Rah's Comment Spam

Rah_comment_spam provides customizable anti-spam tools for Textpattern’s comment system. Set minimum and maximum message length, filter spam words, validate email addresses, limit posting activity and set hidden spam traps. All from simple admin-side graphical user interface, no head first dive to code.


Version 0.7 Nov 03, 2011
Other versions...

A cup of coffee
via PayPal

List of features

  • Set comment message length limitations: minimum and maximum, words and characters.
  • Limit link posting.
  • Define spam words, and set the limit how many spam words are needed until comment becomes spam.
  • Show customizable error messages when comment is blocked.
  • Set a custom hidden spam trap field.
  • Change the spam protection method.
  • Set quotas, limit users’ comment posting activity.
  • Integrates with Textpattern’s native preferences panel; no diving into code needed at all.


Rah_comment_spam’s minimum requirements:

  • PHP 5 or newer
  • Textpattern 4.2.0 or newer.


  • Textpattern 4.4.1 or newer.


  1. Navigate to your Textpattern installation’s Plugins panel (Textpattern / Admin / Plugins).
  2. Copy and paste rah_comment_spam’s plugin package code to the plugin installer textarea and run the automated setup.
  3. After the setup is completed, activate the plugin and you’re set.
  4. You can customize the plugin’s settings in Preferences panel’s comment section (Textpattern / Admin / Preferences).


Once the plugin is installed, you can find set of new preferences in your Textpattern installation’s Preferences panel. To configure rah_comment_spam’s preferences navigate to Admin/Preferences and take a look at the Comments section. If you have commenting disabled on your site, you will have to toggle the Enable comments option to see the section.


Looking at the Preference’s panel’s Comments section, you should see set of options that weren’t there before. Those are the options that the plugin offers. In total, there should be around 18 new toggle-able items. The offered plugin’s options are as follows.

What to do comments detected as spam?
The option sets the action that is taken towards to comments flagged as a spam. There are three options you can choose from. The default option is Save to moderation queue which saves the comments to moderation queue. The detected comments won’t be visible to public, but are saved to moderation queue, and can be manually confirmed. The second option Ignore, do not save blocks the comments. The comments won’t be saved and the user is greeted with the message set in Message displayed to the user when the comment was blocked option. The third and last option Save and flag as spam saves the detected comment to the database as spam.

Message displayed to the user when the comment was blocked
Sets the message that is shown to users when their comment is blocked by the filters. The message is only used when the protection method above is set to Ignore, do not save. With others, Textpattern’s build in language strings are used.

List of spam words
Sets words/terms that are considered as something that spam would contain. Separate multiple words with commas (,). Used words are incase-sensitive. Example value: viagra, wares, wowgold.

Search spam words from following fields
Sets which fields are filtered for spam words. Use comma-separated list of field names. Available values are name, email, web and message. Default option is name, email, web, message.

Maximum number of spam words until the comment is considered as spam
Sets the maximum number of spam words a comment can have until it’s considered as spam. The lower the number, the stricter the filter is. Recommended value is between 2 to 10.

Number of allowed URLs
Option sets comment message’s URL limit. If a comment contains more URLs than the options allows, the comment is considered as spam.

Minimum number of words
Required minimum length of comment message in words. Shorter messages are considered as spam. Recommended value is 1 to 3.

Maximum number of words
Maximum length of comment message in words. Longer messages are considered as spam. Note that message’s total size is limited to 65535 bytes (equals to around 65535 ASCII characters).

Minimum number of characters
Required minimum length of comment in characters. Shorter messages are considers as spam. Recommended setting is 1 to 10.

Maximum number of characters
Maximum length of comment in characters. Longer messages are considers as spam. Note that message’s total size is limited to 65535 bytes. Valid values range from 0 to 65535 (equals to around 65535 ASCII characters).

Name of hidden spam trap field
If set, hidden spam trap field is added to the comment form. The field will be hidden with CSS, and if the field is filled, the comment is considered as spam. Default value is phone. Empty the field to disable the spam trap.

Use quotas, limit users’ comment posting activity?
If set to Yes, users comment posting activity is limited. Comments going over the quota are considered as spam. Users are identified by IP addresses.

