I think it’s safe to say you’ve heard of Akismet. Good old Akismet, by the makers of WordPress, is the de facto standard for blocking comment spam. It normally does an excellent job, though it misses a few spam comments here and there.
I think it’s safe to say that 98% of WordPress users (I made that number up, just so you know) use Akismet.
But what about the web newbies, just installing WordPress for the first time? You know, the people who don’t have a whole lot of experience with the web, but heard about blogging and WordPress, and decided to set it up with Fantastico on a cheap shared webhost. Those people are in for an unpleasant surprise…
Akismet, by default is deactivated, therefore unprotected. The equivalent of running a Windows-based PC on the internet without a firewall and antivirus, the blog will be slammed with spam pretty quick. It may not be a lot at first, but it will happen.
And not only is Akismet not activated by default, it’s buried on the Plugins page, where non-techies aren’t necesarily going to look. Then you need an API key to use the plugin, which requires registering for a blog at WordPress.com (a most confusingly named site) and then hunting down the page with the API key and pasting it into the plugin settings on your blog.
Here’s how it should work: When you first install WordPress, it should gently nudge you to activate Akismet, and like to the Plugins tab. When you activate the plugin, it should request that you enter your API key, and instead of telling you to get one from WordPress.com, link to Akismet.com, and let them applu for one there.