How to Deal With SPAM in WordPress

Word Count: 1240
Total View: 274

As your WordPress site gets noticed and generates traffic, it becomes a natural target for spammers. If you’re noticing posts on your site that you don’t expect, or see users in the Dashboard that you didn’t create, you have other security problems. Most likely, your posts will accrete a variety of spam comments as a side effect of being popular.

WordPress SPAM

You can recognize spam by a list of links within the comment, or [p2p type=”slug” value=”6-strategies-to-generate-new-content-easily”]content-free[/p2p] comments saying that the poster enjoyed your writing, with an attached URL or source address that invites you to a less-than-reputable destination. In either case, the goal of comment spam is to generate more web content that points back to the spammer’s site, taking advantage of the page popularity ranking algorithms used by Google and others that give weight to incoming links. The best way to deal with spam is to simply get rid of it, denying spammers the opportunity to use your site to boost their own visibility.

There are three basic approaches to dealing with the problem: make it impossible for anyone to leave comments, increase the difficulty of a spammer sneaking a comment onto your site, and enable auto-detection of common spam patterns. Obviously, disabling comments (through the Dashboard) is a bit harsh and defeats the goals of establishing conversation with your readers. On the other hand, if you decide to take this drastic step, remember that changing the settings for posts on the control panel affects future posts only; anything already on your blog will still have comments enabled unless you go through the Dashboard and turn them off individually. If you don’t mind an even greater bit of brute-force effort, you can remove the wp-comments.php file from the WordPress core, which somewhat unceremoniously puts an end to the ability to comment on your posts. We recommend something a bit more subtle.

Comment Moderation and CAPTCHAs

One approach to comment spam is to slow down the spammers; this simple approach, however, slows down valid commenter’s as well. You can require commenter’s to register as site users before being allowed to post comments, but that has the downside of preventing passing-by users from adding their thoughts. It also requires that you stay on top of the user registration, as you may see seemingly valid users that are created purely for the purpose of posting spam to your blog.

Moderation is another tool in the slow-but-don’t-stop vein; you can hold all comments for moderation or require all commenter’s to have a previously approved comment. In effect, you’re putting the burden of spam detection on yourself, looking at each comment as it appears and deciding whether to post it to your site or flush it. Again, an innocuous looking comment may be the approval stepping stone for an avalanche of spam later on from the same user. As with many security mechanisms, the bad guys are continually getting smarter and more automated, and testing the edge protection and response of the systems they want to infiltrate.

A variation of the brute-force and moderation method is to blacklist IP addresses that seem to be the primary sources of spam; the access controls can be put in your .htaccess file. Again, this is perhaps a bit like hunting bugs with an elephant gun, as you’re likely to block valid IP sources from common carriers that are unfortunately home to some low-limit spammers. Also, spammers jump IP addresses easily using bot nets and other resources, so this can be a never-ending war that you cannot keep up with.

Enter CAPTCHA methods — based on a phrase coined at Carnegie Mellon University that ostensibly stands for “Completely Automated Public Turing test for telling Computers and Humans Apart” — that impede spammers’ ability to post unwelcome comments by requiring them to enter some additional, dynamic piece of information. There are quite a few CAPTCHA-generating plugins for WordPress, all of which add a displayed word or math problem to the end of the comment posting form, requiring the user to enter the correct information before the form is submitted.

The simplest of these, the Math Test plugin, displays a two-term addition problem that must be solved by the user. The basic idea is that an automated spamming process won’t be able to recognize the distorted words or solve the problems, alleviating the spam at the point of insertion. There’s some debate as to the effectiveness of CAPTCHAs, with their failure rates suggested to be as high as 20 percent. You’re also adding a step for commenter’s, albeit a trivial one. If your site attracts a large, non-English speaking audience, CAPTCHAs depending upon wavy English words will be effective, but only in preventing valid comments from frustrated users.

The WP–Spam free plugin is an inverse CAPTCHA; it tries to ensure that the commenter is using a browser, and not coming in via an automated process. This combination of JavaScript tricks is a variation on the spam impedance theme, and like the others, its effectiveness and user impact will vary depending upon the demographics of your site viewers.

