SlideShare a Scribd company logo
1 of 34
Download to read offline
1
Beating Spam On Your WordPress SiteBeating Spam On Your WordPress Site
Vladimir Lasky
http://wpexpert.com.au/
WordCamp Melbourne 2013
2
What is Spam?What is Spam?
 Unsolicited and often untargeted electronic
communication
 Persistent phenomena due to the extremely low
marginal cost of sending it over the Internet
 Even a minuscule response rate from targets
makes it profitable
3
What Do Spammers Want?What Do Spammers Want?
 To get recipients of spam emails to purchase
products and services. Common examples:
– “Get Rich Quick” schemes
– Products to enhance reproductive organs or
reproduction process
– Weight loss
 To take advantage of the ranking/popularity of
your site to promote theirs
– If your site gets many visitors and/or ranks highly in
search engines, they will receive a portion of your
traffic
4
Why is Spam Evil?Why is Spam Evil?
 A parasitic phenomenon
 Wastes owners time in dealing with emails and
moderating comments
 comments and discussion boards less useful to
website visitors
 Search Engines lower the rank of websites that
link to spamblogs and low quality sites
 Increases load on web servers and eats through
data transfer and storage quotas
5
Types of SpamTypes of Spam
 Types of spam that WordPress site
owners often encounter include:
– WordPress Comment spam
– Trackback spam
– Contact form spam
– Email spam
6
Comment Spam ExampleComment Spam Example
7
Trackback Spam ExampleTrackback Spam Example
8
100% Surefire Plan To Prevent Website Spam100% Surefire Plan To Prevent Website Spam
1. Don’t publish your email address
2. Don’t have a contact form on your website
3. Don’t let visitors comment on posts
4. Disable trackbacks/pingbacks
9
Our More Practical Spam Reduction PlanOur More Practical Spam Reduction Plan
 Promoting visitor engagement by making it
easy to communicate, comment or provide
feedback
 Preventing and Detecting attempts to leave
spam to the best of our ability using free
automated tools wherever possible
10
Know Your EnemyKnow Your Enemy
 Spambots
– Automated computer programs running on
servers that trawl the internet and post spam
– The vast bulk of today’s spam
 Human Spammers
– People who manually post spam, often are paid to
do this
11
Spambots (Machine-Generated Spam)Spambots (Machine-Generated Spam)
 Strengths
– Very fast, can bombard lots of websites in a given
period of time
 Weaknesses
– Only can do what they are programmed to do
– Can only adapt to countermeasures by being
reprogrammed
12
Human Spammers (Human-Generated Spam)Human Spammers (Human-Generated Spam)
 Strengths
– Humans can adapt and work around many anti-spam
measures
 Weaknesses
– Slow – usually must visit websites in a browser
– Expensive for spammers to employ humans
– People employed to spam often have a limited education
and can be tricked using intellectual means
13
Email SpamEmail Spam
 Problem:
– Email harvesting robots trawl the net scanning websites for
email addresses, which are then sent spam emails
 Common Mitigation:
– Not publishing email address, relying on contact form
 Side Effects:
– Not having a visible email address on your website lowers
response rates
14
Comment Form SpamComment Form Spam
 Problem:
– Spammers leave comments on posts
 Common Mitigation:
1. Not have comments
2. Require comments to be approved before publication
3. Use a CAPTCHA
 Side Effects:
1. No participation
2. Reduces participation
3. Moderation time
15
What is a CAPTCHA?What is a CAPTCHA?
 A test designed to distinguish between a human visitor
and a bot (computer program).
– E.g. Asking the user to type a distorted randomly picked phrase
contained within an image, difficult for a computer to extract
 When used on a web page, normally placed at the
bottom of a form, before the submit button.
16
Should You Use CAPTCHAs?Should You Use CAPTCHAs?
 No longer recommend
 Legitimate visitors often find image-based
CAPTCHAs hard to read and annoying
 Increase hesitation and site abandonment
 These types are less annoying:
– Math CAPTCHAs
– Classification CAPTCHAs
17
Pingback/Trackback SpamPingback/Trackback Spam
 Pingbacks/Trackbacks are sent to your blog by others that have
linked to one of your posts. These are listed in the comments and
contain the URL of the referring site.
 Problem:
– You may receive trackbacks from spam blogs, or even fake
trackbacks that point to an arbitrary website
 Common Mitigation:
– Disable Pingbacks/Trackbacks
 Side Effects:
– Reduces SEO from legitimate sites
– Lose information about readership of your posts
18
List of Free Anti-Spam WordPress PluginsList of Free Anti-Spam WordPress Plugins
1. Cookies for Comments
2. Bad Behavior
3. Jetpack Comments (part of Jetpack)
4. Simple Trackback Validation with Topsy Blocker
5. Minimum Comment Length
6. Email Address Encoder
19
What About the Akismet Plugin?What About the Akismet Plugin?
 Good, but only free for non-commercial sites
20
Plugin: Cookies for CommentsPlugin: Cookies for Comments
 Action:
– Reduces comment spam
 Mechanism:
