How WordPress Comments Cooldown Works

The most common sort of WordPress Comment SPAM is posted by (ro)bots. They're automated and usually hard to stop.

Shield has strong defenses against Bot SPAM, but the challenge that we then face is how to stop SPAM from humans - since they bypass the protections we have against bots.

One of Shield's newer features is a Comments Cooldown system, similar to our login cooldown.

It works in much the same way, but there are a few differences.

The Principle Of A Cooldown System

A cooldown system basically says that a comment can only be posted to the site if enough time has elapsed since the previous request to post a comment to the site.

For example, if you set the cooldown to be 30 seconds (Shield's default), then Shield will mark any new comments to the site as SPAM if less than 30s have passed since the last time it was checked.

As you can see, this can have a huge impact on the number of comments that may be posted to a site.

Rules Of The Cooldown System

Cooldown Is Site Wide

Currently the cooldown timer is site-wide. There is no cooldown for individual visitors. This means you must make a judgement call on what is a good cooldown interval depending on how active your comments sections are, as you wouldn't want to penalise legitimate commenters on busy sites.

Cooldown Is For Humans Only

If a visitor posting a comment is identified as a bot, the cooldown doesn't apply to them. Also, the cooldown timer isn't updated if a bot posts a comment, as we want to reduce the likelihood that legitimate visitors get flagged as posting SPAM.

Human SPAM Detection Must Be Enabled

For the cooldown setting to work, the Human SPAM Detection option must be enabled, and the cooldown interval must be any value greater than Zero.

Example

You have comment cooldown set to default 30 and SPAM Action to "Move To Pending Moderation".

If a commenter tries to submit multiple comments within the 30 seconds period of time, the cooldown will be triggered and the comment will be blocked and moved the the pending moderation. Commenter will see a warning:

You can review the comment on your Comment section ("Pending") of your WordPress dashboard:

The commenter will trigger the Shield's offense and the all activities can be seen in your WP Activity Log.

To get more effective tips on stopping Comment SPAM on your WordPress site, read this article here.