I was browsing Greatnexus Internet and Web page and came across Yoast’s Optimizing WordPress Database Performance article. This article caught my interest because I have been having issue with my VPS crashing more often than it should and was trying to figure out what’s wrong.

In the article Yoast, mentioned a new Wordpress plugin called Debug Queries and said that it’s design to help you find inefficient database queries — naturally, I was interested. I downloaded the plugin and installed it on my main blog. The result was very surprising. Debug Queries found that my home page was making 1,776 database queries per page load — yes, almost 2,000! Upon further inspection, I found the offending plugin to be Cross-Linker. After deactivation of Cross-Linker, the number of database queries dropped to 21.

This is unfortunate because I like the plugin. But fortunately, I found another linking plugin called KB Linker that works just as well, and impressively, the number of queries remained at 21.

So I just want to shout out to Joost de Valk, Frank Bültge, and Adam R. Brown.  Good job guys. Thank you for terrific blogs and plugins.

After blogging for a while, you will notice two inevitable trends.  One, other bloggers that you used to link to, or leave comment on your blog with links to their site stop blogging.  And two, some of your advertisers — specifically affiliate advertisers — stop running their program.  In both cases, when your visitors follow these links, they are either going to a dormant web site or a parked domain — both of which contributes to bad user experience.

If you follow these bloggers, or if you get a notice from your advertisers, there are a few things that you should do.  In the case of other bloggers, I don’t generally go through these steps until the blog is completely dead; specifically, I’ll keep the links as long as the site is up.  Here are the steps that I go through:

• Clean Up Your Blogroll — First, if the blogger is in my blogroll, I’ll remove the blog.  It’s also a good idea to periodically go through your blogroll to see if you are linking to any dead sites.
• Clean Up Your Posts — Second, I search my posts for the dead blog.  In WordPress admin menu, click on Posts > Edit and do a search — i.e., “deadblog.com”.   Then I go in and either remove the link noting that it’s no longer around, or completely delete any reference to that blog.
• Clean Up Your Comments — Third, I do a similar search in the comment section, and remove the dead URL from comments.

This used to be tedious, but WordPress 2.7 made this easier with “Quick Edit” function.  Now you may ask if this is worth the effort.  Personally, I think it is.  First, it shows that you care about your blog and your are keeping it current.  Second, your user are not visiting parked domain, or worse, domains that have been turned into spam sites or Made for AdSense sites.  Third, if you are concerned about SEO, it will cut down the number of unnecessary outgoing links.

One of the free tool you can use to detect dead links on your site is Xenu’s Link Sleuth (TM).

Do you go through your blog to clean up dead links?  Do you think it’s worth it?

In How To Fight WordPress Comment and Trackback Spams, I shared several techniques that you could use to reduce the amount of comment and trackback spams that hit your blog.  Spams are not getting through on my blogs, but it’s still a pain to review for false positives among spams caught by Akismet. Fortunately, there’s a relatively new WordPress plugin that will significantly cut the amount of comment spams without placing any burden on your readers.

Image by buggolo via Flickr

YAWASP – Yet Another WordPress Anti Spam Plugin

YAWASP is spam fighting plugin for WordPress developed by Sven Kubiak and Lukas Sadzik — thank you guys.  It does the job by replacing the comment form field names every 24 hours with random values preventing spambots from adapting to the comment form. Furthermore, it adds a hidden blank field that needs to be left empty. If a spambot fills this field, the comment will not be saved.

Ever since I installed YAWASP, which works along side Akismet and Simple Trackback Validation plugins, the number of spams caught by Akismet went down from almost a hundred per day to 4-5 a day.  This makes my task of fishing out false positives a lot easier than before.

If you are interested in the plugin, you can download it from the WordPress Plugin Directory.

Ever since my host upgraded my admin control panel to Plesk 8.3.0, I have been running into problem backing up large MySQL databases using PhpMyAdmin. For whatever reason, the export function will only generate 0 byte SQL backup file. Moreover, it’s becoming quite a chore to backup 9 databases spread across 7 domains — there’s a lot of clicking in Plesk and PhpMyAdmin to accomplish this. As such, I had to look for and easy way to backup large MySQL database that doesn’t require PhpMyAdmin.

Photo by Melete via Flickr

Backup MySQL Database Via SSH

So I did a little digging today and found an alternative that helps you easily backup large MySQL databases. The solution is to backup your MySQL databases through SSH. Here are the steps.

• Enable shell access inside your Plesk control panel
• Using utility such as PuTTY, log into your server via SSH
• Change to the directory where you want to save your backup files — e.g., CD wwwroot/dbbackup. If you don’t have a directory created, follow these steps:
  • FTP into your server, using software such as FileZilla Client
  • Go to your domain root directory
  • Create a folder — e.g., call it dbbackup
  • CHMOD the dbbackup folder attribute to 777
• Using mysqldump command to export the database into a file on the server. For example:

mysqldump --add-drop-table -u db_username -p db_name > mybackup.sql

About the command:

• Omit the –add-drop-table argument if you’ll want to merge this backup with an existing database upon restore
• Replace db_username with the name of your database user
• Replace db_name with the name of your database
• Replace mybackup.sql with the name of your backup file

Note: You can find your database name, user, and password information in your wp-config.php file (if you are using WordPress).

• Enter your database password when prompted

That should be it. The command executes very fast and you should be able to FTP into your web site and find the backup file in the folder you created earlier. If you have multiple databases, all you have to do is replace the database name, user, password, and backup filename information.

