Documentation
The range of Antispam Bees functions is manageable and is mainly focused on the defense of spam entries via comments, Pingbacks and Trackbacks. Most functions of the application can be controlled via the panel with settings to determine the desired result of the protection. Each individual option of the tool is presented below. The option page consists of three main columns with choices. The columns are flexible and lined up side by side depending on the width of the window. In the following, the individual columns are presented as separate areas with plugin settings.
Antispam Filter
The order of the listed filters corresponds exactly to the test order in the plugin. The rank order was not determined randomly, the focus is to reduce the load on your own database.
Trust approved commenters
Authors with previously released comments will always be trusted with the choice of this option. Comments from these users are not checked or questioned at any time. E-mail address serves as an identifier.
Implementation: Antispam Bee 1.4
Trust commenters with a Gravatar
Antispam Bee checks for the existence of a valid gravatar. Commentators with a Gravatar are familiar, further antispam examinations of the comment will not be done.
Data protection: the Gravatar can be determined by an MD5-Hash of the email address of the commenter. Other data of the commentator like the IP address are not part of the transmission. This setting is optional and not part of the default settings.
Implementation: Antispam Bee 2.6.5
Consider the comment time
Consideration of comment time. Details on our blog (only in german).
Implementation: Antispam Bee 2.6.4
BBCode links are spam
Many spam comments are purely forum spam, which is massively sent to WordPress blogs. Whether this is a misbehavior of the programmers remains unclear. The fact is: comments with BBCode links in the content are clearly spam. Unless WordPress plugins were installed in the blog to allow commentators to use bulletin board code. If this is the case, the setting must not be switched on. When activated, Antispam Bee checks incoming comments for the existence of BBCode links.
Implementation: Antispam Bee 2.5.1
Validate the ip address of commenters
As an additional detection method, Antispam Bee checks available network information from the sender (e.g. hostname) and evaluates it anonymously and profitably. The analysis takes place directly in the blog without external services.
Implementation: Antispam Bee 1.4
Use regular expressions
There are spam comments that correspond to a specific pattern. Antispam Bee uses this to filter unwanted comments. For this purpose, predefined and/or plug-in-defined regular expressions are used for attributes of a WordPress comment (comment text, e-mail address, link and IP). The search is intended to recognize clear contexts and classify spam. Experienced users can create their own filters, which Antispam Bee can use for spam detection. For this purpose, an interface has been created which accepts and processes further RegEx rules. An example from the Hooks documentation shows the methodology of the filter extension. Looks simple, but the option is very powerful and diverse: custom antispam rules that are adapted to the current type of spam can be determined at any time.
Restriction: for comments only
Hook: antispam_bee_patterns
Implementation: Antispam Bee 2.5.2
Look in the local spam database
Antispam Bee compares the URL, IP and email addresses of posted comments with locally available values of spam-marked comments – which are in the blog database. In plaintext: if the blog already contains a spam entry with an identical IP, URL or e-mail address, this attempt to comment is classified as a pest and treated accordingly (marked or deleted) depending on the settings. The option “Mark as spam, do not delete” should be activated for the increasing effectiveness of the option through a rich set of data of local spam. A larger amount of data automatically means a higher hit rate for incoming spam attempts within a WordPress blog.
Implementation: Antispam Bee 2.0
Block comments from specific countries
Antispam Bee is able to identify the country of origin of a comment by the IP address used. Based on this characteristic, remote comments and Trackbacks from fixed countries can be prevented (e.g. from Asia) or explicitly released (e.g. only European countries). The country filter is located just before the end of the long test routine, so it is treated with a low priority. If, therefore, a comment were to persists all protective measures, then at the end, this filter decides whether the element should pass as a valid comment or not. The function is a further, manually adjustable test method of the plugin. When the option is activated, two additional fields appear, which are the basis for the filter: blocklist & allow-list Either or: only one of the lists can be filled, a combination of both data sets is not possible. If the plugin option “not check trackbacks / pingbacks” is active in the MORE column, then Trackbacks are excluded from the country check. In the blocklist, double-digit country codes are to be specified in ISO format separated by a comma. Comments from these countries are blocked by the plugin, other countries are released. Example: CN, US – prevents all comments from China and the USA, the rest of the world has free (commentary) entry. The allowlist maintains country codes that have an exclusive permission to comment. Only visitors from these countries may leave comments and pings. Entries from the rest of the region are automatically classified as spam and treated. Example: DE, AT, CH as a value allowes Germany, Austria and Switzerland as commentator the only countries. The rest dies.
