– Yet Another WordPress Anti Spam Plugin –
Anmerkung: diese Seite gibt es auch in Deutsch.
Yawasp has a successor: NoSpamNX!
1. Functionality
2. Installation
3. Versions
4. Details
5. Translation/Feedback
6. Download
7. Donate
1. Functionality
Most anti-comment-spambot-plugins focus on user interaction, e.g. captcha or math comment spam protection. Yawasp focuses on handling comment-spam-protection within WordPress. It replaces the names of the comment form fields with random names, protecting your blog from spambots that aim at the default comment field names. Furthermore it adds a blank field, hidden from the user, that needs to be left empty. In addition, the random field names are changed every 24 hours, giving a spambot no chance to adapt to the comment form.
Now the user must no longer fill out any additional fields in the comment form, and you can focus on blogging and your readers comments.
Yawasp is a real lightweight. It does not need JavaScript, Cookies or Sessions, but still is very effective.
2. Installation
For installation Yawasp you have to make some changes to you comments.php. As of version 2.0 this changes can be made automaticly by the plugin. Go to Settings -> Yawasp -> Modify template. If automaticly changeing your template fails, you have to manuely adjust your comments.php.
Before installation it is advisable to backup your comments.php found in your wp-content/themes/THEME-NAME folder.
First unzip and then upload the complete yawasp folder to your wp-content/plugins WordPress directory. Go to your WordPress adminarea and activate the plugin under “Plugins”. Open comments.php(found in your wp-content/themes/THEME-NAME folder) and make the following changes.
First, add a blank field, invisible to the user.
Look for your comment form. It should look something like
Add right after the following code
Now you need to change the names of the comment fields. You can recognize them by:
You have to change the fields for author, email, url and comment.
-> Field author – Search for
Replace with
-> Field email – Search for
Replace with
-> Field url – Search for
Replace with
->Field comment – Search for
Replace with
Done.
You will find a counter on the dashboard, showing you how many Spambots have been blocked.
As of Version 3.0 you can display the YAWASP Statistic on your Sidebar. Just add
to your Sidebar. Unfortunatly, their is no Widget for this Function.
- Fixed minor bug when using ip check
Version 3.1
- Fixed bug when comparing versions
- Counter and table will not be removed when re-activating Plugin
- Updated language file
- Added Italian translation
Version 3.0
- Added compatibility to WordPress 2.7
- Added function to mark catched Spambots as ‘Spam’ or put in moderation queue
- Added additional options for blocking catched spambots 1 hour, 24 hours or indefinitely
- Added function to enable or disable checks if user is logged in
- Plugin requires now at least WordPress 2.6
- Updated language file
- Updated FAQ
- Updated readme file
Version 2.5
- Minor code changes
Version 2.4
- Fixed Bug when using WP 2.6
Version 2.3
- Fixed syntax error
Version 2.2
- Fixed bug when saving log and IP-Block is disabled
Version 2.1
- Fixed links in WP-Admin
Version 2.0
- Comment template can now be changed automaticly
- Added option for checking and saving the IP of blocked Spambots
- Updated language file
Version 1.11
- Added option to reset counter
- Updated language file
Version 1.10
- Updated settings page
- Updated language file
Version 1.9
- Added page for settings
- Changed counter
- Changed constant names for better compatibility
- Updated language file
Version 1.8
- Using CSS for blank field
Version 1.7
- Using PLUGINDIR instead of hardcoding wp-plugin dir
Version 1.6
- Empty author or comment field is checked when in wp-comments-post.php
- Code improvement
Version 1.5beta
- Using md5 instead of sha1 for hashing
- Counter now increases when default comment field is submitted
- Added German translation
Version 1.4beta
- Fixed bug when uploading a picture
- Counter is now displayed in dashboard
- Minor code improvement
Version 1.3beta
- Existence of blank field is checked
- Changed blank field
- Minor code improvement
- Added counter
Version 1.2beta
- Plugin settings are deleted upon deactivation of plugin
- Names of comment fields are changed every 24 hours
Version 1.1beta
- Changed access to blank field
Version 1.0beta
- Initial version
4. Details
The plugin does not block track- and pingback spam.
5. Translation/Feedback
The plugin contains German and Englisch language support. Even though there are only three lines to translate, I’m glad to add more languages. The .po file is included in the plugin and need to be translated accordingly. Send the new translation to yawasp AT svenkubiak DOT de. This address is perfect for any feedback. Of couse, you can use the comment function on this page as well.
Es ist richtig, dass die Einstellungen...