Users’ comment quota limit
Sets the user’s quota limit. Default is ten (10) comments per user.

Count users’ comments towards quota in
Sets which comments in which articles are counted towards the quota limit. By default user’s comments in any article are taken into count. Available settings are In all articles, counts comments site-wide, and In current article which counts only comments in the current article the new comment is being posted to.

Quota resets every number of seconds
Sets the timespan used in the activity limiting. Comments older than this are not counted towards the quota limit. The time is set in seconds. For example setting the option to 600, would count an user’s comments from the last ten minutes, and if the number goes over the quota, then the comment is considered as spam.

Check email’s DNS records?
If set Yes, email address’ DNS records are checked. If the domain is found to be non-existent, the comment is considered as spam. The feature requires checkdnsrr() function and the server must be allowed to make outgoing connections.

Check the time user spent writing the comment?
Makes sure that the user spent set amount of time writing the comment. Instant posters will be treated as spammers. Usually it’s recommended to keep this feature disabled. It can accidentally block fast writers if the required time is set to too high, but it can also successfully block spam bots which might try to post comments instantly, without interacting with the comment form. The time is counted from the initial article page load to the comment’s submitting.

Minimum time required to be spent writing a comment?
Sets the required interaction time in seconds. Default is 5. Higher values are not recommended usability-wise. If you set the value higher than 5 seconds, consider adding JavaScript based counter to the comment form that informs the users how much they have to wait. For counters I recommend checking out jQuery’s plugin repository.


Version 0.7

  • Fixed: Update cached version number after running the installer.
  • Updated help file.

Version 0.6

  • Fixed: Comment quota limit’s In current article option. Previously counting didn’t work when the in current article option was selected.
  • Added: language string support. The interface now is translatable using Textpacks.
  • Added: option to freely add any field to the list of that are checked for spam words. Used fields need to be defined in getComment().
  • Improved: UTF-8 compatibility. The plugin now uses multibyte safe methods when possible.
  • Changed: Migrated the preferences from own admin-interface and database table, to Textpattern’s native preferences panel. Preferences are now located at Admin/Preferences, in the Comments group.
  • Changed: For new installations protection method now defaults to moderate instead of blocking.
  • Changed: For new installations, default message length limits have been increased, and the example spam words have been removed.
  • Now requires PHP5 or newer. PHP version 5.3 or newer is recommended. PHP 4 support has been dropped.
  • For full feature compatibility Textpattern version 4.2.0 or newer is required. Textpattern v4.4.1 or newer is recommended.

Version 0.5

  • Added option to check the time the user used to write the comment and block instant posters. As discussed here.
  • Removed unused HTML field ids and sizes from the backend pane.

Version 0.4

  • Added: now also filters https://, ftp:// and ftps:// protocols, not just links starting with http://.
  • Changed posting limit feature’s maximum post setting from “more than” to “equals or more than”. Setting the value to zero/or leaving it empty will disable the feature.
  • Changed filtering method from and to or. This means, when the comment gets flagged by a filter for the first time, the spam filtering process ends instead going thru all the checks which are no longer needed. Gives slight performance boost.
  • From version 0.4 onwards requires TXP 4.0.7 or newer.
  • Now posting limits are counted barely by MySQL. No involment of PHP.
  • Merged rah_comment_spam_urlcount() and rah_comment_spam_spamwords().
  • Now admin panel uses same type of sliding panels as seen in rah_sitemap.

Version 0.3

  • Added email DNS validation.

Version 0.2.1

  • Made writing spam definition list less strict. Now allows double commas, spaces and so on. Thanks Robert.

Version 0.2

  • Added user based time relative posting limit.
  • Fixed hidden spam trap input’s escaping.
  • Improved comment posting evaluating speed.
  • Merged install, save, update and fetch arrays.
  • Improved installation script.
  • Merged SQL queries.

Version 0.1.3

  • Fixed forgotten strtolower().

Version 0.1.2

  • Removed typo from admin panel: “Documention” to “Documentation”.

Version 0.1

  • First release.