Data protection: To determine the geographical position of the user, Antispam Bee sends an anonymised (this means shortend) IP-Address to the online service IP2Country. Other data of the commentator is not send. This settings is optional and not part of the default settings.
Implementation: Antispam Bee 1.7
Allow comments only in certain language
Most spam attracts attention from its “unsuitable” language: English comments written in a German-language blog are usually unwanted advertising messages – depending on the target group of the blog there are certainly exceptions. This criterion uses Antispam Bee for spam detection and combat. After activating this option and choosing the desired language, the WordPress plugin ensures that comments are allowed only in selected language. Comments in other language variations are permanently classified as spam.
Data protection: To detect the language, Antispam Bee is using franc. It sends the comment to the service via HTTPS. Other data about the commentator (like IP or email address) are not send. This setting is optional and not part of the default setting.
Restriction: Only for comments
Implementation: Antispam Bee 2.0
Advanced
Mark as spam, do not delete
If this option is active, it marks any suspicious comment and trackback as spam. In the inactive state, Antispam Bee deletes any spam attempt without saving it in WordPress. When activated, additional fine adjustments are available to each plugin user, which are explained in the following.
Implementation: Antispam Bee 0.2
Notification by email
The blog administrator can be informed about incoming spam comments via e-mail. The e-mail contains comment-relevant data and further links. Since Antispam Bee 2.5.7, the filter antispam_bee_notification_subject
can be used to define a custom subject for notifications. Since Antispam Bee 2.8 the filter antispam_bee_notification_recipients
can be used to change, who receives this email.
Hooks: antispam_bee_notification_subject,antispam_bee_notification_recipients
Implementation: Antispam Bee 1.2
Not save the spam reason
By default, Antispam Bee saves the suspicion in comment metadata. Antispam Bee lists the calculated values in the separate tab column within the overview with spam comments. If this option is enabled, it prevents the suspicious reason from being stored and does not display the column in the spam overview.
Implementation: Antispam Bee 2.6.0
Delete existing spam after X days
Spam entrys, which are older than X days, are automatically removed from the spam overview by the plugin. This keeps the size of the database as small as necessary. If the “Look in the local spam database” option is active, it is again advantageous to have a larger amount of spam already detected.
Implementation: Antispam Bee 0.7
Limit approval to …
The active option paired with the selection box creates an exception for the selected type. Example: Limit approval to trackbacks deletes immediately suspicious comments, but dubious trackbacks are marked as spam and never deleted. In this example, comment-spam is always removed, suspicious trackbacks can be checked by the admin.
Implementation: Antispam Bee 0.9
Delete comments by spam reasons
The plugin created artificially comment form and which is filled by most spam bots recognizes nearly 99 percent of the total spam volume in WordPress blogs. The False Positive rate, on the other hand, equals zero. Why then keep such spam and be notified via e-mail? Does not have to be mandatory. Antispam Bee 2.4 brings an internal filter, which immediately deletes the detected spam depending on the reason (see below). In this way, the administrator can only keep spam entries with more error-prone causes (language, country limit etc.) in the comment area of the blog. For control or learning. For this purpose, the plugin provides a list of possible suspicious reasons to choose from. If a comment or trackback comes up with one of the reasons from this – user selected – list, the plugin removes the newcomer without hesitation. “Parasites”, which are classified for reasons other than spam, are marked by Antispam Bee and Antispam Bee will sent a suitable notification depending on the setting.
Implementation: Antispam Bee 2.4
More
Statistics on the dashboard
As an interactive dashboard widget in the administration area: A quick overview of the daily spam traffic is provided by the graphically prepared timeline of the last 30 days.
Implementation: Antispam Bee 1.9
Antispam Bee statistics on the dashboard
Spam counter on the dashboard
This option displays an additional line with the sum of the total detected spam comments on the dashboard. The number can be displayed in the current theme. To do this include the following code in the WordPress template at the desired location.
<a href="http://antispambee.de">Antispam Bee</a> spared the blog of <?php do_action('antispam_bee_count') ?> spam comments
Implementation: Antispam Bee 1.2
Do not check trackbacks / pingbacks
By default, all incoming ping and trackbacks are analyzed by the plugin and marked in case of suspicion. Enabling this option completely turns off the automatic check of incoming blog notifications.