1. Each visitor to your site will be issued with a tracking
cookie
2. If they try to leave a comment without having the cookie, it
will be blocked. Most spambots do not accept cookies
3. Option setting: If an attempt is made to leave a comment
without having spent some time on your site, it will be
blocked
21
Plugin: Bad Behavior - IPlugin: Bad Behavior - I
 Action:
– Reduces all types of spam
 Mechanism (in standalone mode):
– Uses various indicators (e.g. User agent, HTTP headers, contents
of URL) to identify requests from clients that are known to be or
likely to be spambots
– These visitors will receive a 403 Forbidden error message and
won’t be able to see your site
 Limitations
– Plugin may not be aware of newly created spambots and could
inadvertently block legitimate search engines on occasion
– Updates should address these issues
22
Plugin: Bad Behavior - IIPlugin: Bad Behavior - II
 Mechanism (combined with Project Honey Pot):
1. Project Honey Pot operates a network of websites designed to attract
spammers, in order to record their IP addresses
2. WordPress owner obtains a free http:BL key from Project Honeypot and
configures Bad Behavior to use it
3. Every website visitor will be checked against Project Honey Pot’s
database to see if significant amount of spam has been detected from
their IP
4. If so, Bad Behavior will block them
 Limitations:
– Small overhead when checking Honey Pot database
– Spammer must have already spammed the Honey Pot websites
23
Plugin: Jetpack Comments - IPlugin: Jetpack Comments - I
 Action
– Indirectly reduces comment spam from spambots
 Mechanism
– Replaces your existing comment form with one hosted on
WordPress.com, embedded within HTML iframe
– Most spambots will not find a comment form on your site
24
Plugin: Jetpack Comments - IIPlugin: Jetpack Comments - II
 Limitations
– Requires a modern theme that calls the comment_form() function
(introduced in WordPress 3.0)
– Incompatible themes require modification by a PHP developer
– Will change the look of your comment form
 Configuration Note
– If using this together with the Bad Behaviour plugin, enable the
Bad Behavior setting:
• Security->Allow form postings from other web sites
25
Plugin: Minimum Comment LengthPlugin: Minimum Comment Length
 Action
– Indirectly reduces comment spam
 Mechanism
– Rejects comments that are shorter than a specified minimum
length, e.g. 15 characters
– Many spambots/spammers leave a token comment with a URL of
their website
 Limitations
– Antispam benefit is small, but also discourages humans from
leaving useless comments like “Great Post!” or “I agree”
26
Plugin: Simple Trackback Validation w/Topsy BlockerPlugin: Simple Trackback Validation w/Topsy Blocker
 Action
– Reduces Trackback Spam
 Mechanism
– Confirms that the IP address of trackback sender matches
the IP address of the site the trackback URL points to
– Accesses the trackback URL and confirms that the content
contains a link to your post
 Limitations
– Some trackback spam will still pass both those tests
27
Plugin: Email Address EncoderPlugin: Email Address Encoder
 Action
– Reduces Email Spam
 Mechanism
– Encodes email addresses in your WordPress site content
and widgets and into decimal and hexadecimal HTML
entities, foiling the majority of email harvesting spambots
 Limitation
– It is possible for a spambot to be developed that can deal
with this sort of encoding
28
Other Spam Reduction TipsOther Spam Reduction Tips
29
Disable User RegistrationsDisable User Registrations
 Only authors or members should have accounts on
your site.
 In WordPress admin, uncheck the following:
– Settings->General->Anyone can register
30
Authenticate CommentersAuthenticate Commenters
 Jetpack Comments and other plugins allow commenters to
authenticate using their facebook, twitter and other social
sharing accounts without requiring an account on your
WordPress site
31
Comment Moderation TipsComment Moderation Tips
 Recommend approving comments before they’re
published (if you have the time)
 If you have a crowd of regular fans/commenters,
enabling the following will save you time:
– In Settings->Discussion Settings->Before a Comment
appears, check the box “Comment author must have a
previously approved comment”
32
To Disable Pingbacks & TrackbacksTo Disable Pingbacks & Trackbacks
 In Settings->Discussion->Default article settings,
unselect the following:
– Allow link notifications from other blogs (pingbacks and
trackbacks)
33
Dealing with Human Email/Contact SpamDealing with Human Email/Contact Spam
 Most common human-generated spam is for Search
Engine Optimisation services.
 If these are a problem, try the following:
– Publish an email address for SEO and Ranking enquiries
– Have an “SEO/Ranking” department on contact forms
 This may help separate those enquiries from all
others
34
ConclusionConclusion
 Project Honey Pot:
– http://www.projecthoneypot.org/
– Provides http:BL key to use with Bad Behaviour plugin
– You can also contribute by joining their network of honey pots
 Questions and Comments:
– http://wpexpert.com.au/contact-us/