In your instructions at , you say to look for this line:
<form id=”commentform” action=”/wp-comments-post.php” method=”post”>
However, with Wordpress 2.5.1’s default theme, the line is slightly different:
<form action=”/wp-comments-post.php” method=”post” id=”commentform”>
Other than that, configuring the plugin is exceedingly easy and has already blocked several spams.
Thank you!
-Pete
@Pete
Yes, the
where do i add the line “” in wp 2.5.1?
I tried adding after this line “<form action=”/wp-comments-post.php” method=”post” id=”form”>” but it doesn’t work.
After posting, it shows me wp-comments-posting.php empty screen.
@abubin
Did you try to automaticly change your comments.php?
@kubi sagt
At first, I tried automatically change comments.php but error came out and ask me to manually change it.
@abubin
Which error message?
@kubi
Error message is “Failed to change your comments.php. Please change manuelly”.
Any idea?
maybe it’s due to the theme that i am using is a modified comments.php?
I am using corporateid theme.
http://freewordpresslayouts.com/?p=29
@abubin
I just wanted to make sure, that the message came from the plugin.
Okay, so you changed all your comment fields and adding the extrafield after …form… does not work?
@abubin
changing your template manualy should work in all themes. i would suggest to undo all changes and try again following the exact steps mentioned above.
Thank you for making this simple, but wonderful plugin.
My blog spam is now almost zero, and now I can discover the false positives made by Akismet.
-Rolf
Using WP2.6.1 and your plug (2.5).
I did all the changes manually and whenever I try to post I get an error message saying “commment field cannot be empty” even though I have filled in the comment field.
is the original code.
<textarea name=”" id=”comment” cols=”100%” rows=”10″ tabindex=”4″>
is the code I have modified to per your instruction.
Help me out here.
@James
I guess that are fields are not set up correctly. If you give me the link to your blog i will look over it.
Is there a way to check the comments that have been spammed?
@KJ
Maybe in a future version, but not at the moment.
I am trying to put YAWASP onto my blog at http://atmac.org/ but having trouble. I implemented the fields manually as per these instructions and I can’t see any errors but whenever I enable YAWASP and try to post a test comment I am taken to the “you are a spambot” page! I have disabled the YAWASP plugin but the comments.php is still altered – could you see if you could find my mistake?
I also use the CommentLuv plugin and Subscribe to Comments – could these conflict?
Thanks,
Ricky
@Ricky
If WordPress is still suggesting that you are a spambot when posting a comment, then there is possible something wrong with the modified comment template.
Hi!
I’m using your plugin since months, and it’s very good, I have no spam since starting to use it
But it’s breaking my xhtml validation, because Yawasp duplicates the id=”author”. It outputs this at line 501 of the yawasp.php file.
An ID cant be defined twice!
I have removed this from my copy of yawasp, but would be nice if you fix this in the next release of Yawasp.
Best regards!
@Samuel
For Yawasp to work as good as it does, we need to have a “blank” form field that looks just real one. If i remove the id of the “blank” form field, a bot could simple look at the ids an discard the blank one, making him able to post a valid comment.
I know that it breaks xhtml validation, but i rather have 1 error than 100+ comments to moderate
Hi,
I’m using your Yawasp plugin, and it seems pretty cool. However, I
just installed a new theme (and made Yawasp rewrite comments.php
afterwards). Now it seems the blank field isn’t included in the XHTML
source, even though the correct PHP tags are there. This is what the
comments form looks like before PHP parsing:
<form action=”/wp-comments-post.php” method=”post” id=”commentform”>
This is how it comes out (http://jkb.name/5):
(Where’s the hidden field?)
The result when you post the form is that you get an error message
saying you’re a spambot.
I’m using WordPress 2.6.3 and the Fresh Editorial theme
(http://wordpress.org/extend/themes/fresh-editorial).
Do you have any idea what the problem is?
Thanks
Hi,
I’m using your Yawasp plugin, and it seems pretty cool. However, I
just installed a new theme (and made Yawasp rewrite comments.php
afterwards). Now it seems the blank field isn’t included in the XHTML
source, even though the correct PHP tags are there. This is what the
comments form looks like before PHP parsing:
<form action=”/wp-comments-post.php” method=”post” id=”commentform”>
<?php if (class_exists(‘Yawasp’)) { Yawasp::getName(‘blank’); } ?<
This is how it comes out (http://jkb.name/5):
(Where’s the hidden field?)
The result when you post the form is that you get an error message
saying you’re a spambot.
I’m using WordPress 2.6.3 and the Fresh Editorial theme
(http://wordpress.org/extend/themes/fresh-editorial).
