I have recently changed website development platforms from Adobe’s Dreamweaver to WordPress. I did not appreciate Adobe’s decision to charge me per month for their development software, so I went to a different development environment and I really enjoy learning how to customize WordPress for code 3:20, LLC customers. However, one of the terrible things about the fact that approximately 20% of the world’s websites are developed with WordPress is that these sites have become a major target of hackers and comment spammers. One must be vigilant with the security of these sites by continual updates of themes and plugins to keep security vulnerabilities as low as possible, but that’s another blog post. This post is about comment spam.
Why do humans and automated bots spam your posts? The reason mainly traces its roots to Google. Google developed a search-engine technique called PageRank. In addition to page content, PageRank took into account site links to the page and what those links say. This technique meant Google was very good at returning relevant search results. Because their ranking system relies so heavily on PageRank, unscrupulous people use a technique called “Google Bombing” whereby they post comments that link to their site for which they want higher rankings within search results. Therefore, they spam thousands of blogs across the globe. The question becomes how do you stop the spam?
I use a combination of techniques/plugins on my sites. The first plugin I use for comment spam is Antispam Bee. This plugin has become invaluable at stopping spam comments; however, you may receive a false positive now and again meaning that a legitimate comment gets marked as spam. These can be approved by the site administrator and Antispam Bee will let comments from these users get through in the future. My settings are such that I stop the major spam countries from submitting comments. I’ve found over several months of monitoring that China is a major offender, so through the Antispam Bee settings, I’ve blocked the entire country from commenting. None of my customers have business with anyone in China. If you do, then you will need to take other measures. I highly recommend this plugin.
Another plugin that I use is iQ Country Block. You will need to be careful with this plugin because if you don’t have your settings correct, you can lock yourself out of the administration section of your own site. iQ Country Block has settings for the frontend and backend of your website. The backend settings are for the administration section of your WP site. If you set blocking up for the backend and don’t remove your own country from the list, you will have to go through a few steps or even get your host to help to get back into the backend of your site. I have begun to use this plugin to block offending countries from accessing the frontend and the backend. There are also settings to block anonymous proxies too, which is a nice feature. Now, I’m getting much fewer email messages from Antispam Bee stating that there is a new spam comment against my blog posts. That makes me 🙂
Finally for comment spam, I use Wordfence. Wordfence is a wonderful plugin that provides many different functions for a WP site. But, staying in context, when I receive a comment that is spam from a trusted country, I use the “Blocked IPs” function to manually block the spam offender’s IP address. Can the spammers change their IP? Of course they can, but I make it as difficult for them as possible. Wordfence is an invaluable tool for my sites, not only for spam, but for many other security features.
Since I’ve implemented these measures, my comment spam has been contained for now. If the bad guys get more sophisticated, then we will need to evolve our countermeasures too. Stay safe, my friends!
UPDATE: I also added the “Conditional CAPTCHA” plugin to stop spambots. I was getting waxed by them on may different sites.