Posts Tagged ‘spam’

Say Goodbye to WordPress Comment Spam with YAWASP

Monday, September 22nd, 2008

In How To Fight WordPress Comment and Trackback Spams, I shared several techniques that you could use to reduce the amount of comment and trackback spams that hit your blog.  Spams are not getting through on my blogs, but it’s still a pain to review for false positives among spams caught by Akismet. Fortunately, there’s a relatively new WordPress plugin that will significantly cut the amount of comment spams without placing any burden on your readers.

no spam

Image by buggolo via Flickr

YAWASP – Yet Another WordPress Anti Spam Plugin

YAWASP is spam fighting plugin for WordPress developed by Sven Kubiak and Lukas Sadzik — thank you guys.  It does the job by replacing the comment form field names every 24 hours with random values preventing spambots from adapting to the comment form. Furthermore, it adds a hidden blank field that needs to be left empty. If a spambot fills this field, the comment will not be saved.

Ever since I installed YAWASP, which works along side Akismet and Simple Trackback Validation plugins, the number of spams caught by Akismet went down from almost a hundred per day to 4-5 a day.  This makes my task of fishing out false positives a lot easier than before.

If you are interested in the plugin, you can download it from the WordPress Plugin Directory.

How To Fight WordPress Comment and Trackback Spams

Friday, May 2nd, 2008

Sooner or later, your beloved WordPress blog will be flooded with comment and trackback spams. As a blogger, there is not much you can do to stop spams from hitting your blog, but there are several things you could do to fight them back.

Akismet Screenshot

5 Levels of Spam Protection

1. Discussion Settings

A key setting in your WordPress configuration is the check box “Comment author must have a previously approved comment”. You can find this under Settings –> Discussion –> Before a comment appears. This will prevent any comment that haven’t approved before from appearing.

This is very useful at preventing hit-and-run spammers. But all the spams will be mixed in your moderation queue, so the next step is to implement Akismet.

2. Akismet

Akismet is by far the best spam fighting tool in your arsenal. It is a distributed spam fighting system where comments and trackbacks marked as spams by other bloggers are automatically marked as spams for you. These spams are placed in a separate Akismet Spam queue for you to review, so the moderation queue with legitimate comments waiting for moderation won’t be cluttered up.

There is one weakness with Akismet and it’s called “false positive“. This occurs when legitimate comments and trackbacks are marked as spams by mistake. As a blogger, you would have to “fish” these false positives out, which is like finding a needle in haystack.

Although I have never used Spam Karma 2 before, it’s another alternative to Akismet that’s worth investigating.

3. Simple Trackback Validation

Once your blog gets fairly popular, fishing false positives out of Akismet Spam queue becomes quite painful. This is where plug-in like Simple Trackback Validation comes in. The plug-in works in two ways:

(1) checking if the IP address of the trackback sender is equal to the IP address of the webserver the trackback URL is referring to and (2) by retrieving the web page located at the URL used in the trackback and checking if the page contains a link to your blog.

This plug-in automatically eliminates trackback spams that fail the above conditions, thus reducing the amount of spams in Akismet Spam queue that you have to review for false positives.

There are other plug-in in this class, and I’ll mention the two I have used before:

  • Bad Behavior — Bad Behavior works really well for what it was intended to do. However, I stopped using it because (1) it logs information to the SQL database making it bloated and consuming system resources, (2) it embeds javascript in your code which is something I don’t like.
  • WP-SpamFree — Another good plug-in that I stopped using. WP-SpamFree requires javascript to work and it causes extra load on the server (another situation that I want to avoid).

4. Deny Access by IP using .htaccess

This one requires some knowledge of .htaccess and it is not necessary unless you have a serious spamming problem. Anyone with a matching IP addresses will not be able to access your blog.

This technique is useful if you use it strategically and with the understanding that spammers have access to millions of IP addresses (they can even fake their IP addresses) — so this won’t fix everything.

Here are some good articles you can read on this technique:

5. Other Techniques

Here are some other techniques that I have used with varying degree of success.

