Your SlideShare is downloading. ×
0
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Your Site vs. The World
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Your Site vs. The World

332

Published on

If you've got a WordPress site, you're probably getting your fair share of spam comments. Spam is on blogs is a fact of life. …

If you've got a WordPress site, you're probably getting your fair share of spam comments. Spam is on blogs is a fact of life.

This presentation will show you how to combat spam directly by getting hands on with your WordPress configuration.

The original presentation included animated GIFs, but those don't translate well to PDF. Sorry about that!

Published in: Internet, Technology
2 Comments
2 Likes
Statistics
Notes
No Downloads
Views
Total Views
332
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
3
Comments
2
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. YOUR SITE VS. THE WORLD
  • 2. HEY THERE. I'M JASON COSPER.
  • 3. I'M THE SENIOR TECHNOLOGY ADVISOR AT WP ENGINE.
  • 4. THAT MEANS I GET TO PLAY WITH WORDPRESS FOR A LIVING.
  • 5. I ALSO SPEND a lot OF TIME ANALYZING & NEUTRALIZING SECURITY THREATS.
  • 6. IF YOU ASK MY WIFE, PROBABLY TOO MUCH TIME.
  • 7. BUT IT'S REALLY FUN.TO ME, AT LEAST.
  • 8. ANYWAY.
  • 9. LET'S TALK ABOUT SPAM.
  • 10. IT'S THE WORST, RIGHT?
  • 11. Comment spam is a fact of life if you have a blog.
  • 12. THAT IS A QUOTE LIFTED DIRECTLY FROM THE CODEX.
  • 13. ONE OF THE BIGGEST REFERENCE LIBRARIES OF ALL THINGS WORDPRESS.
  • 14. YOU'D BE SURPRISED HOW FEW PEOPLE HAVE TAKEN THE TIME TO SET UP ANTI-SPAM COUNTERMEASURES.
  • 15. AS WORDPRESS CONTINUES TO TAKE ON THE ROLE OF CMS, LESS PEOPLE USE IT TO BLOG.
  • 16. BUT THAT DOESN'T REMOVE THE BLOG FUNCTIONALITY. IT'S STILL THERE.AND SPAMMERS ARE ITCHING TO HIT IT.
  • 17. THERE'S VERY LITTLE BUILT INTO WORDPRESS TO BATTLE SPAM.
  • 18. THAT'S NOT A BAD THING. THE LESS CRUFT IN CORE, THE BETTER.
  • 19. FORTUNATELY, YOU CAN GAIN A LOT OF GROUND WITH A FEW SIMPLE CONFIG TWEAKS.
  • 20. BUT FIRST,LET ME ASK YOU A QUESTION.
  • 21. ARE COMMENTS EVEN WORTH IT?
  • 22. OF COURSE!IF YOU HAVE A TRADITIONAL BLOG OR COMMUNITY SITE, THAT IS.
  • 23. HOW CAN YOU BATTLE SPAM WITH A STOCK INSTALL?
  • 24. DISCUSSION SETTINGS!
  • 25. FIRST:Pingbacks & Trackbacks
  • 26. TRACKBACKS WERE CREATED almost 12 years ago TO PROMOTE CONVERSATIONS BETWEEN WEBSITES.
  • 27. IT WAS A NICE WAY TO SAY "Your post inspired me to write one of my own. Here's the URL."
  • 28. BUT THERE WAS NO VERIFICATION.
  • 29. YOU KNOW WHO LOVES THINGS THAT DON'T REQUIRE VERIFICATION?
  • 30. SPAMMERS.
  • 31. PINGBACKS ADDED A VERIFICATION PROCESS TO COMBAT THIS. BUT THAT DOESN'T MEAN THAT PINGBACKS CAN'T BE SPOOFED.
