The anti-spam checkbox seems to be working well, so I’ll give out the geeky instructions now. As mentioned earlier, this method was taken from This Chick. Since it does exactly what it appears to do, I’m not giving anything away by revealing the inner workings to the spammers. (The incest spammers already have it figured out.)

So here’s what you do. These instructions are for WP 1.2, but I think they’ll work, more or less, for 1.2.x.

  1. Add the checkbox to the comment template. You’ll also be adding a Javascript to remind the user to check the checkbox. Replace the lines in wp-comments.php that say:
    	  <label for="comment"><?php _e("Your Comment"); ?></label>
    	<br />
    	  <textarea name="comment" id="comment" cols="70" rows="4" tabindex="4"></textarea>
    	  <input name="submit" type="submit" tabindex="5" value="<?php _e("Say It!"); ?>" />


    	  <label for="comment"><?php _e("Your Comment"); ?></label>
    	<br />
    	  <textarea name="comment" id="comment" cols="40" rows="6" tabindex="4"></textarea>
    	<SCRIPT language=JavaScript>
    //Accept terms & conditions script (by InsightEye
    //Visit JavaScript Kit ( for this script & more.
    function checkCheckBox(f){
    if (f.iverifythati.checked == false )
    alert('Please check the box to verify that you are not spamming.');
    return false;
    return true;
      <input type="checkbox" value="nospam" name="spamcheck" tabindex="5" /><span style="padding-right: 40px;"> I verify that I am not a spammer.</span>
      <input name="submit" type="submit" tabindex="6" value="<?php _e("Say It!"); ?>" />

    Note the change in the tabindex of the submit button.

  2. Change the form to run the Javascript on submission. In the same file, a few lines above where you were before, replace:
    <form action="<?php echo get_settings('siteurl'); ?&gt:/wp-comments-post.php"
    method="post" id="commentform"&gt:


    <form action="<?php echo get_settings('siteurl'); ?&gt:/wp-compost.php"
    method="post" id="commentform" onsubmit="return checkCheckBox(this)"&gt:
  3. Repeat steps 1 and 2 in the other WP files that generate comment forms: wp-comments-popup.php and wp-comments-reply.php. If you’re not using the popup or reply forms, you might want to disable them instead (by, say, removing them from your webserver).
  4. The last thing you need to do is edit wp-comments-post.php to check that the checkbox is checked. Find the lines that say:
    if ( '' == $comment )
    	die( __('Error: please type a comment.') );

    This is code that rejects empty comments. We’re going to add a line below it to reject comments for which the checkbox wasn’t checked. Replace the lines above with:

    if ( '' == $comment )
    	die( __('Error: please type a comment.') );
    if ($_POST['spamcheck'] != 'nospam')
      die( __('Error: Please use your browser's back button to complete the form.') );

    Feel free to change the error message; I was going for cryptic, since most legitimate users will get the more informative Javascript warning. Note that the apostrophe had to be escaped with a backslash.

And that’s it! You’re despammed.

2 Responses to “Anti-Spamming”

  1. James Says:

    Thanks for this. I run 6 blogs on my domain (for different people) and see upwards of 300 bad comments each day. This should stop them :)

  2. Jemima Says:

    You’re welcome. Please tell me if you find the instructions unclear or misleading.