Over the years we've tried numerous approaches to mitigating spam. By spam we mean bogus comments left on posts, or blatent attempts to circumvent basic security questions that most bots won't be able to answer.

These days we use two services to protect your site. reCapatcha is used for the most important entry points and most sensitive forms like checkout, signing in, subscribing, etc.

Akismet is used for mitigating spam for comments. This includes comments on Posts, comments on Projects, and comments between an instructor and a student within the Instructor Chat on an Exercise Submission.

Below we'll break down how we implement Akismet, how it protects your site, and what controls you have at your disposal.

How Akismet Works

Akismet is run by WordPress. We've had great experience with this service since our early days, and they offer an external API that can be used with any platform.

When a user or customer types a comment and presses "Submit" we send the following data to Akismet about the person submitting the comment:

• IP

• User Agent

• Email address from the form

• Name fro the form

• Comment content from the form

• The referring URL

• The link to the post

• Date of the post

Akismet will return true or false, depending on what it thinks of the data that we send them. True means it's spam. False means its ham (developer nomenclature for something that is not spam).

Read more about managing comments here.