7th March 2007

5 Tips on securing your Wordpress blog from spam comments and pings

No matter where or how you host your blog, sooner or later you’ll notice unwanted comments or trackback pings coming up – this is especially the case with a weblog powered by popular software such as Wordpress. Luckily, there are also several ways to block or filter this kind of trash from the ‘real’ content, I’ll list a couple of ones I recommend.

#1, Akismet. You might have seen this plugin in your Wordpress installation already as it comes (disabled) with Wordpress. This plugin works fairly simple but very effective; every time a comment or pingback is made to your blog, it’ll be submitted to Akismet’s servers and matched against loads of filters in order to see if it’s ‘good’ or ‘bad’. The more you use Akismet, the better it’ll become; it’s a learning filter. The pro of using this plugin is that ‘positives’ will be stored for two weeks in your database so you can review them to see whether they’re really junk or not.

#2, Bad Behavior. So far this plugin is my personal favorite; this plugin will match all visitors to a list of known ‘bad’ servers, hosts and email addresses, blocking the junk even before your page is loaded. The main advantage of this is that bad web crawlers and other automated tools will not consume your bandwidth or resources, reducing the load of your server and perhaps even speeding things up. It has one drawback though; you can’t easily see if a blocked user was really a bot or trying to do harm as there is no easy interface for that. Logs are available, but they require quite some ‘knowhow’ to understand.

#3, Rename your comments file. This might seem a little ‘easy’, but a lot of bots simply submit to this file, without actually checking if it’s the file used on your config. Brian’s Threaded Comments will allow you to do that with just entering the new name. It’s also a nice plugin to allow some more structure in your plugins – potentially increasing the amount of comments. In case you don’t want to use this plugin, simply look in your theme for the old filename and replace it with the new one, such as ‘comment.php’.

#4, Deny visits without referrer. When a person visits your page A and then decides to click a link to page B, A will show up as referrer – if it’s a “real” user. Bots however, usually change this referrer field to a website they’re promoting as a lot of websites have publicly visible referral statistics. To prevent this kind of ‘trash’ you’ll have to edit your .htaccess file and add the following lines, after replacing the URL with your own and changing the filename of your comments page if you did that already.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*shoemoney.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://whereyouwanttosendthem.com/$ [R=301,L]

#5, Disable comments on older posts. This option most likely wont have a lot of effect on spam bots, but it will prevent a lot humans that consider it nice to promote their link by spamming it on your weblog – that kind of messages often go through your spam filters. You can also do this easily, by installing the Autoshutoff plugin from the Wordpress website. There is also an alternative plugin, named Comment Timeout,  vailable which will let you pick more options, such as maximum amounts of comments or just a time limit.

If you use all of these plugins, you’ll be not spam-free, most likely. You should notice a way lot less spam though – since I’m using Bad Behavior I’ve only received a couple of spam comments a week, instead of the ‘good old’ 5+ a day. If you’ve got more nice plugins to syat safe, please let me know as I’ll be glad to add them.

Popularity: 45% [?]

This entry was added on Wednesday, March 7th, 2007 under Leftblank, The Internet. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

There are currently 23 responses to “5 Tips on securing your Wordpress blog from spam comments and pings”

Why not let us know what you think by adding your own comment? We're as interesting in your opinion is as the opinions of anyone elses, so come on... make that comment!

  1. 1 On March 8th, 2007, Zubin said:

    Seriously I don’t see the point since it’s public
    information, and people with blogs should already know
    how to secure their blog.

  2. 2 On March 8th, 2007, Leftblank said:

    Well, what isn’t public information? The internet is full of very specific information, yet a lot of people link or write about it.
    Why? Well, it’s a whole lot easier if you can find a couple of useful tips or how-to’s in one place instead of having to search yourself for a long time.

  3. 3 On March 8th, 2007, Ali said:

    It’s public information on how to make a cup of coffee, but yet some people still don’t know how to do it.

    So far Akismet has protected me from 6800 spam comments and counting. I also disable comments on my older posts once I get a spammy comment on it not before though.

    Then there are those that just comment to get someone to click on their name and visit their website.

  4. 4 On March 9th, 2007, Leftblank said:

    Sure thing Ali, I’m using Akismet myself as well, but the amount of spam coming through Bad Behavior is so small I might as well just disable it, it’s merely a comment a day or so.

