Improving Plone Comments
May 16th, 2007 by Jon Stahl
I’m really excited that Dave Fowler got funded by Google’s “Summer of Code” program to do some work on Plone’s comments system. It’s not received much attention in the past few releases, and although it’s still pretty solid, it’s starting to show some wear around the edges. With Plone 3.0 almost out the door, and sporting lots of cool UI tricks (most notably KSS), it’s a great time to look at overhauling the comments system.
Following are some thoughts that I’ve had over the past couple of years of using Plone, and drawing on ONE/Northwest’s experiences implementing around a hundred public-facing Plone sites for small nonprofit organizations. I offer them with the hopes that Dave and others who will be working on Plone’s comments this summer might find some inspiration and ideas.
Things worth looking at Two existing Plone add-on products that add features to Plone’s commenting systems are PloneComments from Quintagroup and EasyCommenting from Kai Diefenbach.
PloneComments extends Plone’s existing comments by enabling:
- Comments from anonymous users
- Moderation of comments
- Email notifications (to owners/managers) of new comments
All of these are welcome features that address obvious gaps in Plone’s “out of the box” comment experience. qPloneComments has quite a few rough edges in its UI — most notably that it takes a lot of clicks to go from an email notification to actually moderating a comment. I can’t offer an opinion about whether its implementation is technically sound, but it’s worth a close look to see whether its ideas could be integrated into a new solution.
EasyCommenting is a more ambitious attempt to re-implement commenting. Kai appears to have recently started again with Zope 3 technologies, so it’s not quite clear where this project sounds.
Things I’d Like to See Most of the improvements I’d like to see in Plone’s commenting system revolve around two related goals:
1) Making it easier for site visitors to comment without having to register and log in, while…
2) … Resisting comment spam.
While not every site requires (or desires!) unauthenticated users to be able to comment, it’s an extremely common feature of blogging software and of other lightweight CMS systems, and for good reason: it knocks down a big psychological barrier to participation for a casual site visitor.
I’ve been using WordPress for a couple of years now (but don’t worry, Plone is my first love! 
. As widely used, dedicated “blog” software, it puts a lot of effort into its commenting system, and the WordPress team have done a good job of making it possible to allow commenting by non-authenticated users without opening the floodgates to spam.
WordPress does this in a couple of interesting ways. First, the Wordpress team have actually developed an extremely effective spam-detection service, known as Akismet. Akismet is not open-source, nor is it free for commercial use, but it works really well, and has a simple, well-documented API along with a Python library. Although it wouldn’t be a silver bullet, implementing an Akismet module for the Plone commenting system would be a quick, easy and effective way to fend off a lot of spam (both comment spam and trackback spam, too!). I’ve written a bit about this before.
A second thing that WordPress does is to ask each anonymous commenter for their email address. It doesn’t show that address to the public, but it remembers it, so that if their comment is approved, it can automatically approve additional comments from that email address. This feature is optional, and only available if comment moderation is enabled. It’s a very simple and effective way to make sure that your “frequent commenters” don’t have to get moderated for each comment.
A third thing WordPress does is to send out rich hyperlinks in its email notifications of new comments. Each comment notification message has three links:
1) Delete this comment 2) Approve this comment 3) View the comment moderation queue
The URLs for options 1 & 2 immediately perform the specified action. Option 3 takes you to a moderation screen.
On that moderation screen, WordPress implements another simple-yet-highly-effective user interface trick that Plone would do well to emulate. It has javascripted radio buttons to:
1) Mark all queued comments for deletion 2) Mark all queued comments as spam (which deletes them and notifies Akismet) 3) Approve all queued comments
These javascripted buttons change the equivalent selection radio buttons on each individual comment all at once, and the comment manager can then individually mark any exceptions, then hit submit to execute the entire batch of approvals.
This simple scheme makes it possible to efficiently moderate hundreds of comments with just a few clicks.
Captchas?
I’ve not used them much, but some folks are fond of using captchas to differentiate legitimate commenters from spam-spewing robots. PloneCaptcha and Plone Captchas are two (different, but similarly-named) products that implement captchas for Plone.
