Blocking Spam On Your WordPress Blog

February 3, 2007 – 11:41 am

WordpressI know this article is a little like “inside baseball” for many of my readers since most of you probably do not maintain your own blog. I have been blogging for quite some time now and I usually don’t have a problem expressing my opinion or coming up with new ideas for blog articles. In fact, since The Sisyphus Comments is just a compilation of things that interest me, blogging is pretty easy for me.

However, the one thing with which I really do have a problem is spam. That’s right, blog administrators also have to deal with spammers. The problem is basically the same as the problem you experience in your e-mail inbox except ours comes in the form of comment or trackback spam. I actually had to migrate to a new blogging program because the spam became unmanageable on my old software program. Fortunately, I chose WordPress for my new program and they have a very active support community that constantly battles the spammers. I use WordPress for both The Sisyphus Comments and the CopCAST sites.

If you are using WordPress, there are three critical plugins that you need in order to control the amount of spam that you receive. The first plugin is Automatic Kismet, or Akismet for short, ships as part of your initial WordPress installation. All you have to do is go into the plugins section of the administrator controls and activate it.

Akismet is a collaborative effort to make comment and trackback spam a non-issue. When a new comment, trackback, or pingback comes to your blog it is submitted to the Akismet web service which runs hundreds of tests on the comment and they either approve or disapprove the message

When the plugin catches something as spam it saves it in the database for 15 days in case you want to check it out manually and then automattically deletes it. In the unlikely event something gets incorrectly identified as spam you can correct it and it submits the “false positive” back to Akismet for analysis and improvement of our system. If a spam comment happens to get through and you mark it as spam within WordPress, it does the same thing. Akismet becomes more effective the more you use it.

The second critical plugin is the Math Comment Spam Protection Plugin for WordPress (versions 1.5.2, 2.0.x and 2.1). This plugin asks the visitor making the comment to answer a simple math question. This is intended to prove that the visitor is a human being and not a spam robot.

This plugin does not require JavaScript or cookies. It uses a special encryption function; the result of the question is being passed via a hidden field. The result is being compared with the value entered by the visitor – after encrypring this value as well.

The final plugin in our WordPress anti-spam protection triad is the Simple Trackback Validation Plugin for WordPress (versions 2.0.x and 2.1). This plugin performs a simple but very effective test on all incoming trackbacks in order to stop trackback spam.

When a trackback is received, the plugin retrieves the web page located at the URL included in the trackback. If the page contains a link to your blog, the trackback is approved. But if the page does not link to your blog, the trackback is placed into the comment moderation queue (or optionally marked as spam).

Since most trackback spammers do not set up custom web pages linking to the weblogs they attack, this simple test will quickly reveal illegitimate trackbacks. Also, bloggers can be stopped abusing trackback by sending trackbacks with their blog software or webservices without having a link to the post.

Post a Comment