It looks like some of the spam bots out there are now taking the Comment Challenge plugin into account, as I’ve had some automated spam where the extra question has been answered correctly. Though I’ve always had some spam get through, until now it looks as if it had all been typed in manually by a human, and not the work of a spam bot. Comment Challenge, by the way, is the thing that makes you type ‘elephant’ when you post a comment here.
Considering it’s been over 10 months since I installed the plugin I’m impressed that it has taken until now for the automated bots to work around it – I thought that something so simple would be trivial to work around. Obviously it wasn’t.
As it happens, only 4 spam comments got through, and they were all junked by other anti-spam plugins (namely Akismet and SpamLookup) so they never appeared on the site. But it’s a slightly concerning new development.