More Related Content

What's hot

Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertComplete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertChetan Soni
 
Word press security 101
Word press security 101  Word press security 101
Word press security 101 Kojac801
 
Wamp & LAMP - Installation and Configuration
Wamp & LAMP - Installation and ConfigurationWamp & LAMP - Installation and Configuration
Wamp & LAMP - Installation and ConfigurationChetan Soni
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013Brad Williams
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressChelsea O'Brien
 
Reducing Server Resources: Improve Costs, SEO, Conversions & UX
Reducing Server Resources: Improve Costs, SEO, Conversions & UXReducing Server Resources: Improve Costs, SEO, Conversions & UX
Reducing Server Resources: Improve Costs, SEO, Conversions & UXMichael Jones
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITEAcodez IT Solutions
 
Your WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedYour WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedAngela Bowman
 
Your WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you checkYour WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you checkAngela Bowman
 
Locking Down Your WordPress Site
Locking Down Your WordPress SiteLocking Down Your WordPress Site
Locking Down Your WordPress SiteFrank Corso
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
WordPress Security: Defend yourself against digital invaders
WordPress Security:Defend yourself against digital invadersWordPress Security:Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersVladimír Smitka
 
Really Awesome WordPress Plugins You Should Know About
Really Awesome WordPress Plugins You Should Know AboutReally Awesome WordPress Plugins You Should Know About
Really Awesome WordPress Plugins You Should Know AboutAngela Bowman
 
Basics for Securing WordPress
Basics for Securing WordPressBasics for Securing WordPress
Basics for Securing WordPressmiss604
 
WordPress Security Tips
WordPress Security TipsWordPress Security Tips
WordPress Security TipsCatch Themes
 
Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09heikowebers
 
The Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress SecurityThe Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress SecurityAidanChard
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009Brad Williams
 

What's hot (20)

Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertComplete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
 
Word press security 101
Word press security 101  Word press security 101
Word press security 101
 
Wamp & LAMP - Installation and Configuration
Wamp & LAMP - Installation and ConfigurationWamp & LAMP - Installation and Configuration
Wamp & LAMP - Installation and Configuration
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your Wordpress
 
Reducing Server Resources: Improve Costs, SEO, Conversions & UX
Reducing Server Resources: Improve Costs, SEO, Conversions & UXReducing Server Resources: Improve Costs, SEO, Conversions & UX
Reducing Server Resources: Improve Costs, SEO, Conversions & UX
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
 
Your WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedYour WordPress Website Is/Not Hacked
Your WordPress Website Is/Not Hacked
 
Your WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you checkYour WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you check
 
Locking Down Your WordPress Site
Locking Down Your WordPress SiteLocking Down Your WordPress Site
Locking Down Your WordPress Site
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
 
WordPress Security: Defend yourself against digital invaders
WordPress Security:Defend yourself against digital invadersWordPress Security:Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invaders
 
Really Awesome WordPress Plugins You Should Know About
Really Awesome WordPress Plugins You Should Know AboutReally Awesome WordPress Plugins You Should Know About
Really Awesome WordPress Plugins You Should Know About
 
Locking down word press
Locking down word pressLocking down word press
Locking down word press
 
Basics for Securing WordPress
Basics for Securing WordPressBasics for Securing WordPress
Basics for Securing WordPress
 
WordPress Security Tips
WordPress Security TipsWordPress Security Tips
WordPress Security Tips
 
Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09
 
The Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress SecurityThe Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress Security
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009
 

Viewers also liked

ThoughtWorks University - the evolution
ThoughtWorks University - the evolutionThoughtWorks University - the evolution
ThoughtWorks University - the evolutionSumeet Moghe
 
Barcode Use in Fairs 04-10-2012
Barcode Use in Fairs 04-10-2012Barcode Use in Fairs 04-10-2012
Barcode Use in Fairs 04-10-2012sbasgall
 
M-Libraries: Information Use on the Move
M-Libraries: Information Use on the MoveM-Libraries: Information Use on the Move
M-Libraries: Information Use on the MoveKeren Mills
 
โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...
โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...
โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...Satapon Yosakonkun
 
OpenSource Software for Thesaurus & Reference tools
OpenSource Software for Thesaurus & Reference toolsOpenSource Software for Thesaurus & Reference tools
OpenSource Software for Thesaurus & Reference toolsSatapon Yosakonkun
 
Making Feedback Work in your Teams
Making Feedback Work in your TeamsMaking Feedback Work in your Teams
Making Feedback Work in your TeamsSumeet Moghe
 
GREENSTONE DIGITAL LIBRARY DEVELOPER’S GUIDE
GREENSTONE DIGITAL LIBRARY DEVELOPER’S GUIDEGREENSTONE DIGITAL LIBRARY DEVELOPER’S GUIDE
GREENSTONE DIGITAL LIBRARY DEVELOPER’S GUIDESatapon Yosakonkun
 
Macon summary for JISC mobile collections workshop
Macon summary for JISC mobile collections workshopMacon summary for JISC mobile collections workshop
Macon summary for JISC mobile collections workshopKeren Mills
 
Mobile ou library emalink pres
Mobile ou library emalink presMobile ou library emalink pres
Mobile ou library emalink presKeren Mills
 
การประชุมเชิงปฏิบัติการ เรื่อง การใช้โปรแกรม Zotero สำหรับจัดเก็บรายการบรรณาน...
การประชุมเชิงปฏิบัติการ เรื่อง การใช้โปรแกรม Zotero สำหรับจัดเก็บรายการบรรณาน...การประชุมเชิงปฏิบัติการ เรื่อง การใช้โปรแกรม Zotero สำหรับจัดเก็บรายการบรรณาน...
การประชุมเชิงปฏิบัติการ เรื่อง การใช้โปรแกรม Zotero สำหรับจัดเก็บรายการบรรณาน...Satapon Yosakonkun
 
Majalah INFO-UFO no 11
Majalah INFO-UFO no 11Majalah INFO-UFO no 11
Majalah INFO-UFO no 11Nur Agustinus
 
Local Orientation - TWU
Local Orientation - TWULocal Orientation - TWU
Local Orientation - TWUSumeet Moghe
 
FARM II Quarterly Report July-Oct 2015
FARM II Quarterly Report July-Oct 2015FARM II Quarterly Report July-Oct 2015
FARM II Quarterly Report July-Oct 2015sbasgall
 
Librarian's challenge to publishers
Librarian's challenge to publishersLibrarian's challenge to publishers
Librarian's challenge to publishersKeren Mills
 
81 แหล่งเรียนรู้วิทยาศาสตร์และเทคโนโลยี
81 แหล่งเรียนรู้วิทยาศาสตร์และเทคโนโลยี81 แหล่งเรียนรู้วิทยาศาสตร์และเทคโนโลยี
81 แหล่งเรียนรู้วิทยาศาสตร์และเทคโนโลยีSatapon Yosakonkun
 
BEHTRUWC_Final_Evaluation_Report_Final 09242014
BEHTRUWC_Final_Evaluation_Report_Final 09242014BEHTRUWC_Final_Evaluation_Report_Final 09242014
BEHTRUWC_Final_Evaluation_Report_Final 09242014sbasgall
 

Viewers also liked (20)

ThoughtWorks University - the evolution
ThoughtWorks University - the evolutionThoughtWorks University - the evolution
ThoughtWorks University - the evolution
 
Barcode Use in Fairs 04-10-2012
Barcode Use in Fairs 04-10-2012Barcode Use in Fairs 04-10-2012
Barcode Use in Fairs 04-10-2012
 
M-Libraries: Information Use on the Move
M-Libraries: Information Use on the MoveM-Libraries: Information Use on the Move
M-Libraries: Information Use on the Move
 
โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...
โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...
โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...
 
OpenSource Software for Thesaurus & Reference tools
OpenSource Software for Thesaurus & Reference toolsOpenSource Software for Thesaurus & Reference tools
OpenSource Software for Thesaurus & Reference tools
 
Making Feedback Work in your Teams
Making Feedback Work in your TeamsMaking Feedback Work in your Teams
Making Feedback Work in your Teams
 
GREENSTONE DIGITAL LIBRARY DEVELOPER’S GUIDE
GREENSTONE DIGITAL LIBRARY DEVELOPER’S GUIDEGREENSTONE DIGITAL LIBRARY DEVELOPER’S GUIDE
GREENSTONE DIGITAL LIBRARY DEVELOPER’S GUIDE
 
library 2.0
library 2.0library 2.0
library 2.0
 
Macon summary for JISC mobile collections workshop
Macon summary for JISC mobile collections workshopMacon summary for JISC mobile collections workshop
Macon summary for JISC mobile collections workshop
 
