On page 1 and 2 of this blog post I explained the core features of Comment Redlist and how they work. Now I’ll discuss all of the settings in detail.
The “Redlisted Sequences” Option
When a comment contains any of the character sequences you specify, whether in it’s comment body, name field, website field, or e-mail field, it will NOT be marked as spam. Instead it will be blocked, and not appear in your pending comments, spam comments, or trash. It will not be inserted into your database! Put one character sequence per line. Sequences will match inside words, so “ass” would match “bass”.
The “Redlisted IP Addresses” Option
Any requests from IP Addresses listed are totally blocked. Blocking at the server level is preferred, but this may be your only option. Put one IP address per line. Make sure not to block your own IP Address!
The “Log Blocked Comments” Option
If you need to prove to yourself that Comment Redlist is working, you can enable the logging option. The content of each blocked comment is written to a new file in the plugin’s comment_log directory. The directory must have the correct write permissions in order for this to happen. If you don’t know how to do this safely, then logging is probably not for you.
The “Use JS Alerts” Option
Enabled by default, Comment Redlist will warn people that their comment contains one of the redlisted character sequences. It uses jQuery, which is also loaded by default.
The “Load jQuery” Option
Enabled by default, Comment Redlist’s JS Alerts need jQuery in order to function correctly. This option allows you to stop that from happening. I added this field because I hard code the loading of jQuery in one of my blogs, and there’d be no need to load it twice. Yes, hard coding is not proper for themes that are used by many people, but when you have a proprietary theme, you can do whatever you want.
The “Use die() …” Option
By default WordPress will give an error message to somebody that posts a comment that Comment Redlist determines to be spam. By enabling this option, we can use PHP’s die() function instead. Spammers will then not see an error message, and instead see an unfriendly blank white screen.
The “Use Form Tokens” Option
” Form tokens don’t work on blogs that use caching. “
Form tokens ensure comment legitimacy through PHP’s session cookies. Links in the document <head> may need to be removed. Make sure to test comment submission after enabling form tokens.
The “Remove WP Links …” Option
Because of the way form tokens work, if you enable form tokens and find that ALL comments are blocked, try enabling the option to remove WP links. It’s a little technical to describe why you may need to do this, but just give it a shot if you want to use form tokens and all comments are being blocked.
The “Character Restriction” Option
Comment Redlist can block all comments that include foreign language characters, or can be set to a custom regular expression. I don’t know about you, but I only read English, and a lot of Chinese and Russian comments are posted to my blogs. Setting this option to “US Keyboard Only” blocks all comments that contain characters that are not on a US Keyboard. On my blogs I take it a step further, and disallow greater than or less than signs, and that choice is available for you. A last choice allows you to use a custom regular expression, and shows an example of what the regular expression should look like. The Character Restriction option doesn’t block a lot of spam on my blogs, but at least a few each day.
The “Remove & Block Website Field” Option
The last option for blocking bots is a bit of a trap. I don’t want people posting comments with their website URL, so I remove the field from my comment form, but many bots will still try to submit comments with that field filled in. This is an easy way to detect a comment as spam. If you use this Comment Redlist option, any comment submitted with a Website field will be blocked.