Do you have any idea what the problem is?
Thanks
Sorry about the double post (the PHP code disappeared in the first post).
The wrong end-PHP tag (“?”) in my comments.php.
Damn, everything I write seems to disappear! Anyway, please check http://jkb.name/5 to see the problem.
@Jonas
Your comments went in moderation … so no worries
Undo the changes in you comments.php and change them manually. There seems to be something went wrong when Yawasp changed the comments.php automatic.
Hi Kubi,
Thanks for your plugin. I have a Dutch translation for you. Let me know where I can send it!
Regards,
Patricia
Sorry – did read the instructions above carefully enough. Translation is in the mail.
Congratulations on the great plugin. Works like a charm.
BTW, should we expect any incompatibilities with the upcoming WP 2.7?
@sergey
I will release Yawasp 3.0 when WP 2.7 is out. Yawasp 3.0 has been tested with WP 2.7.
Thank you, Sven. Glad to hear it.
Hi,kubi. I have the same problem with James. After I change name=”comment” in , I got an error message saying “commment field cannot be empty” when I post a comment… My theme is the deFusion.
@Dondald
Check your changes in the comments.php, there is most probably something something wrong.
@kubi,I checked again, and I found this plugin cannot work with the Wordpress Thread Comments Plugin.
Hi kubi!
Nice to see that you have added to v.3.0 an option for make Yawasp form HTML valid.
But, I honestly think that would be much better to replace the “leave blank” option with an option to specify the name for the field.
This way, the user can choose to leave it blank or giving a different name to the field ID.
Anyway, thanks a lot for adding this option!
Sorry, but I really don’t understand.
I’ve just installed the plugin, and yes, the input names changes. But… what I really don’t understand is why can’t a bot learn the ‘code’. All the IDs start with author-, url- and email-code… I think that’s really simple to avoid this protection. And the hidden input came always first. And don’t have tabindex.
Now, you see, it’s really simple to avoid this protection.
- Can’t you just write the code (as I thought you was doing, before to see the html code of the page) *without* the tag “author”, “email” and “url”?
- Can’t you add the tabindex also to the dont-fill-input?
- Can’t you set a random name for the style “catenasirpowotyp” that belongs to the input to avoid to be filled? (the browser could get the css via a php script)
So… like you see… all these problems will let the bot easily learn how to avoid this protection… and make it useless.
Let me know if you do something about it (via email plz).
Regards, Alessio
@BiGAlex
I never said that a bot (or more specific a bot author) could never learn to ‘learn’ the code. The Release 3.x was a trade off between usability and protection, with a little bit more focus on usability.
- I added the default-tags to the default-fields, because many users complained about their browser auto-fill not working any more. Additionally handicap people most screenreaders, which use screenreaders couldn’t find what the fields mean. But, i might change this back if spambots can handle this.
- The blank field *never* had a tabindex – fell free to add one
- As for the stylesheets for the hidden-field, i though of a random name for the name of the sheet, but did not implement it, because the protection works as it is.
But, feel free to adjust the code anyway you want it
As for me, and a lot of other WordPress Users right now, YAWASP is working quiet good.
Hey, sorry I don’t speak German or whatever you guys are printing in here. I just wanted to say thank you for your Yawasp plug-in for the thank a plug-in day that Matt is promoting. Your plug-in saved my life. I didn’t want to add captcha to my site, but I was drowning in hundreds of spam comments every day. Your plug-in, once I actually read how to install it correctly, took all that away and I can concentrate on my blog and not be a policeman all the time. In the little while I’ve had your plug-in installed it has stopped over 10,000 spam comments to my site. Thank you from the bottom of my heart!
@Joshua
Thanks, appreciate it!
I wanted to say first thank you for a great plugin.
My point of posting here is to bring to attention the conflict with another popular plugin, OpenID.
http://wordpress.org/extend/plugins/openid/
I’m hearing from people that when a user uses the Website form field on my comment form, which is supposed to be the OpenID field, instead of the normal fields. They are caught, and presumed a spambot.
The only other plugin I have for spam is Akismet, but this problem I’m sure wasn’t happening until I activated Yawasp.
I understand this is a plugin conflict, but I was wandering if there could be a solution to this? Your thoughts?
Thanks,
Jim
@jimisaacs
This happens most probably because the plugin chagens the name of the author field.
I’m running WordPress 2.7.1 and I’m having no luck with this plugin. If I set it to “block” site visitors are unable to leave a comment without being told they are spam. If I set it to moderate, it is just like before I installed it.
@Thomas Waters
Yawasp is outdated. Try the successor “NoSpamNX”.