Since the beginning of winter break, I have been deluged by comment spam attempts. Most of them involved "tramadol," a painkiller, or "texas hold-em poker," both of which are included on the list of words that cause comments to be moderated (a list which borrows heavily from the "Spam Words" list on the Wordpress Wiki). However, it was still annoying to both delete all of the notification emails and the comments from the moderation queue.
I could have attempted to block the IP addresses being used in my .htaccess file, but that would only be a temporary solution, since the spammers switched IP addresses about once every 24 hours. I also could have switched comments off, but that would be too radical. Hence, I have changed wp-comments-post.php (which is, of course, the file containing the code that allows you to post comments on WordPress blogs, so that it is impossible to post a comment without previewing it first. In the comment preview code, I added a new form value to the comment preview:
<input type="hidden" name="previewed" value="1" />
Right below the comment that states, "If we've made it this far, let's post," I added a new IF statement:
die( __('In an attempt to reduce comment spam, you must preview your comment before posting it.') );
Of course, nobody will ever see that message (except inquisitive comment spammers), since I also commented out the Post button from wp-comments.php (which controls the comment form seen below).