This is another powerful trick of stopping all machine generated spam comments much before they hit your web server. This can be dome by using a simple WordPress plugin called Cookies for Comments, the plugin sets a cookie on a random URL and that URL is checked everytime when a comment is posted on your website. In-case if the cookie is missing, it marks the comment as spam.
Installation & Usage: Install and activate Cookies for Comments. After activation remember to clear cache in case if you are using any cache plugin like WP Super Cache etc (there are many others).
For the adventurous, add the following given lines to your .htaccess (.htaccess file is found in root directory or your WordPress site where is wp-config.php file is located). This will be blocking spam attempts even before they ever get to your server.
Remember to replace the Xs with the cookie that was set in your browser after viewing your blog. Cookie value can also be find by examining page source code and looking for “css.php?k=XXXXXXXXXXXXXXXXXXX”. Make sure the lines go above the standard WordPress rules.
`RewriteCond %{HTTP_COOKIE} !^.*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.*$`
`RewriteRule ^wp-comments-post.php - [F,L]`
If you are using WordPress MU then replace wp-comments-post.php above with wp-signup.php for blocking spam signups.
`RewriteCond %{HTTP_COOKIE} !^.*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.*$`
`RewriteRule ^wp-signup.php - [F,L]
How it works ? It adds stylesheet or image to HTML code of your WordPress site and the cookie is dropped when webrowser loads that stylesheet or image. Now when a user leaves a comment the cookie is checked and if the cookie is not present then the comment is marked as spam.
Even this plugin checks how long a visitor takes to post a comment on your website, spam bots are obviously very fast comparing to humans, it checks how fast can a legitimate user enter the required fields like name, mail, site and then comment.