Implementation: Antispam Bee 0.4
Comment form used outside of posts
The typical location of a comment form is the article page (posts or pages). Antispam Bee monitors in these places the comments on unwanted advertising. If the comment form is also integrated in other areas of the blog (e.g. archive pages), then this fact should be communicated to the plugin by activating the checkbox.
Implementation: Antispam Bee 1.3
Suspicion of spam detection
Antispam Bee distinguishes between various suspicious reasons. In short: For what reason was the current comment or trackback classified as spam? These reasons are communicated by the Antispam solution to bloggers by announcing the current suspicious reason in the notification mail and the notice [marked as spam by Antispam Bee] in the comment overview of the blog. These suspicious reasons are implemented and have the following meaning:
Identification | Meaning or function |
---|---|
Honeypot | Bot entered data into the hidden (honeypot) comment field |
Comment time | Comment was submitted too quickly (default threshold is 5 seconds) |
Empty Data | Comment was empty or had incomplete values |
Fake IP | Commenter’s IP address was not valid |
Local DB Spam | Commenter’s IP address or email matches one already marked as spam |
Country check | Comment was submitted from one of the blocked countries |
BBCode | Comment contains BBCode tags |
RegExp | Comment matches one of the regular expression filters |
Comment Language | Comment was not in the language allowlist |
Log file for Fail2Ban
The plugin is able to log spam detected in a log file. This can be very useful to detect spam requests by Fail2Ban at the server level. For this purpose, a filter file can be used for the Fail2Ban configuration. Simple commissioning of the function: Activate the logging for Antispam Bee in the WordPress configuration file wp-config.php by assigning the constant ANTISPAM_BEE_LOG_FILE to the server path to the logfile. The file must be writable.
Example: define('ANTISPAM_BEE_LOG_FILE', '/var/log/spam.log');
Implementation: Antispam Bee 2.5.7
Tips and Tricks
We recommend not to delete spam detected by Antispam Bee immediately but to keep it in the WordPress database – the plugin option “Mark detected spam, do not delete” is responsible for this. The reason: If the function “Include local spam database” is activated, Antispam Bee considers already detected spam comments.
But depending on the size of the WordPress project, the database will fill up quickly – exaggeratedly expressed 😉 Although the plugin can automatically clean the database after X days and delete older entries, there is a way to get along with a much smaller stock of suspicious comment entries. And that is:
Activate the plugin option “Delete immediately for defined spam reasons” and select “Honeypot” there. Save settings.
From now on Antispam Bee will delete every spam comment that has filled in the invisible input field – this is 100% a spam bot. You don’t need to save such comments in WordPress, because bots of this kind use the same technique over and over again to post the comment and Antispam Bee reliably detects them without having to access the local inventory.
After the change Antispam Bee really only keeps spam comments that have been “noticed” by other filtering techniques. The number of local spam comments is thus reduced many times over, without compromising the antispam protection.
FAQs
The online manual didn’t answer all the questions? Perhaps the following answers to the frequently asked questions could help.
Does Antispam Bee prevents spam registrations or protects form plugins?
Antispam Bee works best with default WordPress comments. It does not help to protect form plugins and does not prevent spam registrations. Hopefully we can provide better hooks for third party plugins to use Antispam Bee to fill this gap in the forthcoming new major version.
Does Antispam Bee work with Jetpack, Disqus Comments and other comment plugins?
Antispam Bee works best with default WordPress comments. It is not compatible with Jetpack or Disqus Comments as those plugins load the comment form within an iframe. Thus Antispam Bee can not access the comment form directly.
Whether Antispam Bee works with a comment form submitted via AJAX depends on how the AJAX request is made. If the request goes to the file that usually also receives the comments, ASB could work with it out of the box (the WP Ajaxify Comments plugin does this, for example).
If the comments are sent to the admin-ajax.php
, the antispam_bee_disallow_ajax_calls
filter must be used to run ASB for requests to that file as well. If the script does not send all form data to the file, but only some selected ones, further customization is probably necessary, as exemplified in this post by Torsten Landsiedel (in german).
Does Antispam Bee store any private user data, and is it compliant with GDPR?
Antispam Bee is developed in Europe. You might have heard we can be a bit nitpicky over here when it comes to privacy. The plugin does not save private user data and is 100% compliant with GDPR.
Will I have to edit any theme templates to get Antispam Bee to work?
No, the plugin works as is. You may want to configure your favorite settings, though.
Does Antispam Bee work with shortened IPs?
