Nonce! Please — spam decreasing plugin

Posted by ゆりこ on 7月 07, 2008 @ 10:08:31 PM
Tags: ,

(日本語の説明はウェブログの Nonce! Please リリース案内を参照のこと)

“Nonce! Please” is a simple plugin that prevents brute-force comments and trackbacks from spammer. This is *ONLY* a helpful solution to cut down spams, *NOT* an alternatives to Akismet.


Akismet is a great plugin to block spam comments/trackbacks. It detects spams completely. But, Akismet allows to accept unsolicited feedbacks, and to store them in the database. It is weaker act to fight with spams. A better way is to reject them.

Also, the architecture of WordPress is vulnerable for spammer. Because the comment API is fixed URL like: “wp-comments-post.php”, “wp-trackback.php, or “”. Therefore, spammers can easily post bulk comments/trackbacks to WordPress weblogs.

“Nonce! Please” add a nonce (random strings) to the comment hidden field and/or the trackback URL. A valid comment and/or trackback should have a nonce string. Bulk feedbacks will not have nonce.
This plugins also verifies that a new comment/trackbacks has the valid nonce. If there is no nonce or an invalid one, the feedback is rejected.

Adding and detecting nonce is automatic, users are not do anything!


“Nonce! Please” can be installed in 2 steps:

  1. Unzip “” archive and put only the nonce_please.php file into your “plugins” directory (wp-content/plugins/) of the server.
  2. Activate the plugin.


The licence of this plugin is GPL v2.


  • If you are using cacheing plugins (such as WP-Cache, WP Suer Cache), make sure that caching time less than 12 hours. Because WordPress nonce string will change in 12 hours cycle and valid for 24 hours. If caching longer than 12 hours, invalid nonce will be survived at your site.

Getting a support

To get support for this plugin, please send an email to ikeda.yuriko+wp-nonce_please _@_ GMAIL COM. (You need adjust to valid address)

Frequently Asked Questions

Q: Will Akismet no use when I use “Nonce! Please”?
A: No. This plugin detect only bulk feedbacks that are sent to hard-coded comment/trackback URLs as “” I suggest keep using Akismet. You will see fewer spams at Akismet admin screen!


Version 1.1 (2009-03-23)
Skip checking a nonce for log-in users. Therefore, you can reply a comment at the admin panel without errors.
Initial version
Version 1.0 (2008-07-07)
Initial version


  1. [...] Nonce, Please! [...]

  2. [...] Das WordPress Plugin Nonce! Please von IKEDA Yuriko verhindert über Zufalls Strings in einem versteckten Feld Kommantar und Trackback Spam. Wenn das Plugin mit WP-Cache bzw. WP Suer Cache funktionieren soll, sollte die Cache Zeit unter 12 Stunde [...]

  3. [...] Nonce! Please [...]

  4. [...] Nonce, Please! – スパム軽減プラグインを併用。 [...]

  5. [...] Nonce! Please [...]

  6. [...] Sitemaps, Grunion Contact Form (heavily modified), Insights, KB Advanced RSS Widget, MiniPosts2, Nonce, Please!, OpenID, Peter’s Blog URL Shortcodes, PHP Speedy WP, Post-Plugin Library, Quick Reply [...]