Plone co-founder and usability guru Alex Limi has pointed out the potential for accessibility issues with captchas in the past. These concerns are real, but modern captcha systems seem to deal with them effectively, either by presenting an audio alternative to an image-recognition task or by using a simple logic puzzle (e.g. what is 2 plus 5?) instead of an image recognition.
I’ve noticed that Drupal (a popular PHP-based CMS) has an add-on product that implements simple logic captchas as described above. I suspect this would provide a simple, accessibility-compliant captcha mechanism that might be very effective for preventing comment spam, especially in the absence of Akismet.
Other random ideas
Here are a few other brainstorms that might be worth considering, although I think they’re all less important than the ideas I mentioned above.
- Include a (small) user portrait alongside authenticated users’ comments. Ploneboard does this (although the portraits are a bit large), and it looks nice.
- Visually highlight comments by the document creator or owner. Many blogs to do this, and it does a nice job of making the blogger’s responses to comments stand out.
- Include a Zope 3-style “recent comments” portlet as a user-addable portlet. This could be based on the existing “recent items” portlet. (I’m actually rather shocked that we don’t already have one!)
- Include a “comments on this item” RSS feed for objects that have comments. This makes it easy for interest parties to monitor comments on an object over time.
- Include an RSS feed for all site comments” on the site homepage (or maybe on all pages). Again, this makes it easy to follow all the discussion on a site.
Do you have ideas about how Plone comments could be better? Share them here, in the comments! 
I think that the CMF / Plone commenting systems should evolve to something like an ATContentType, with workflow and all that stuff, or at least it should have some hooks to make the life of those wanting to change it easier.
Actually, qPloneComments uses monkeypatching for archieve it’s goals. I was working on a product to make Akismet filter available to comments and hell, I don’t had time for maintain so much monkeypatches nor to refactory the entire stack of commenting code, so I just give up
.
BTW, nice blog.
Dirceu-
Thanks!
IIRC, Plone comments already are full-fledged AT Content Types, called “Discussion Items.” If they’re not, then they certainly should be. Good call.
Maybe the time will soon be ripe for you to take another crack at Akismet!
Hi Jon,
nice article! Very helpful as always. I will try to take all your suggestions into account on my way developing EasyCommenting.
Best
Kai
There are many ways to stop spam comments. Here are some that should be easy to implement.
1. Time validation. There should be a way to measure how long it takes to fill in a form. Then if it is less than about 5 seconds, then the submit button should not work. This timeframe should be enough not to slow down humans, but make bots either slow down or give up.
2. IP limits. Limit the number of comments from any IP address to 5 every hour.
3. Enforce a timed preview/proofing stage. In addition to cutting down on spam, this will also improve the quality of the comments and may cut flaming.
Hey Jon,
Actually, DiscussionItem is a subclass of Document, but it not have a full workflow. From CMFDefault/DiscussionItem.py:
class DiscussionItem(Document):
# other lines here…
# XXX this is wrong, it precludes the use of a normal workflow.
review_state =’published’
About akismet: I would love to work on it, but after someone refactor the comments stack.
Jon,
Wichert just pointed me to your blog. I’m excited that I’m working on the commenting system too! Thanks for the leads and the ideas. I’ll definately keep them in mind and see what I can do. I’m a wordpress user myself and also really like the way they do it.
Another addition for “Other random ideas” is alowing a way to rank or score comments, like digg or slashdot does. Ranked comments make large comment threads easier to read. People can skip over the dumb ones I write that way
.
Definately feel free to send me any more ideas, advice, or leads.
Thanks
Dave Fowler
@Daniel – Indeed, simple throttling is definitely a good idea.
@Dave – Glad to see you’re getting started!
I’m not a huge fan of comment rating, actually, just because the vast majority of sites don’t have so many comments that they actually need it. (But, if one had a great deal of passion for comment rating, I’d suggest looking at Alec Mitchell’s “Content Ratings” product, which probably could be wired into the comments system pretty darn easily!) Let me know if there’s stuff you’d like me to look over — I’m almost useless code-wise, but have a lot exposure to real-world client pain!
I’d definately make the commenting an optional feature and will probably work on it after I get the basics set up first.