Automating Spam Detection

The first step in automating spam detection is blacklisting certain types of posts or particular words. In the Dashboard, choose Settings ? Discussion in the Comment Moderation box, you’ll find an option to block any comment that contains more than a particular number of links. Don’t set this to zero, or anyone who includes his own site URL in a comment is going to be filtered. This cuts down on the obvious spam messages, however. Similarly, adding words to the blacklist like “Vicodin” will eliminate the faux-pharmacy spam, but if you’re perturbed by offers of fake Rolexes, don’t add “watches” to the blacklist or you’ll drop any comment that uses “watches” as a verb as well as a fake product noun. Word blacklists are universally effective in blocking comments with those words, irrespective of context.

Fortunately, WordPress has the Akismet plugin built in for dealing with comment spam that relies on a crowd-sourced blacklist and is transparent to users. Go to http://akismet.com/ to register for an API key for the service; when you open up the Dashboard and configure the Akismet plugin, you’ll need this to make sure your instance of WordPress can connect to the Akismet service.

Effectively, Akismet takes each comment as posted, runs it through a database of spam comments hosted by Automattic, and decides whether or not to mark the comment as spam. Statistics on the akismet.com site claim that upwards of 80 percent of all comments are spam, and that they have caught and marked more than 55 trillion spam comments.

There are other implementations of the Akismet service besides the built-in plugin, and Akismet works on other content management systems as well. [p2p type=”slug” value=”get-free-api-key-akismet”]Akismet[/p2p] is priced based on the size and type of your site, ranging from free to $50 per month. While the freely available nature of WordPress and most of its related plugins and themes has been highlighted, paying for Akismet spam protection is also highly recommended. Compared to the cost of a commercial WordPress hosting option, most low-end Akismet plans are minimal in cost. You remove a time-consuming administrative burden from your plate for a few dollars a month.

3 Comments

  1. Alma Jaeger February 14, 2015
  2. Neville January 29, 2015
  3. Vicente January 25, 2015
Games Security
eCommerce
The Million-Dollar Question of eCommerce: How to Get Repeat Business?
Telephone System
Office Telephone System: How to Choose the Right One for Small Enterprise
Internet Marketing
Top-Most Internet Marketing Strategies on the Go
External Giveaway Freebie TechnoGiants Giveaway
MacXDVD
Freebie: MacXDVD Gives Away 10K Free Copies of MacX Video Converter
Flipbook
Giveaway #40: FlipHTML5 Flipbook 3-months Platinum Plan Subscription
iCare Data Recovery Pro
Giveaway #39: iCare Data Recovery Pro Free Download with License Key
Android iPhone
Travel App
5 Apps You Need to Pack for Your Next Vacation
Android Phone
5 Tricks to Speed Up Your Slow Android Phone
Money Online
Great Ways to Earn Money Online With Your Smart Phone
Adsense
On Page Optimization
Understand the effectiveness and important of On Page Optimization
Search Engine
Why Content Marketing is the New Key to Good SEO
Outsource SEO
5 tips that will help you with SEO Outsourcing
MAC Software
Hiring Software
How to Get the Most Out of Your Hiring Software?
DVD Copy
How do you copy DVD with DVDFab DVD Copy Software?
Able2Extract Professional 11
6 Time-Saving Tricks: Featuring Able2Extract Professional 11
Blogging Social Media
Time Management
8 Time Management Strategies for Fellow Bloggers
WordPress
7 Pros and Cons of WordPress for Blogging!
eCommerce
How to Set Up an eCommerce Store Using WordPress in 7 Steps
Email Marketing
Infographic: The Giant Email Marketing Statistics Guide
Ecommerce
Infographic: How to Create Your Ecommerce Store With Magento
Ways to Backup iPhone
Infographic: Ways to Backup iPhone – Avoid iPhone Data Loss
Debit cards
The Rise in use of Credit/Debit cards in India after Demonetization