our Most Important Posts All in One Place =-.

      • It’s been a week since I installed Conditional Captcha and it’s doing a fantastic job for me. If you don’t like Akismet you might want to consider trying Typepad Antispam which works with the plugin too 😉
        .-= Udegbunam Chukwudi@Make Money Online´s featured blog ..Rescue Non-Spam Comments With Conditional CAPTCHA =-.

        • Thasks Chuks,

          We’ll look into those but they are probably not what we want. The thing most bloggers aren’t considering is that it is really easy to block spam if you don’t care how many false positives you have.

          Have you noticed how many comments I have versus how many most blogs don’t have? That is because many of the very best bloggers are unable to comment in their blogs because of anti-spam plugins.

          I don’t know about anyone else but I don’t read blogs I can’t comment in because I want to be able to ask for clarification, ask questions and add insights. If the blogger doesn’t want to interact with me they don’t make my priority list.

          There is only so much time and there are more quality blogs than anyone could ever read so I focus only on DoFollow, CommentLuv and usually even KeywordLuv enabled blogs to interact with and any others only get visited or shared occasionally if at all.
          .-= growmap´s featured blog ..DoFollow CommentLuv KeywordLuv Community =-.

  20. Being new to blogging I visit sites like this to learn and I hope you find a programmer who can sort this for you. It seems awful that you are trying to help get the word out in support of small businesses and people are abusing this. Thanks for all the posts you do share with us. This newbie sure appreciates it.
    Patricia Perth Australia

  21. This sounds like a great plugin. Hopefully, someone that knows programming will be able to come up with something. It kind of reminds me of the email spam settings that you can train heuristically. I wonder if a programmer would be able to leverage that kind of tool.

    I’d be more than willing to be a beta tester for that plugin 😀
    .-= CJ@Online Help´s featured blog ..Poll STILL OPEN!! =-.

  22. @Andy Beard
    Great Link thanks.

  23. Dennis Edell says:

    It is said often, the best things created are those first created out of personal need, so I hope you do find someone.

    I will inquire around in my offline circle as well; I know a few programmers/coders.
    .-= Dennis Edell @ Direct Sales Marketing´s featured blog ..Welcome To The All New DennisEdellcom! =-.

    • Hi Dennis,

      Thank you for whatever assistance you can lend. I can’t believe I am the first blogger to want to whitelist my regular commentators or block the spammers who are hitting me with 150+ spam messages at a time.
      .-= growmap´s featured blog ..SPAMMER ALERT- ResearchMyNamecom =-.

      • Dennis Edell says:

        I suppose most are happy with the blacklist options offered within the admin.
        .-= Dennis Edell @ Direct Sales Marketing´s featured blog ..Twitter Weekend 1 Followup 1 =-.

  24. Andy Beard says:

    I have fond this one works ok if people are having problems

    That being said I don’t have many problems with WP SPam Free + moderating first time comments.
    .-= Andy Beard´s featured blog ..Twitter… About Password Security &amp OAuth =-.

    • I am honored to have you comment here, Andy. We have very different positions on the commenting issue because I am a proponent of supporting small businesses and use KeywordLuv while you have a very strong policy against the use of anchor text, keywords or links by commentators.

      WP-SpamFree and I don’t get along very well because it appears that words like business, networking, and marketing are blacklisted and we often discuss those subjects here and in the blogs I frequent most.

      I had not seen the whitelist plugin. We’ll check that one out. I don’t mind moderating first time comments – it is the repetitive bot spam that is burying my blogs and stealing my time. I turned off Akismet in all the blogs I own or co-own and am determined to find a solution that does not censor those who wish to have their say.

      One thing many people do not realize is that we do not actually control whether non-first time comments go live immediately or not. It appears that even if you have Akismet disabled that WordPress requires moderation of comments if the commentator is flagged by Akismet as a spammer.

      Akismet has been a major problem which is why there are five posts about Akismet under my Why Use WordPress category.

      Why I feel the way I do is explained in my post about Supporting Small Business that I’ll feature in CommentLuv in this reply.
      .-= growmap´s featured blog ..Support Small Businesses =-.

      • Andy Beard says:

        I have a strong policy simply because previous policies were being too heavily abused, but I am still dofollow :)

        It was mainly being abused by SEO consultants and agencies – not for themeselves but for their clients… which unfortunately meant the comments were in many ways breaking UK law.

        WP SPam Free only uses the built in WordPress blacklist though I use it with the very minimum settings.

        There isn’t any code that talks to Automattic for comments if you don’t have Akismet installed, so maybe you just have a fe rogue entries in your conventional WP blacklist.

        • Hi Andy,

          I know you’re dofollow – I probably learned about dofollow and Akismet problems from your blog.

          I have a different view of comments from even SEO consultants and agencies specifically because I understand the importance of anchor text and backlinks for small local and online businesses.

          Many businesses have blogs now and leave comments. We read and comment in their blogs; they comment in and read ours. I am unfamiliar with what laws that might be breaking. Could you elaborate or provide a link to that information?

          I don’t have anything in the conventional WP blacklist because all that does as far as I can tell is dump them into spam where I have to review them anyway. Not much point in doing that unless you never review what ends up there.

          The reason it appears that WordPress uses Akismet’s spam list is that I have noticed that subsequent comments using exactly the same name, URL and email address do not go live even when I have already approved a comment for that person.

          It is possible that the comment in question included a word that is blacklisted by WordPress in some other manner. What I know is that certain people have complained that their comments do not go live immediately AFTER I disabled Akismet and when I check they have been flagged as spammers by Akismet.
          .-= growmap´s featured blog ..Best of GrowMap – Our Most Important Posts All in One Place =-.

  25. I really wish that I was a programmer because that is a great idea for a plugin. I am sure someone will read this and take action.
    .-= Dan Keller@blog tips for beginners´s featured blog ..Best Twitter App for Small Businesses =-.

    • Hi Dan,

      I sincerely hope someone knows of one or is willing to work on one. The same spammers hit all my blogs over and over – some promoting the same URLs and others using the same words not fit for mixed company.

      There should be a way to blacklist them and that would really cut the amount of spam I’m getting. Whitelisting may be tougher because it looks like WordPress won’t let comments through for commentators that have been unfairly flagged as spammers.
      .-= growmap´s featured blog ..TWTPoll- SI Captcha Anti-Spam WP Plugin =-.

Speak Your Mind


CommentLuv badge