Today, I upgraded WordPress to version 2.8.3. I upgrade immediately when a new version is available. And these days, I don’t even test this. I really like WordPress as it is one of the most decent, new-technology, web 2.0 driven, extensible blog I’ve ever seen. The upgrade goes automatically. And it works like a charm.
Well, almost.
People started to complain that they couldn’t post any comments to my blog anymore. They got the notice of SpamBam that spam comments were not allowed and JavaScript should be enabled. But users are definitely NOT spambots and JavaScript was enabled, so I started a search.
SpamBam uses a random key to determine whether the posted key was the same as the previously generated one. This key was regenerated after posting the comment. I assume that WordPress now calls the do_action(‘comment_form’… not only when generating the page, but while posting the comment as well. And there’s the problem. SpamBam registers the generation of the key in the comment_form action, so the key is regenerated so that it doesn’t match the key on the blog page anymore.
Since I didn’t immediately find a solution for this and since SpamBam isn’t updated since ages, I started to search for another anti-spam plugin that doesn’t work with captcha‘s (extremely annoying and not working after all) and is really reliable… I found WP-SpamFree which seems to use about the same technology as SpamBam, but a little more sophisticated and it was updated only recently. It feels more solid and commenting now works again.
I now enabled a logging feature to see how many spam comments are blocked, just to see whether it is actually working. And ehm… hopefully I don’t end up in receiving spam comments again. But I doubt it.