Mobile ou library emalink pres
Mobile ou library emalink presMobile ou library emalink pres
Mobile ou library emalink pres
 
การประชุมเชิงปฏิบัติการ เรื่อง การใช้โปรแกรม Zotero สำหรับจัดเก็บรายการบรรณาน...
การประชุมเชิงปฏิบัติการ เรื่อง การใช้โปรแกรม Zotero สำหรับจัดเก็บรายการบรรณาน...การประชุมเชิงปฏิบัติการ เรื่อง การใช้โปรแกรม Zotero สำหรับจัดเก็บรายการบรรณาน...
การประชุมเชิงปฏิบัติการ เรื่อง การใช้โปรแกรม Zotero สำหรับจัดเก็บรายการบรรณาน...
 
Routine to Research :R2R
Routine to Research :R2RRoutine to Research :R2R
Routine to Research :R2R
 
Majalah INFO-UFO no 11
Majalah INFO-UFO no 11Majalah INFO-UFO no 11
Majalah INFO-UFO no 11
 
Local Orientation - TWU
Local Orientation - TWULocal Orientation - TWU
Local Orientation - TWU
 
Gtd
GtdGtd
Gtd
 
FARM II Quarterly Report July-Oct 2015
FARM II Quarterly Report July-Oct 2015FARM II Quarterly Report July-Oct 2015
FARM II Quarterly Report July-Oct 2015
 
Presentasi ikiduit
Presentasi ikiduitPresentasi ikiduit
Presentasi ikiduit
 
Librarian's challenge to publishers
Librarian's challenge to publishersLibrarian's challenge to publishers
Librarian's challenge to publishers
 
81 แหล่งเรียนรู้วิทยาศาสตร์และเทคโนโลยี
81 แหล่งเรียนรู้วิทยาศาสตร์และเทคโนโลยี81 แหล่งเรียนรู้วิทยาศาสตร์และเทคโนโลยี
81 แหล่งเรียนรู้วิทยาศาสตร์และเทคโนโลยี
 
BEHTRUWC_Final_Evaluation_Report_Final 09242014
BEHTRUWC_Final_Evaluation_Report_Final 09242014BEHTRUWC_Final_Evaluation_Report_Final 09242014
BEHTRUWC_Final_Evaluation_Report_Final 09242014
 

Similar to Beating Spam On Your WordPress Website - WordCamp Melbourne 2013

5 Ways To Identify Blog Spam (As A Business Owner)
5 Ways To Identify Blog Spam (As A Business Owner)5 Ways To Identify Blog Spam (As A Business Owner)
5 Ways To Identify Blog Spam (As A Business Owner)Christopher Dill
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
Security panel-western-mass-drupal-camp
Security panel-western-mass-drupal-campSecurity panel-western-mass-drupal-camp
Security panel-western-mass-drupal-campcwworks
 
(Full) Compromised Website Report 2012
(Full) Compromised Website Report 2012(Full) Compromised Website Report 2012
(Full) Compromised Website Report 2012Cyren, Inc
 
Security Function
Security FunctionSecurity Function
Security FunctionSamuel Soon
 
Web security ppt sniper corporation
Web security ppt   sniper corporationWeb security ppt   sniper corporation
Web security ppt sniper corporationsharmaakash1881
 
5 popular recommendations to speed up your website that won't work [Talk]
5 popular recommendations to speed up your website that won't work [Talk] 5 popular recommendations to speed up your website that won't work [Talk]
5 popular recommendations to speed up your website that won't work [Talk] Sabrina Zeidan
 
Rawnet Lightning Talk - Negative SEO - A Dirty Business!
Rawnet Lightning Talk -  Negative SEO - A Dirty Business!Rawnet Lightning Talk -  Negative SEO - A Dirty Business!
Rawnet Lightning Talk - Negative SEO - A Dirty Business!Rawnet
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home OwnershipDenise (Dee) Teal
 
How to Fix a Slow WordPress Site (and get A+ scores)
How to Fix a Slow WordPress Site (and get A+ scores)How to Fix a Slow WordPress Site (and get A+ scores)
How to Fix a Slow WordPress Site (and get A+ scores)Lewis Ogden
 
Understanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your BusinessUnderstanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your BusinessImperva Incapsula
 
What's in my SEO Toolbox: Linkbuilding Edition - SMX Milan 2014
What's in my SEO Toolbox: Linkbuilding Edition - SMX Milan 2014What's in my SEO Toolbox: Linkbuilding Edition - SMX Milan 2014
What's in my SEO Toolbox: Linkbuilding Edition - SMX Milan 2014Bastian Grimm
 
Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1
Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1
Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1Mickaël Rémond
 
Google Penalty Recovery Secrets Leaked - Worth $13.38
Google Penalty Recovery Secrets Leaked - Worth $13.38Google Penalty Recovery Secrets Leaked - Worth $13.38
Google Penalty Recovery Secrets Leaked - Worth $13.38DonaldMiley
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
 
Wordpress plugin directory
Wordpress plugin directoryWordpress plugin directory
Wordpress plugin directoryJohn Smith
 
Introduction To Social Media
Introduction To Social MediaIntroduction To Social Media
Introduction To Social MediaToni Hiracheta
 
What content strategists need to demand from the CMS guys
What content strategists need to demand from the CMS guysWhat content strategists need to demand from the CMS guys
What content strategists need to demand from the CMS guysPerttu Tolvanen
 

Similar to Beating Spam On Your WordPress Website - WordCamp Melbourne 2013 (20)

Spam Wars
Spam WarsSpam Wars
Spam Wars
 
5 Ways To Identify Blog Spam (As A Business Owner)
5 Ways To Identify Blog Spam (As A Business Owner)5 Ways To Identify Blog Spam (As A Business Owner)
5 Ways To Identify Blog Spam (As A Business Owner)
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
 
Security panel-western-mass-drupal-camp
Security panel-western-mass-drupal-campSecurity panel-western-mass-drupal-camp
Security panel-western-mass-drupal-camp
 
(Full) Compromised Website Report 2012
(Full) Compromised Website Report 2012(Full) Compromised Website Report 2012
(Full) Compromised Website Report 2012
 
Security Function
Security FunctionSecurity Function
Security Function
 
Web security ppt sniper corporation
Web security ppt   sniper corporationWeb security ppt   sniper corporation
Web security ppt sniper corporation
 
5 popular recommendations to speed up your website that won't work [Talk]
5 popular recommendations to speed up your website that won't work [Talk] 5 popular recommendations to speed up your website that won't work [Talk]
5 popular recommendations to speed up your website that won't work [Talk]
 
Rawnet Lightning Talk - Negative SEO - A Dirty Business!
Rawnet Lightning Talk -  Negative SEO - A Dirty Business!Rawnet Lightning Talk -  Negative SEO - A Dirty Business!
Rawnet Lightning Talk - Negative SEO - A Dirty Business!
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home Ownership
 
How to Fix a Slow WordPress Site (and get A+ scores)
How to Fix a Slow WordPress Site (and get A+ scores)How to Fix a Slow WordPress Site (and get A+ scores)
How to Fix a Slow WordPress Site (and get A+ scores)
 
Understanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your BusinessUnderstanding Web Bots and How They Hurt Your Business
Understanding Web Bots and How They Hurt Your Business
 
What's in my SEO Toolbox: Linkbuilding Edition - SMX Milan 2014
What's in my SEO Toolbox: Linkbuilding Edition - SMX Milan 2014What's in my SEO Toolbox: Linkbuilding Edition - SMX Milan 2014
What's in my SEO Toolbox: Linkbuilding Edition - SMX Milan 2014
 
Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1
Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1
Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1
 
Google Penalty Recovery Secrets Leaked - Worth $13.38
Google Penalty Recovery Secrets Leaked - Worth $13.38Google Penalty Recovery Secrets Leaked - Worth $13.38
Google Penalty Recovery Secrets Leaked - Worth $13.38
 
Delete Nationzoom
Delete NationzoomDelete Nationzoom
Delete Nationzoom
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
 
Wordpress plugin directory
Wordpress plugin directoryWordpress plugin directory
Wordpress plugin directory
 
Introduction To Social Media
Introduction To Social MediaIntroduction To Social Media
Introduction To Social Media
 
What content strategists need to demand from the CMS guys
What content strategists need to demand from the CMS guysWhat content strategists need to demand from the CMS guys
What content strategists need to demand from the CMS guys
 

Recently uploaded

UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 

Recently uploaded (20)

UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 

Beating Spam On Your WordPress Website - WordCamp Melbourne 2013

  • 1. 1 Beating Spam On Your WordPress SiteBeating Spam On Your WordPress Site Vladimir Lasky http://wpexpert.com.au/ WordCamp Melbourne 2013
  • 2. 2 What is Spam?What is Spam?  Unsolicited and often untargeted electronic communication  Persistent phenomena due to the extremely low marginal cost of sending it over the Internet  Even a minuscule response rate from targets makes it profitable
  • 3. 3 What Do Spammers Want?What Do Spammers Want?  To get recipients of spam emails to purchase products and services. Common examples: – “Get Rich Quick” schemes – Products to enhance reproductive organs or reproduction process – Weight loss  To take advantage of the ranking/popularity of your site to promote theirs – If your site gets many visitors and/or ranks highly in search engines, they will receive a portion of your traffic
  • 4. 4 Why is Spam Evil?Why is Spam Evil?  A parasitic phenomenon  Wastes owners time in dealing with emails and moderating comments  comments and discussion boards less useful to website visitors  Search Engines lower the rank of websites that link to spamblogs and low quality sites  Increases load on web servers and eats through data transfer and storage quotas
  • 5. 5 Types of SpamTypes of Spam  Types of spam that WordPress site owners often encounter include: – WordPress Comment spam – Trackback spam – Contact form spam – Email spam
  • 8. 8 100% Surefire Plan To Prevent Website Spam100% Surefire Plan To Prevent Website Spam 1. Don’t publish your email address 2. Don’t have a contact form on your website 3. Don’t let visitors comment on posts 4. Disable trackbacks/pingbacks
  • 9. 9 Our More Practical Spam Reduction PlanOur More Practical Spam Reduction Plan  Promoting visitor engagement by making it easy to communicate, comment or provide feedback  Preventing and Detecting attempts to leave spam to the best of our ability using free automated tools wherever possible
  • 10. 10 Know Your EnemyKnow Your Enemy  Spambots – Automated computer programs running on servers that trawl the internet and post spam – The vast bulk of today’s spam  Human Spammers – People who manually post spam, often are paid to do this
  • 11. 11 Spambots (Machine-Generated Spam)Spambots (Machine-Generated Spam)  Strengths – Very fast, can bombard lots of websites in a given period of time  Weaknesses – Only can do what they are programmed to do – Can only adapt to countermeasures by being reprogrammed
  • 12. 12 Human Spammers (Human-Generated Spam)Human Spammers (Human-Generated Spam)  Strengths – Humans can adapt and work around many anti-spam measures  Weaknesses – Slow – usually must visit websites in a browser – Expensive for spammers to employ humans – People employed to spam often have a limited education and can be tricked using intellectual means
  • 13. 13 Email SpamEmail Spam  Problem: – Email harvesting robots trawl the net scanning websites for email addresses, which are then sent spam emails  Common Mitigation: – Not publishing email address, relying on contact form  Side Effects: – Not having a visible email address on your website lowers response rates
  • 14. 14 Comment Form SpamComment Form Spam  Problem: – Spammers leave comments on posts  Common Mitigation: 1. Not have comments 2. Require comments to be approved before publication 3. Use a CAPTCHA  Side Effects: 1. No participation 2. Reduces participation 3. Moderation time
  • 15. 15 What is a CAPTCHA?What is a CAPTCHA?  A test designed to distinguish between a human visitor and a bot (computer program). – E.g. Asking the user to type a distorted randomly picked phrase contained within an image, difficult for a computer to extract  When used on a web page, normally placed at the bottom of a form, before the submit button.
  • 16. 16 Should You Use CAPTCHAs?Should You Use CAPTCHAs?  No longer recommend  Legitimate visitors often find image-based CAPTCHAs hard to read and annoying  Increase hesitation and site abandonment  These types are less annoying: – Math CAPTCHAs – Classification CAPTCHAs
  • 17. 17 Pingback/Trackback SpamPingback/Trackback Spam  Pingbacks/Trackbacks are sent to your blog by others that have linked to one of your posts. These are listed in the comments and contain the URL of the referring site.  Problem: – You may receive trackbacks from spam blogs, or even fake trackbacks that point to an arbitrary website  Common Mitigation: – Disable Pingbacks/Trackbacks  Side Effects: – Reduces SEO from legitimate sites – Lose information about readership of your posts
  • 18. 18 List of Free Anti-Spam WordPress PluginsList of Free Anti-Spam WordPress Plugins 1. Cookies for Comments 2. Bad Behavior 3. Jetpack Comments (part of Jetpack) 4. Simple Trackback Validation with Topsy Blocker 5. Minimum Comment Length 6. Email Address Encoder
  • 19. 19 What About the Akismet Plugin?What About the Akismet Plugin?  Good, but only free for non-commercial sites