  • 32. IF I HAD A NICKEL FOR EVERY SPOOFED PINGBACK I'VE RECEIVED I COULD AFFORD A BETTER IDIOM.
  • 33. THIS MIGHT BE A CONTROVERSIAL OPINION BUT...
  • 34. Pingbacks & Trackbacks are bullshit.
  • 35. THAT'S WHY I DISABLE THEM.
  • 36. 1. UNCHECK "ALLOW LINK NOTIFICATIONS FROM OTHER BLOGS".
  • 37. 2. DROP THIS CODE INTO YOUR MYSQL CLIENT OF CHOICE. UPDATE wp_posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'post'; UPDATE wp_posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'page';
  • 38. SECOND:Other comment settings
  • 39. THE WORDPRESS DEFAULT IS TO CLOSE COMMENTS ON POSTS AFTER 14 DAYS. BUT THAT CAN BE LIMITING.
  • 40. MAYBE THAT'S WHY THAT SETTING NEEDS TO BE ENABLED MANUALLY.
  • 41. I FIND 30 DAYS TO BE A HAPPY MEDIUM.
  • 42. YOU DON'T have to ENABLE THIS IF YOU HAVE OLDER POSTS WITH ACTIVE CONVERSATIONS.
  • 43. BUT IT HELPS.
  • 44. THIRD:Comment Blacklist
  • 45. THIS IS the MOST OVERLOOKED SPAM FIGHTING TOOL IN WORDPRESS.
  • 46. PROBABLY BECAUSE CREATING & MANAGING A BLACKLIST CAN BE TIME CONSUMING.
  • 47. WHAT IF I TOLD YOU THERE WAS A SHORTCUT?
  • 48. THAT'S WHERE THE WORDPRESS COMMENT BLACKLIST COMES IN. HTTP://COSPER.ME/COMMENT-BLACKLIST
  • 49. 119KB OF BEAUTY.AND IT KEEPS GETTING BIGGER & BETTER.
  • 50. IT BLOCKS... 1. Spam keywords 2. Spam URLs 3. URL shorteners 4. Non-English comments
  • 51. ALL YOU HAVE TO DO IS COPY & PASTE IT.
  • 52. IF WORDPRESS FINDS A MATCH, THE COMMENT GOES TO SPAM.
  • 53. THESE KEYWORDS PROCESS before AKISMET. THAT MEANS LESS EXTERNAL API CALLS.
  • 54. AND YOU CAN CUSTOMIZE IT TO YOUR HEART'S CONTENT!
  • 55. NEED TO ALLOW A URL SHORTENER? REMOVE IT FROM THE BLACKLIST!
  • 56. CONVERSE IN THAI? GET RID OF THOSE CHARACTERS!
  • 57. I'VE SEEN FOLKS HAVE A SIGNIFICANT DROP-OFF IN SPAM USING JUST THIS BLACKLIST.
  • 58. BUT YOU SHOULD STILL USE AKISMET.
  • 59. WHY AKISMET?DOESN'T IT, YOU KNOW, COST MONEY?
  • 60. IF YOU'VE EVER DEALT WITH A SPAM RUN, YOU KNOW HOW crazy town banana pants IT CAN BE.
  • 61. IS YOUR SANITY WORTH $5 A MONTH?
  • 62. MINE'S WORTH A LOT MORE THAN THAT. YOURS SHOULD BE TOO.
  • 63. AKISMET'S TRUE POWER LIES IN THE NUMBER OF SITES IT'S ACTIVE ON.
  • 64. THE MORE PEOPLE RUNNING AKISMET THE MORE SPAM IT SEES.
  • 65. THE MORE SPAM AKISMET SEES THE BETTER IT GETS.
  • 66. AKISMET 3.0 MADE SETUP stupid EASY.
  • 67. JUST ACTIVATE THE PLUGIN. IT'S INSTALLED BY DEFAULT WITH WORDPRESS.
  • 68. THEN, GET AN API KEY FOR YOUR SITE.
  • 69. ONCE AKISMET HAS AN API KEY...
  • 70. SET IT UP TO DISCARD THE VERY WORST SPAM.
  • 71. AKISMET HANDLES SPAM SUBMITTED THROUGH... 1. Comment forms 2. Contact forms 3. BuddyPress 4. bbPress
