Minimizing Hacks and Spams on Your WordPress Blog

As long as there’s money to be had by gaining exposure on the web, we’ll have to suffer with the less than reputable out there trying to game the system by filling up your blog with lame comments and links to their crappy porn, drug or adult dating web sites. You can minimize the impact of these n’er do wells, however by implementing several plugins and taking certain actions in response to their attempts.


The first and most well known method of fighting comment spam is Akismet. If you haven’t enabled Akismet on your blog, do it now. At the time this post was being written, Akismet claimed to have blocked, or prevented over 21 Billion Comment Spams. Akismet works by making a call to their database to compare the attributes of a comment prior to committing it to your blog. They compare the content of the comment, the address of the commenter and hundreds of other factors with that of previously flagged comment spam or spammers. If they find a match, they move the comment out of sight into the spam category.

But let’s say you want to get even more aggressive. After all, even if the spam is flagged and moved, it’s still consuming bandwidth and space. There are some other tools we can implement to fight back and further minimize the impact of spammers. WP-Ban is a plugin that gives you the ability to completely block and even present certain visitors with a customized message. The default installation of WP-Ban allows you to present a message stating “You’ve been blocked.” to any specific user – but I would recommend against using a message… I recommend simply blocking these users with a blank page.

WP-Ban works by comparing the IP Address of incoming users against a list of IP’s that you maintain from the administration panel. The way I use this is by regularly reviewing the Comments->Spam category. When Akismet flags comments as spam, it places them in this category along with the IP Address of the spammer. You can review these, copying the IP Address and then entering that into the WP-Ban list of blocked IP addresses.

It would be nice if Akismet built this feature into their plugin – using it in conjunction with WP-Ban works quite nicely.

One note of caution regarding WP-Ban. Due to the nature of IP Addresses and the fact that they change from time to time, you should probably delete your list of blocked IP Addresses periodically to avoid inadvertently blocking someone that shouldn’t be blocked.

One final suggestion for reducing comment spam on your blog is to implement a CAPTCHA system such as reCAPTCHA. A CAPTCHA is a program that can tell whether its user is a human or a computer. You’ve probably seen them — colorful images with distorted text at the bottom of Web registration forms. CAPTCHAs are used by many websites to prevent abuse from “bots,” or automated programs usually written to generate spam. No computer program can read distorted text as well as humans can, so bots cannot navigate sites protected by CAPTCHAs.

reCAPTCHA is an interesting implementation of the CAPTCHA system. Each and every day humans solve CAPTCHA’s by translating the distorted words or letters. reCAPTCHA asks the question, “What if we could harness the power of this translation for good?” While the world is in the process of digitizing books, sometimes certain words cannot be read. reCAPTCHA uses a combination of these words, further distorts them, and then constructs a CAPTCHA image. After a ceratin percentage of users solve the ‘uknown’ word the same way it is assumed that it is the correct spelling of the word. This helps digitize books, giving users a reason to solve reCAPTCHA forms. Because the industry level scanners and OCR software which are used to digitize the books can’t read the words with which the CAPTCHAs are constructed, it is safe to assume that in-house spam-bot OCR techniques will not be able to bypass the CAPTCHA either.

WP-reCAPTCHA makes implementing the reCAPTCHA system on your WordPress blog painlessly simple. Simply download and install the plugin, obtain a public and private API key from reCAPTCHA and load the key into the plugin’s configuration panel. reCAPTCHA will automatically insert a CAPTCHA box above the submit button of your comment form. Users will need to translate the reCAPTCHA prior to submitting a comment.

This plugin also offers the ability to protect email addresses that appear in comments and posts on your blog – further protecting against unsolicited email and email address harvesters.

One last recommendation is a plugin I absolutely love. WassUp is a WordPress plugin to track your visitors in real time. It has a very readable and fancy admin console to keep tracks of your blog’s users visits.

It has a “current visitors online” view and a more detailed “visitors details” view where you can know almost everything your users are doing on your blog, it’s very useful for SEO or statistics maniacs. It comes with a “Spy” view in Ajax like the Digg Spy.

The aim of WassUp is the knowledge of what your visitors do when they surf your blog.

With WassUp you’ll get a cronology of your blog’s visits with a lot of details for each single user session. An additional feature provided by Wassup is that when a user attempts to submit a comment that is recognized as SPAM, it flags the visit in red. You can then, copy the IP Address of the spammer and add it to your WP-Ban lust of blocked IP’s.

Taking these simple precautions can save you hours of work removing unsolicited comments. So in review, here are the plugins I’m recommending:

Happy Blogging!

One Comment

Leave a Reply to Gerrys Blog » Blog Archive » How Do I Find Out Who Owns An Email Address – Here Is How To Do It From Home With Ease Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s