The hot topic of the past few years certainly has been Social Networking and the Web 2.0! So, you started a blog on your own domain, have spent a lot of time writing relevant quality content, performing SEO, integrating into social networks to distribute your news. Now, your site is starting to get decent exposure from Search Engines and Social Networks, traffic is building up and so is spam. This damn spam. After being spammed for years through email, now you also get it on your blog. Of course, spammers have identified this new source. It offers basically the same potential as email (and actually an even better potential), so they want to be there as well. There is spam whose purpose is SEO (improve backlinks), some others are about phishing, identity theft, or malware. Spammers are using two methods of spamming:
Comment Spam
End-users, or most likely bots or auto-submission software, will comment on existing articles with spammy content. You have two solutions here:
- Disable the ability to post comments
This will of course solve the problem, and unfortunately, many blog owners will take that route because it is, after all, the most effective solution. On the other end, it totally goes against what Social Networking and Web 2.0’ing is all about: visitor feedback/content and building 2-way communities.
… or …
- Install a Comment Antispam module
The other solution is to install a Comment Antispam module. For WordPress, there are three main modules: Spam Karma 2 (no longer maintained by its original author), Bad Behavior or Akismet. Having used it for years now, I would highly recommend Akismet. It is also very easy to install:- Download the ZIP archive from the WordPress Akismet Plugin page
- Extract the ZIP archive to your \wp-content\plugins\ folder on your blog web site (so that all files are in \wp-content\plugin\akismet\
- Generate your own API key on Akismet web site
- Enable the Akismet plugin (Administration menu -> Plugin -> Plugin)
- Configure the Akismet plugin (Administration menu -> Plugin -> Akismet Configuration) and enter the API key you generated earlier
- Click the Save buttom below the API key
- That’s it! You will then be able to manage your comments, including Spam, in the Comments menu of the Administration section.
Registration Spam
A newer type of spam is the Registration Spam. It started about a year or two ago and has grown in popularity over the last 6 months most likely due to the effectiveness of Comment Antispam measures discussed above. The purpose of a registration spam is to create a User Account on as many blogs as possible. In the profile section of their user account, they can fill in one or more fields (the usual First & Last Name, City, Web Site URL, Twitter, Chat coordinates, Job Title, etc.) to include all the links and text they wish to. Many registration spammers are actually originating from poor ethics SEO campaigns (an attempt to increase backlinks to web site that may contain malware, or regular products for sale often the same types found in traditional email spam: Viagra and other pharmaceuticals). The good news is, there are solutions:
- Disable the registration process
Nobody will be able to create accounts besides yourself. As with the comment spam, this goes against the objectives of Social Networking and Web 2.0 so let us explore other avenues right away.
… or …
- Require double email verification (double opt-in style)
Not only will the new user be required to enter a valid email but it will also be sent an email by WordPress. This email will contain a link that the new user will have to click in order to validate his email address. Unfortunately, modern automated account registration softwares are able to validate these by themselves so this renders this solution pointless if used by itself. Additionally, this kind of protection only verifies that the new user has a valid email address, not that he or she is a spammer or not.
… or …
- Install a Registration Antispam module
The final solution is to install a Registration Antispam module (similar to the Comment Antispam module discussed above, for Registrations). My recommendations is the SABRE WordPress Plugin. SABRE stands for Simple Anti Bot Registration Engine and offers a variety of methods: DNSBL (checks the IP of the new user versus a database of known Spammers’ IP), CAPTCHA(those little diagrams, Mathematics (you are asked to answer what the result of 5+6*8 for example) or Text (enter the nth letter of the xth word of a given phrase). Very effective and versatile, it is also easy to install:- Download the ZIP archive from the WordPress SABRE Plugin page
- Extract the ZIP archive to your \wp-content\plugins\ folder on your blog web site (so that all files are in \wp-content\plugin\sabre\
- Enable the SABRE plugin (Administration menu -> Plugin -> Plugin)
- Configure the SABRE plugin (Administration menu -> Manage -> Sabre) and enable these:
- CAPTCHA Options: Enable CAPTCHA, leave other options as default
- Math Options: Leave disabled
- Text Options: Leave disabled
- Sequence Options: Execute all tests
- Stealth Options: Enable the DNSBL test (this will allow the system to see if the new user’s IP matches own of public databases of spammers’ IP)
- Click Save at the bottom
- You’re done. Your system is now protected against Registration Spam!
You can now go back to creating interesting content for your readers and followers, and stop wasting hours each day deleting spammers accounts and comments ! Happy blogging !
Resources
- Bad Behavior Plugin for WordPress: http://wordpress.org/extend/plugins/bad-behavior/
- Akismet Plugin for WordPress: http://wordpress.org/extend/plugins/akismet/
- SABRE Plugin for WordPress: http://wordpress.org/extend/plugins/sabre/
You can install the plugins directly from the WordPress admin panel, no need to download/unzip/FTP these days (unless your host is really crappy).