  5. 5 On March 9th, 2007, Nuker.nl : Blog Archive : Few Small Updates said:

    [...] plugin disables comments on older blog posts. If you want to secure your Wordpress be sure to read Yorick’s 5 tips on securing Wordpress. Besides those anti-spam measurements I also installed a photo gallery. You can visit the Nuker.nl [...]

  6. 6 On March 14th, 2007, DennisTT.Net said:

    Using Bad Behavior To Prevent Spam…

    After reading “5 Tips on securing your Wordpress blog from spam comments and pings,” at leftblank, I decided to try out Bad Behavior (although I think the correct way of spelling it is Bad Behaviour ), a plugin for Wordpress which blocks d…

  7. 7 On April 5th, 2007, jassica said:

    I don’t see the point since it’s public
    how to secure their blog.

  8. 8 On August 21st, 2007, wordpress templates said:

    wordpress templates…

    Locating the top wordpress themes info is not easy….

  9. 9 On February 10th, 2008, Blog Creat Myspace said:

    Keen Eden Heater Infrared…

    Keen Eden Heater Infrared
    Keen Eden Heater InfraredRemember, your blog is just an extension of you and your business, so give it some personality, define some goals and make some rules for your blog. Blizzard Says Buying WoW Gold Online Violates Terms …

  10. 10 On May 31st, 2009, 5 Tips on securing your Wordpress blog from spam comments and | Outdoor Ceiling Fans said:

    [...] 5 Tips on securing your Wordpress blog from spam comments and Posted by root 4 hours ago (http://leftblank.nl) The case with a weblog powered by popular software such as wordpress i also disable comments on my older posts once i get a spammy comment on it not keen eden heater infraredremember your blog is just an extension of you Discuss  |  Bury |  News | 5 Tips on securing your Wordpress blog from spam comments and [...]

  11. 11 On May 31st, 2009, 5 Tips on securing your Wordpress blog from spam comments and | Outdoor Ceiling Fans said:

    [...] 5 Tips on securing your Wordpress blog from spam comments and Posted by root 8 hours ago (http://leftblank.nl) The case with a weblog powered by popular software such as wordpress i also disable comments on my older posts once i get a spammy comment on it not keen eden heater infraredremember your blog is just an extension of you Discuss  |  Bury |  News | 5 Tips on securing your Wordpress blog from spam comments and [...]

  12. 12 On September 22nd, 2009, Praify said:

    femcootteCed

  13. 13 On September 25th, 2009, Sell Skype Accs said:

    Привет! Хочешь повторять сообразно интернету с знакомыми?
    Тут эта мочь у тебя снедать! Посети выше сайт и посмотри тарифы! Причём постоянно пожирать 50% скидка! Не теряй шанс!!

  14. 14 On March 20th, 2010, Burton Haynes said:

    Can you show me some references to this? I want to know more information. Thanks.

  15. 15 On June 8th, 2010, ProstoHam said:

    I have been surfing online more than three hours today, yet I never found any interesting article like yours. It’s pretty worth enough for me. In my opinion, if all webmasters and bloggers made good content as you did, the internet will be much more useful than ever before.

  16. 16 On June 13th, 2010, Arboleda said:

    Читать новые посты проще, чем чем подписаться на ленту, бред, юзаю opera 10

  17. 17 On June 16th, 2010, Silknet said:

    P thanks to your ideas , iТd adore to adhere to your weblog as usually as i can.possess a good day

  18. 18 On June 17th, 2010, Damedik said:

    All men delusion, but not equally. Those who day-dream by means of night in the dusty recesses of their minds, wake in the heyday to find that it was swell-headedness: but the dreamers of the day are rickety men, because they may act on their dreams with problematic eyes, to create them possible.

  19. 19 On July 12th, 2010, astons said:

    The idea of renaming your comments file is clever, I’ll give that a go.

  20. 20 On July 22nd, 2010, ginnap said:

    Can you show me some references to this? I want to know more information. Thanks.

  21. 21 On August 25th, 2010, Jerry garcia ties said:

    Nice topic. But I don’t see the point since it’s public
    how to secure their blog. Big thanks for usefull info/

  22. 22 On August 25th, 2010, canon a40 said:

    In my opinion, if all webmasters and bloggers made good content as you did, the internet will be much more useful than ever before.

  23. 23 On August 30th, 2010, fuzzy logic rice cooker said:

    So far Akismet has protected me from 6800 spam comments and counting. I also disable comments on my older posts once I get a spammy comment on it not before though.

Leave a Reply

Or you can quickly login using your OpenID URL below.