  • 20. 20 Plugin: Cookies for CommentsPlugin: Cookies for Comments  Action: – Reduces comment spam  Mechanism: 1. Each visitor to your site will be issued with a tracking cookie 2. If they try to leave a comment without having the cookie, it will be blocked. Most spambots do not accept cookies 3. Option setting: If an attempt is made to leave a comment without having spent some time on your site, it will be blocked
  • 21. 21 Plugin: Bad Behavior - IPlugin: Bad Behavior - I  Action: – Reduces all types of spam  Mechanism (in standalone mode): – Uses various indicators (e.g. User agent, HTTP headers, contents of URL) to identify requests from clients that are known to be or likely to be spambots – These visitors will receive a 403 Forbidden error message and won’t be able to see your site  Limitations – Plugin may not be aware of newly created spambots and could inadvertently block legitimate search engines on occasion – Updates should address these issues
  • 22. 22 Plugin: Bad Behavior - IIPlugin: Bad Behavior - II  Mechanism (combined with Project Honey Pot): 1. Project Honey Pot operates a network of websites designed to attract spammers, in order to record their IP addresses 2. WordPress owner obtains a free http:BL key from Project Honeypot and configures Bad Behavior to use it 3. Every website visitor will be checked against Project Honey Pot’s database to see if significant amount of spam has been detected from their IP 4. If so, Bad Behavior will block them  Limitations: – Small overhead when checking Honey Pot database – Spammer must have already spammed the Honey Pot websites
  • 23. 23 Plugin: Jetpack Comments - IPlugin: Jetpack Comments - I  Action – Indirectly reduces comment spam from spambots  Mechanism – Replaces your existing comment form with one hosted on WordPress.com, embedded within HTML iframe – Most spambots will not find a comment form on your site
  • 24. 24 Plugin: Jetpack Comments - IIPlugin: Jetpack Comments - II  Limitations – Requires a modern theme that calls the comment_form() function (introduced in WordPress 3.0) – Incompatible themes require modification by a PHP developer – Will change the look of your comment form  Configuration Note – If using this together with the Bad Behaviour plugin, enable the Bad Behavior setting: • Security->Allow form postings from other web sites
  • 25. 25 Plugin: Minimum Comment LengthPlugin: Minimum Comment Length  Action – Indirectly reduces comment spam  Mechanism – Rejects comments that are shorter than a specified minimum length, e.g. 15 characters – Many spambots/spammers leave a token comment with a URL of their website  Limitations – Antispam benefit is small, but also discourages humans from leaving useless comments like “Great Post!” or “I agree”
  • 26. 26 Plugin: Simple Trackback Validation w/Topsy BlockerPlugin: Simple Trackback Validation w/Topsy Blocker  Action – Reduces Trackback Spam  Mechanism – Confirms that the IP address of trackback sender matches the IP address of the site the trackback URL points to – Accesses the trackback URL and confirms that the content contains a link to your post  Limitations – Some trackback spam will still pass both those tests
  • 27. 27 Plugin: Email Address EncoderPlugin: Email Address Encoder  Action – Reduces Email Spam  Mechanism – Encodes email addresses in your WordPress site content and widgets and into decimal and hexadecimal HTML entities, foiling the majority of email harvesting spambots  Limitation – It is possible for a spambot to be developed that can deal with this sort of encoding
  • 28. 28 Other Spam Reduction TipsOther Spam Reduction Tips
  • 29. 29 Disable User RegistrationsDisable User Registrations  Only authors or members should have accounts on your site.  In WordPress admin, uncheck the following: – Settings->General->Anyone can register
  • 30. 30 Authenticate CommentersAuthenticate Commenters  Jetpack Comments and other plugins allow commenters to authenticate using their facebook, twitter and other social sharing accounts without requiring an account on your WordPress site
  • 31. 31 Comment Moderation TipsComment Moderation Tips  Recommend approving comments before they’re published (if you have the time)  If you have a crowd of regular fans/commenters, enabling the following will save you time: – In Settings->Discussion Settings->Before a Comment appears, check the box “Comment author must have a previously approved comment”
  • 32. 32 To Disable Pingbacks & TrackbacksTo Disable Pingbacks & Trackbacks  In Settings->Discussion->Default article settings, unselect the following: – Allow link notifications from other blogs (pingbacks and trackbacks)
  • 33. 33 Dealing with Human Email/Contact SpamDealing with Human Email/Contact Spam  Most common human-generated spam is for Search Engine Optimisation services.  If these are a problem, try the following: – Publish an email address for SEO and Ranking enquiries – Have an “SEO/Ranking” department on contact forms  This may help separate those enquiries from all others
  • 34. 34 ConclusionConclusion  Project Honey Pot: – http://www.projecthoneypot.org/ – Provides http:BL key to use with Bad Behaviour plugin – You can also contribute by joining their network of honey pots  Questions and Comments: – http://wpexpert.com.au/contact-us/