Couple of months ago we wrote an article about ZB Block and how effectively you can fight forum and blog spam, among other bonus features that you’ll get. Of course, there are few downsides of using this outer wrapper, because it will interfere with your casual and effortless auto-upgrade CMS system, but some sacrifice needs to be made, after all. Additionally, official updates for ZB Block signatures are getting rare and scarce, which means that you will be in charge of your rules being up-to-date, as well.
AKISMET BOGUS REPORTING AND API CALLS STATISTICS
However, the main topic today regarding WordPress security and SPAM protection (or any other CMS in general) is about Akismet and something very peculiar we’ve noticed just before our hosting provider introduced it’s own server-wide security protection, which almost left our ZB Block without a job!
To better understand the chronology of the events, lets recap our system setup history in brief:
 As our domain and transition to new blog came into life, we immediately set Akismet account to protect us from SPAM, this was about ~ a year ago.
 Few months later we deployed ZB Block, and noticed immediate reduction in Akismet API calls as described here. However, what we were puzzled about is the fact that we never actually saw any SPAM messages (comments) in our administration board, except very few. Numbers were not adding up from those displayed on the charts. That made us think. We have configured Akismet plugin for WordPress to explicitly let us review each marked-as-spam content, and not act on its own with auto-delete function. However, not a single message was ever shown. So, why Akismet makes API calls, which are not free – mind you, even if there is nothing left to do?
 Unfortunately, just as we got interested in this matter, our hosting provider soon after deployed it’s own protection system, ZB Block log got reduced by whooping 80% on a weekly basis, most bots, probes, spammers and hackers were rejected by even higher layer of protection, so not much work was left to be done. Yet, Akismet still made it’s regular calls. What a…?
Then, we decided to conduct a little experiment. We uninstalled Akismet plugin and removed API key, just to see if we are going to get some actual SPAM.
After several months running WITHOUT Akismet protection – we got 1 or 2 SPAM comments in total (human kind).
And that was it.
Now, Akismet gives you 5000 free API calls per month, which is more than plenty for a blog or small website. If you spend it carelessly, you will have to purchase a bigger plan, which starts “as low” as from 5$/month.
We wouldn’t have absolutely any issues if those numbers were REAL, but apparently, they were OFF somehow. No explanation about why is this happening and why bogus SPAM reports are measured, but we dropped Akismet few months ago and so far w/o any regrets.
AKISMET continued to report an increasing amount of SPAM comments “prevented”, even if administration page did not show any trace of it. It was specifically configured NOT to remove any SPAM automatically and keep it for manual admin review. We cannot possibly say what is the cause of this. Our experiment, when we decided to remove Akismet completely, indeed showed that virtually no SPAM activity was present at all at the WordPress plugin layer, so we are not sure how the API Calls stats are actually calculated and what was counted and reported in the end.