  • Renaming wp-comment-post.php as something else — i.e., “wp-comment-stop-spam.php” However, you have to update the POST variable in the comment.php (inside your theme folders) as well, and remember to update this each time you upgrade WordPress or the theme.
  • Using CAPTCHA type validation system — There are many plug-ins that will ask the user to enter a text string to validate that he or she is really a person. In general, I don’t like this approach because it adds another level of barrier for readers that want to leave a comment.
  • Using challenge question — This is similar to CAPTCHA, but the technique ask a simple question, such as “what is 2+2?”
  • Inserting hidden fields in comment form — Several bloggers suggest adding a hidden field in the comment form and check for the value. Since spam bots don’t know about the hidden field, the spam comment wouldn’t go through. For example:
  • Forcing users to register to comment
  • Closing comment and/or trackback on older posts — i.e., using Close Old Posts plug-in.
  • Closing comment and/or trackback entirely — This is a very drastic measure and goes against the nature of blog as a communication media

I hope this post gives you some ideas on how to protect your blog against spams and make your life a little easier.

12 Essential Companion Accounts for a Successful Blog

Friday, February 1st, 2008

Aside from the standard accounts for your blog — i.e., domain name, web hosting, and WordPress — there are several companion accounts that I think are very useful. Below are 12 essential companion accounts, plus two that are worth mentioning.

For Money and Monetization

  • PayPal – This is an online payment web site that allows you to accept money and credit card for products or services that you sell. I have used PayPal to accept payments, pay other online service providers, and even accept donation for my free products.
  • Google AdSense – This is service allows you to display advertisement on your blog and you will get paid for both impression paid and click through. You can see Google AdSense ads everywhere, including the ones on this blog. This is perhaps one of the best monetization tools available for blogger today.
  • Amazon Associates – This program allows you to sell products and earn up to 10% commission. This hasn’t been a big money maker for me, but I heard some people have done really well with it.
  • Commission Junction – This program allows you to pick products and services from hundreds of advertisers. Each advertiser offers different referral plan, so you will have to read each one. Like Amazon Associates, it hasn’t been a big money maker for me, but it’s a decent option.

For Subscribers Count and Management

  • FeedBurner – Their service basically put your RSS feed on steroid. With its companion FeedBurner FeedSmith plug-in for WordPress, it allows you to accurately measure the number of subscribers. I use it to consolidate my subscribers count, accept subscribers via email, monetize my RSS feed, and show off the number of subscribers. However, there are a lot of great capabilities and I haven’t fully explored them all yet.

For Traffic and Networking

  • Stumble Upon – This is probably the best social site at the moment. I enjoy stumbling to find new and interesting sites (note: I choose the topics, so I only look at a blogging and finance sites). To get a network going, gives thumb ups to sites that you like, leave a comment, and add other people who gave thumb up to the same sites as your friend. If you have a group of friends, you can submit each other sites to stumble upon for some traffic — however, don’t over do it and only submit your best work.
  • Technorati – This is a blog search engine and tag search service. When you use tags on your blog (note: tagging is a native feature in WP 2.3.x) and ping Technorati with updates, people who uses Technorati can perform searches and easily find you blog. I occasional use Technorati to find other “on topic” blog articles to link to.

For Search Engines Optimization

  • Google Sitemap – This is part of Google Webmaster Toolkit. The program allows you to check many important aspects about how well search engine spiders (specifically Googlebot) can go through your blog and index it for searches. There are also many interesting tools within this site — e.g., report that track top search queries and top search positions for your blog.

For Statistics and Traffic Analysis

  • Google Analytics – This is a statistic tracking tool that shows many useful information such as the number of visitors from various sources, page views, search terms, most viewed page on your blog, etc. This is a good way to find out which articles your readers like, where your traffic is coming from, etc.
  • Site Meter – Another good and simple statistic and analysis package. I use this concurrently with Google Analytics. I like the hour-by-hour reporting. It’s quite addictive.
  • Crazy Egg – This tool allows you to visualize clicks on any web page on your site. It’s a great tool to help you understand users’ behavior. I use this tool to help me determine how I can move elements on my blog around to maximize usability and revenue potential.

For Spam Protection

  • – You will need to set up an account with them in order to get the WordPress API key needed from plug-ins like Akismet and Stats. And you don’t want to run your blog without Akismet, so the account is essential.


  • MyBlogLog – This is a community that allows you to connect with your readers. If you install their widget on your blog (I don’t do this due to clutter), you can see people with MyBlogLog account that visited your blog recently. A good use of MyBlogLog is to make sure you are logged in so that your avatar shows up when you visit other blogs. You can get small amount of traffic this way.
  • BlogCatalog – This site also provides similar services to MyBlogLog, but with very robust discussion forums where you can meet and network with other bloggers.

If you have other companion accounts that you use to help improve your blog performance, please share it here.