This plugin adds a stylesheet or image to your blog’s html source code. When a browser loads that stylesheet or image a cookie is dropped. If that user then leaves a comment the cookie is checked. If it doesn’t exist the comment is marked as spam. The plugin can also check how long it took a user to enter a comment. If it’s too fast it’s probably a spam bot. How fast can a legitimate user enter their name, email, web address and enter a well thought out comment?
For the adventurous, add these lines to your .htaccess and it will block spam attempts before they ever get to WordPress. Replace the Xs with the cookie that was set in your browser after viewing your blog. You can also find the cookie value by examining the page source code and looking for «css.php?k=XXXXXXXXXXXXXXXXXXX». Make sure the lines go above the standard WordPress rules.
RewriteCond %{HTTP_COOKIE} !^.*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.*$
RewriteRule ^wp-comments-post.php - [F,L]
If you use WordPress MU, replace wp-comments-post.php above with wp-signup.php to block spam signups.
RewriteCond %{HTTP_COOKIE} !^.*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.*$
RewriteRule ^wp-signup.php - [F,L]