So can anyone give me pointers or recommendations on which anti-spam plugins for comments I can go with?
I don’t use this plugin myself but it seems from this document page:
I’ve been starting to look at this recently - I’m a long established user of Kismet (I know, don’t say it!) but I’m trying to find an alternative, seems CleanTalk might be a good alternative. I’d be interested to know if you go ahead and also if anyone else has recommendations on good (or bad) alternatives.
Thank you for letting me know about the Set Cookies option. So CleanTalk stores session cookie in visitor’s browser and that reminded me of the “Form Spammer Trap for Comments” plugin. For the “Use alternative mechanism for cookies,” it seems the plugin would either use AJAX or WordPress/ClassicPress REST API in order for the plugin to work.
However, I did do some research regarding session cookies. According to the web page, session cookies are exempt from EU cookie laws.
GDPR provides exemptions for some cookies. Security and anti-spam cookies should fall under that category. My go to source for GDPR is Iubenda, which is what I use for privacy and cookie solutions. They have a good explanation with examples about this:
Why is this happening? I do not want to add a wp_head() in my header.php file because I do not want to give out any more information such as ClassicPress version number and plugin version numbers. Of course, bots can find version numbers in readme.* files in which I can delete them from my VPS server. Yes, security through obscurity is a bad thing, but hardening my website is all I can do.
Update: I have reviewed the output of HTML within the comment form section of my ClassicPress site and unfortunately, Content Security Policy does not allow embedded scripts and inline styles.
Should I simply disable Content Security Policy entirely? (shrug) It seems like I need to have more control over comment_form() and wp_head()… Since I have experience with building my own custom theme and I have written my own custom blogging engine before I switched to ClassicPress, I do not want to trade security for convenience.
I do not know if it’s possible to write a petition regarding whether to list ClassicPress plugins as Content Security Policy-friendly or not. Is that even possible?
One of the plugin called AntiSpam Bee adds a second textarea and uses inline style to position the textarea off-center using absolute positioning instead of specifying a class name so that I can handle the styling myself. Honeypot for WP Comments is CSP-friendly.
And looks like one of the spambots fell for the honeypot!
Seems like a much better alternative to CleanTalk!
(Grayson checks the pricing…)
Hmm… Maybe a localized version of anti-spam commenting plugin might work? That kind of reminded me of SpamAssassin for Postfix (email).
Anyway, I’ll just deal with deleting spam comments. Time is not money anyway. Plus, I get only a few traffic going to my website anyway.