WP Spam-Free has been evicted from this site. The inconvenience it caused some users—requiring the use of Javascript, requiring a certain length of comment—now outweighs the plugin’s benefits, which are frankly little these days. Automated spam technology has moved on beyond loading a website, and nowadays they access the comment PHP file directly, bypassing all measures that WP Spam-Free put into place.

I installed Spam Free WordPress; when you see the extra “copy this password” and “paste the password”, a special one-time password has been generated.

The password mechanism thus not only generates unique passwords per comment, but the plugin also hooks into the comment PHP code, stopping a certain type of automated spam by always requiring the generated password, only visible through accessing the website directly.

I can see spammers eventually bypassing this too, however. Then I’d be at a loss as to what to do next, apart from moving to Dreamhost’s virtual private servers and turning off caching.