Dieses Plugin ist nicht mit den jüngsten 3 Hauptversionen von WordPress getestet worden. Es wird möglicherweise nicht mehr gewartet oder unterstützt und kann Kompatibilitätsprobleme haben, wenn es mit neueren Versionen von WordPress verwendet wird.

Cookies for Comments


This plugin adds a stylesheet or image to your blog’s html source code. When a browser loads that stylesheet or image a cookie is dropped. If that user then leaves a comment the cookie is checked. If it doesn’t exist the comment is marked as spam.
The plugin can also check how long it took a user to enter a comment. If it’s too fast it’s probably a spam bot. How fast can a legitimate user enter their name, email, web address and enter a well thought out comment?

For the adventurous, add these lines to your .htaccess and it will block spam attempts before they ever get to WordPress. Replace the Xs with the cookie that was set in your browser after viewing your blog. You can also find the cookie value by examining the page source code and looking for „css.php?k=XXXXXXXXXXXXXXXXXXX“. Make sure the lines go above the standard WordPress rules.

    RewriteRule ^wp-comments-post.php - [F,L]

If you use WordPress MU, replace wp-comments-post.php above with wp-signup.php to block spam signups.

    RewriteRule ^wp-signup.php - [F,L]


Copy into your plugins folder and activate. If you are using a caching plugin such as WP Super Cache make sure you clear the cache after enabling this plugin.


The cookie isn’t being set by the plugin. Why?

If you use wp-minify make sure you add the Cookies for Comments CSS file to the list of CSS files that shouldn’t be minified.


9. August 2021
(REVIEW UPDATED August 2021) Based on my long experience, I think this the simplest, fastest e most effective plugin to avoid spam in WordPress comments. I'm using this plugin on several sites, since years, and it works like a charm. Also on a big website with thousands of daily views (using .htaccess) P.s. It works very well with all versions of WP 5.x
3. September 2016
There used to be 2 types of anti-spam plugins. The first one will block all comments, and also block shopping carts if you run a site where people need to pay. The second doesn't work. There is now a 3rd category, and this one not only works, but also will not block shopping carts. This anti-spam works well with Clickbank and WP eMember possibly other carts as well. Thank you so much! The last update stopped the anti-spam from Tips and Tricks HQ with their WP Security plugin, and I was inundated with 100s of spam comments per day. Now, this solution works, and everything is sent to spam, without messing with my shopping cart. Thank you so much. mmoexploiters.com
7. Februar 2017
I'd been getting a dozen spams a day on two of my sites. We installed "Stop Spam Comments" on one and "Cookies for Comments" on the other. Both worked perfectly. No more spam. Thanks!
Alle 17 Rezensionen lesen

Mitwirkende & Entwickler

„Cookies for Comments“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:


Übersetze „Cookies for Comments“ in deine Sprache.

Interessiert an der Entwicklung?

Durchstöbere den Code, sieh dir das SVN Repository an oder abonniere das Entwicklungsprotokoll per RSS.



  • Sanitize the cookie key before setting it. Props Matt Cutts and @planetzuda


  • Added a rejection message for when people trip over the cookie protection.
  • Plugin requires WordPress 3.1+ now.


  • Use an image to deliver cookie as well as stylesheet.
  • Don’t load WordPress to set the cookie. Makes pageload much faster!
  • Added „time to post comment“ to comment notification emails.
  • Support for SSL sites.
  • If user is logged in don’t check for cookie.
  • Speed spammer checks to stop smarter bots and human spammers.


  • Generate cfc_key all the time if it’s missing, not just on serving the css html
  • Added MU signup form mod_rewrite rules to docs and admin page
  • Added Settings page link to plugins page.
  • Add explanation text to css file.
  • Add docs on how to use CFC to protect the MU signup form
  • Show htaccess rules on admin page.
  • Don’t let wp-super-cache cache this page.
  • Store cfc_key in sitemeta for WordPress MU sites
  • Added mod_rewrite rules to block spam comments before they get to WordPress