  • 72. THAT'S COOL AND ALLBUT WHAT ABOUT SPAM USER REGISTRATIONS?
  • 73. IF YOU RUN AN OPEN MULTISITE, BUDDYPRESS OR BBPRESS SITE SPAM USER REGISTRATIONS ARE PROBABLY THE BANE OF YOUR EXISTENCE.
  • 74. THERE ARE A COUPLE great PLUGINS THAT FILTER SPAM USER REGISTRATIONS... ▸ WangGuard ▸ Anti-Splog
  • 75. BUT THERE'S ONE THAT I LIKE MORE.
  • 76. AVH FIRST DEFENSE AGAINST SPAM! THAT NAME IS KIND OF A MOUTHFUL, I KNOW.
  • 77. AVH DEPENDS ON WIDELY USED, TOTALLY FREE ANTI-SPAM BLACKLISTS. ▸ Stop Forum Spam ▸ Project Honey Pot ▸ Spamhaus
  • 78. THESE BLACKLISTS ARE NORMALLY LEVERAGED BY FORUM & EMAIL ADMINISTRATORS.
  • 79. MOST SPAM COMES FROM THE SAME PLACE.NO OFFENSE, CHINA.
  • 80. AVH ALSO HAS THE ADDED BENEFIT OF TOTALLY BLOCKING TRAFFIC FROM BLACKLISTED IP ADDRESSES. GTFO, SPAMMERS.
  • 81. HEADS UP!HOSTS THAT CACHE heavily DON'T PLAY NICELY WITH AVH. A NUMBER OF MANAGED HOSTS LEVERAGE SOME OF THESE BLACKLISTS AT THE SERVER LEVEL.
  • 82. TO GET THIS WORKINGYOU HAVE TO REGISTER FOR API KEYS FOR TWO OF THE THREE SERVICES.
  • 83. REGISTER FOR STOP FORUM SPAM AT HTTP://COSPER.ME/SFS-SIGNUP
  • 84. REGISTER FOR PROJECT HONEY POT AT HTTP://COSPER.ME/PHP-SIGNUP
  • 85. ALL OF THE DEFAULT THRESHOLDS IN AVH ARE FINE. JUST MAKE SURE TO ENABLE ALL 3 SERVICES IN 3RD PARTY OPTIONS.
  • 86. DON'T FORGET TO ENABLE THE COMMENT NONCE! YOU CAN FIND THIS IN AVH'S GENERAL OPTIONS.
  • 87. WHY REQUIRE A NONCE?
  • 88. A NONCE IS LIKE A KEY. IF YOU DON'T HAVE ONE, YOU CAN'T GET IN. OR, IN THIS STRAINED METAPHOR, SUBMIT A COMMENT.
  • 89. THIS MEANS BOTS HITTING WP-COMMENTS-POST.PHP DIRECTLY WILL GET FLAGGED AS SPAM.
  • 90. HONESTLY, NOBODY REALLY needs TO HIT WP-COMMENTS-POST.PHP DIRECTLY.
  • 91. OKAY. ENOUGH ABOUT SPAM. WHAT IF AVH DOESN'T WORK ON YOUR HOST?
  • 92. LOOK INTO A HOSTED WAF!(WEB APPLICATION FIREWALL)
  • 93. JUST LIKE MANAGED HOSTS FOCUS ON JUST WORDPRESS. HOSTED WAF PRODUCTS CONCENTRATE ON MITIGATING RISKS AND DOS PROTECTION.
  • 94. THE MOST FAMOUS HOSTED WAF SOLUTION IS CLOUDFLARE. BUT BOTH SUCURI CLOUDPROXY AND INCAPSULA ARE JUST AS GOOD. AND A BIT MORE FOCUSED ON SECURITY RATHER THAN SPEED.
  • 95. SPOILER ALERT!ALL OF THESE COMPANIES CHARGE FOR WAF SERVICE.
  • 96. THEY'RE totally WORTH IT THOUGH. SO FIND THE ONE THAT'S RIGHT FOR YOU AND PAY FOR IT!
  • 97. YOU'LL SEE LESS SPAM, LESS FAKE REGISTRATIONS, LESS LOGIN ATTEMPTS.
  • 98. SPEAKING OF LOGIN ATTEMPTS...
  • 99. YOU SHOULD DEFINITELY INSTALL LIMIT LOGIN ATTEMPTS HTTP://COSPER.ME/LLA-PLUGIN
  • 100. A LOT OF HOSTS ARE ADDING IT TO THEIR INSTALLS BY DEFAULT. WP ENGINE DOES!
  • 101. THE DEFAULT SETTINGS ARE okay BUT I PREFER TO salt the earth INSTEAD.
  • 102. OKAY.I THINK THAT'S MY TIME.
  • 103. QUESTIONS?

×