Today, I updated the BT Active Discussions to version 1.1.1. If you are using my plugin please update as soon as you can.

Summary of Changes

The following are changes made since the previous version:

• The SQL query is now faster – One thing I noticed about the first version is that it works slowly on my personal finance blog which only has about 3,900 comments. This is unacceptable because it wouldn’t be very functional on bigger blogs. After toiling with the query for about a week, I finally came up with the solution. If you have a lot of comments on your blog, you’ll notice the difference.
• Option to remove the credit link – The plugin automatically insert a credit link to the plugin home page at the bottom of the table. I’ve decided to make it easier for you to remove it via a variable in the plugin. However, I would really appreciate it if you can keep the link intact so that others may find and enjoy this plugin.
• Installation instruction – Thanks to Alistair of The Urban Fly Fisher, I was able a slight error with the installation instruction. Specifically, it incorrectly tell you to insert the string %%bt-active-discussion%% instead of the correct (I left out the “s”).

As always, if you found this plugin useful. Your donation to this project is greatly appreciated. Please donate via PayPal.

Over the weekend, I just created my first WordPress plugin, called BT Active Discussions. It is a recent comments plugin that displays customizable number of blog posts with recently updated comment. The output is very similar to phpBB’s View Active Topics and vBulletin’s Today’s Posts functions.

You can see a demo at Moolanomy Personal Finance Blog.

I’d appreciate any feedback you can provide below.

Sooner or later, your beloved WordPress blog will be flooded with comment and trackback spams. As a blogger, there is not much you can do to stop spams from hitting your blog, but there are several things you could do to fight them back.

5 Levels of Spam Protection

1. Discussion Settings

A key setting in your WordPress configuration is the check box “Comment author must have a previously approved comment”. You can find this under Settings –> Discussion –> Before a comment appears. This will prevent any comment that haven’t approved before from appearing.

This is very useful at preventing hit-and-run spammers. But all the spams will be mixed in your moderation queue, so the next step is to implement Akismet.

2. Akismet

Akismet is by far the best spam fighting tool in your arsenal. It is a distributed spam fighting system where comments and trackbacks marked as spams by other bloggers are automatically marked as spams for you. These spams are placed in a separate Akismet Spam queue for you to review, so the moderation queue with legitimate comments waiting for moderation won’t be cluttered up.

There is one weakness with Akismet and it’s called “false positive“. This occurs when legitimate comments and trackbacks are marked as spams by mistake. As a blogger, you would have to “fish” these false positives out, which is like finding a needle in haystack.

Although I have never used Spam Karma 2 before, it’s another alternative to Akismet that’s worth investigating.

3. Simple Trackback Validation

Once your blog gets fairly popular, fishing false positives out of Akismet Spam queue becomes quite painful. This is where plug-in like Simple Trackback Validation comes in. The plug-in works in two ways:

(1) checking if the IP address of the trackback sender is equal to the IP address of the webserver the trackback URL is referring to and (2) by retrieving the web page located at the URL used in the trackback and checking if the page contains a link to your blog.

This plug-in automatically eliminates trackback spams that fail the above conditions, thus reducing the amount of spams in Akismet Spam queue that you have to review for false positives.

There are other plug-in in this class, and I’ll mention the two I have used before:

• Bad Behavior – Bad Behavior works really well for what it was intended to do. However, I stopped using it because (1) it logs information to the SQL database making it bloated and consuming system resources, (2) it embeds javascript in your code which is something I don’t like.
• WP-SpamFree — Another good plug-in that I stopped using. WP-SpamFree requires javascript to work and it causes extra load on the server (another situation that I want to avoid).

4. Deny Access by IP using .htaccess

This one requires some knowledge of .htaccess and it is not necessary unless you have a serious spamming problem. Anyone with a matching IP addresses will not be able to access your blog.

This technique is useful if you use it strategically and with the understanding that spammers have access to millions of IP addresses (they can even fake their IP addresses) — so this won’t fix everything.

Here are some good articles you can read on this technique:

• Combating Comment Spam/Denying Access at WordPress.org
• How To Block Bots, Ban IP Addresses With .htaccess at Blamcast

5. Other Techniques

Here are some other techniques that I have used with varying degree of success.

• Renaming wp-comment-post.php as something else – i.e., “wp-comment-stop-spam.php” However, you have to update the POST variable in the comment.php (inside your theme folders) as well, and remember to update this each time you upgrade WordPress or the theme.
• Using CAPTCHA type validation system — There are many plug-ins that will ask the user to enter a text string to validate that he or she is really a person. In general, I don’t like this approach because it adds another level of barrier for readers that want to leave a comment.
• Using challenge question — This is similar to CAPTCHA, but the technique ask a simple question, such as “what is 2+2?”
• Inserting hidden fields in comment form — Several bloggers suggest adding a hidden field in the comment form and check for the value. Since spam bots don’t know about the hidden field, the spam comment wouldn’t go through. For example:
  • Using timestamps to reduce WordPress comment spam at Ardamis.com
  • Hacking WordPress: Tired of Fighting Comment Spam? at The Marketing Technology Blog
  • How We Beat Comment Spam at Rusty Lime
• Forcing users to register to comment
• Closing comment and/or trackback on older posts — i.e., using Close Old Posts plug-in.
• Closing comment and/or trackback entirely – This is a very drastic measure and goes against the nature of blog as a communication media

I hope this post gives you some ideas on how to protect your blog against spams and make your life a little easier.