Generally yes. However, commissioning the Antispam Bee plugin for canceled or shortened IP addresses in comment metadata is not recommended. Because the name and the e-mail address of the comments are not unique, an IP address is the only reliable measure. The more complete the stored IP addresses, the more reliable the assignment or detection of spam.
How can I submit undetected spam?
If the plugin has passed some spam comments, these comments can be reported for analysis. A Google table was created for this purpose.
How do I find out the country code of a Spam comment?
Antispam Bee has got an action implemented which determines the country of origin of a received comment. This value can be used to block or allow selected countries. One speaks from Black-and White lists. These lists are provided with ISO codes of the countries which the administrator releases or locks. The service MaxMind provides information relevant to any IP address (input field in the middle of the web page). This includes the double-digit country code at the beginning of the table. The commentator’s IP is located in WordPress within the comment overview and in the e-mail notification.
Antispam Bee with Varnish?
If WordPress is operated with Apache + Varnish, the actual IP address of the visitors does not appear in WordPress. Accordingly the Antispam-Plugin lacks the base for the correct functionality. An adaptation in the Varnish configuration file /etc/varnish/default.vcl
provides a remedy and forwards the original (not from Apache) IP address in the HTTP header X-Forwarded-For: if (req.restarts == 0) {
set req.http.X-Forwarded-For = client.ip;
}
Are there some paid services or limitations?
No, Antispam Bee is free forever, for both private and commercial projects. You can use it on as many sites as you want. There is no limitation to the number of sites you use the plugin on.
Hooks
Hooks allow to the user to extend the functional extent of a WordPress-Plugins. The following Hooks are deposited in Antispam Bee and can be addressed or controlled via code:
antispam_bee_patterns
Extension of RegExp rules or regular expressions. This allows you to specify custom antispam rules that are adapted to the current type of spam at any time. Conclusion: Faster response with less spam. Nevertheless, we would be glad if you report this spam or if you pull the extension here on the GitHub repository.
Type: Array
Example:
function antispam_bee_patterns() {
add_filter( 'antispam_bee_patterns', 'antispam_bee_add_custom_patterns' );
}
add_action( 'init', 'antispam_bee_patterns' );
// Determine individual filters (author, host, body, ip, email). Separate multiple regular expressions with |
function antispam_bee_add_custom_patterns($patterns) {
// Autoren filtern
$patterns[] = array(
'author' => 'Autor1|Autor2|Autor3'
);
// Filter URL (example filters example.de.cool and example.de with and without www.)
$patterns[] = array(
'host' => '^(www\.)?example\.de\.cool$|^(www\.)?example\.de$'
);
// Filter comment content (example treats 3 or more links in the comment as spam)
$patterns[] = array(
'body' => '(.*(http|https|ftp|ftps)\:\/\/){3,}'
);
// Filter IP address (example filters 192.168.XXX.XXX)
$patterns[] = array(
'ip' => '^(192\.)(168\.)(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.)([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'
);
// Filter e-mail address (example treats .xx or .xxx as spam)
$patterns[] = array(
'email' => '(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.(xx|xxx)+$)'
);
return $patterns;
}
antispam_bee_notification_recipients
Define, who receives the notification email
Type: Array
Add another recipient:
function add_email_recipients( $recipients ) {
$recipients[] = 'add_another@recipient.com';
return $recipients;
}
add_filter( 'antispam_bee_notification_recipients', 'add_email_recipients' );
Define new recipients:
function new_email_recipients( $old_recipients ) {
$new_recipients = array('new@recipient.com');
return $new_recipients;
}
add_filter( 'antispam_bee_notification_recipients', 'new_email_recipients' );
antispam_bee_notification_subject
With this plugin filter the subject of the notification mails can be defined according to your own wishes.
Type: String
ab_get_allowed_translate_languages
This filter can be used to change the languages in the dropdown for the feature Allow comments only in certain language.
Since: Antispam Bee 2.7.1
Type: Array
Example: Add Afrikaans to the list of languages
add_filter( 'ab_get_allowed_translate_languages', function( $languages ) {
$languages['af'] = 'Afrikaans';
return $languages;
});
All supported languages can be found on this Google support page.
antispam_bee_disallow_ajax_calls
This filter can be used to make the Antispam Bee internals also run for requests against the admin-ajax.php
file. By default, Antispam Bee does not run when such a request is made.
Since: Antispam Bee 2.9.4
Type: Boolean
Example: Run Antispam Bee for admin-axax.php
requests
add_filter( 'antispam_bee_disallow_ajax_calls', '__return_false' );