WordPress Plugins for Writers: Part 2 – Anti-Spam
The #1 hassle of running a website is the inevitable flood of spam that, if left unattended, will fill your posts’ comments sections. Most of these are obvious attempts to get either click-throughs (people clicking on the links to see what’s up) or link-backs (links from your site to theirs which affect their site’s rating on some search engines). Some of it is downright obscure — random strings of numbers with no links to be found, that sort of thing. All of it is clutter, useless rubbish that clogs up your comments, making it less easy (and less fun) for your readers to read or leave comments, and making your site look bad.
Fortunately, there are several WordPress plugins that help minimize, and often eliminate entirely, spam from your comments section. The first, Akismet, is even built in. You need to activate it, though — and for that you need a “WordPress API key”. Fortunately, that’s easy enough to get — just sign up for an account at WordPress.com and they’ll send you one by email, automatically. It’s a long string of characters that, after you’ve activated Akismet, you’ll be asked to enter. Just cut-and-paste it from the email.
Akismet works by aggregating the collective judgment of its users. Every comment on an Akismet-enabled site is fed through their servers and compared with their profiles of known spam. If a new comment on your site looks like a piece of spam in Akismet’s database, it’s flagged as “spam” (you can look occasionally and make sure it’s all properly flagged, and un-flag comments you think should not be considered spam). If it looks kosher to Akismet, it’s sent back to your site. If something “spammy” gets through Akismet, you can manually flag it as spam, and Akismet will add it to their database. When you mark something as spam, it helps the rest of the network; when anyone else on the network marks something as spam, it helps you.
What Akismet is to comment spam, the Trackback Validator plugin is to trackback spam. Normally, trackbacks are notifications sent to your site when a trackback-enabled site links to your site. It’s a nice way to let someone know you’re linking to them, and it posts a link under the post they linked to so that other readers can click through and see the conversation unfold. Unfortunately, a lot of scummier sorts have hijacked the process, sending fake trackbacks to sites just to get the link. Trackback Validator checks the address the trackback links to, to make sure there really is a page there and it really does link to you, before letting the trackback show up on your site.
The third line of defense against spam is Bad Behavior, which aims to stop spam at the source by identifying “bad guys” before they can reach your site. Bad Behavior looks at the way that a visitor or alleged visitor is attempting to access your site. Since most comment spam, trackback spam, and other malicious attacks against your site are carried out by automated programs accessing the site directly (as opposed to a person accessing it via a browser), they can often be identified and, in Bad Behavior’s case, prevented from being able to access the site at all.
All three of these plugins can be used together, giving you a pretty good defense strategy against the kind of scum that has decided that your site is a great platform for whatever malicious purposes they have in mind. Once installed, the only thing you have to do is remember to check your spam queue once in a while (the WordPress dashboard will let you know how many comments are in the spam queue and need to be approved or marked as spam) to make sure you catch anything Akismet missed — which should be less and less, since Akismet is learning faster and faster the more people use it.
Funny you should mention spam at this moment. Usually, I content with on a handful of spam messages to the comments section of my blog. Two days ago, I got well over a hundred!
I’ll look into Bad Behaviour when I get home. I’ve tried a couple different WP plug-ins that call for commenters to enter some numbers that appear on the screen — none of them work in my set up for some reason.
I should note that when it’s in use, Bad Behavior is effectively the first line of defense on a site. Because I can’t block any legitimate users whatsoever, I have to let some spam through, and so Bad Behavior must be used in combination with a more traditional spam prevention strategy.
Thanks, Michael — that’s a good point. For the record, I use Bad Behavior and Akismet on this site, and get *much* less spam than I get on another site where I do not use Bad Behavior (only because it’s much harder to set up with Drupal, which the other site runs on). And this site has greater traffic.
The Drupal setup isn’t much harder; it’s just a little more involved.
Get the Drupal module from drupal.org
Install it in
Get the Bad Behavior code from my site
Unpack it and find the
bad-behavior(in lowercase) folder which is one-level below the top. (Depending on where you download it the top level folder could be named bad-behavior or Bad-Behavior.) The correct folder contains a bunch of files that end in
Place the second level
Activate the Drupal module!
When there's a Bad Behavior upgrade, you only need to install the updated core code, the second-to-last step above.
Hey, you filtered out my <li> XHTML! Not nice! 😛