Category Archives: Wordpress

Topics relating to Wordpress, plugins, themes, optimizing etc

How To Beat WordPress Spam

In the dark ages, when pigeons delivered the mail or smoke signals were the most efficient form of communication, spam wasn’t a problem. It all started with junk mail in our letter boxes. Piles of advertising that took up space, time and energy. When electronic mail was invented it seemed like maybe we’d beaten the junk mail issue…until even our email inboxes starting filling up with rubbish. In fact, it turned out that it was even easier to spam someone on the net…you didn’t even have to move from your comfy spam-financed office chair. These days they spam you to within a inch of your patience. You get spam on your mobile phone, on your website, and even your WordPress blog.

Why Is WordPress Spam a Problem?

Spam is ugly, and it wastes your time and for a serious blogger, time is at a premium. When you could be creating knew content, reading other blogs, or researching a new article, you are wasting your time, moderating comments, and deleting rubbish. This article will show you how to sort out spam for WordPress.

Default WordPress Spam Fighting Features

WordPress has some built in features which help you deal with spam. These include:

  1. Comment Moderation

    Links are a common feature of spam messages, as most spammers are looking for backlinks to their page. Most legitimate comments will not contain links, so it is a good tactic to set comment moderation to hold all messages that contain links. Even when a legit comment is held because of a link, it is always good to check the links that people are leaving, as legit commenter’s can place uncalled for links to their own sites, especially in do follow blogs.

    Go to the Options > Discussion panel.
    Scroll down to Comment Moderation. Change the value to 1.

    Comment Moderation

  2. Spam Words

    You can add words to be added to the blacklist so comments containing them are pushed into moderation.

  3. Moderate All Comments

    If you have a smaller blog with very few comments you could consider moderating all comments. I have a problem with this as I feel it discourages involvement. A reader makes a comment, then nothing shows up. For all that person knows it’s gone to never be seen again, and unless they check back, they won’t know whether the blog owner approved the comment at all. So in almost all cases, this isn’t a good option.

  4. Disabling comments completely

    If you want to use WordPress as a publishing platform and not a blog, you can easily completely disable comments, which will remove the possibility of comment spam.

  5. Other WordPress Spam Options

    “Pre-approve comments from old commenters” means what is says, people who you have already approved comments for are allowed to leave comments even if you have moderation enabled. “Restrict comments to registered users” is also an option. Although it will help you combat spam, and build a community around your blog, it does discourage comments from those who don’t want to sign up.

WordPress Plug-ins

  • Akismet is the must have spam protection plug-in for WordPress. If you are not using it, you probably should be. It’s a requirement to register at to get an API key used in the system, but for the few seconds it takes you to fill out a form, it is well worth it.

  • reCaptcha is a WordPress plug-in to prevent comment spam using a word verification system.

  • Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots.

  • Spam Karma is a system that grades comments based on information that it collects. It considers things such as who left the comment, are they a known commenter, does the comment have links, and other factors. If the comment scores well it is published immediately. If the comment scores poorly, it is held for moderation.

Akismet Auntie Script

Akismet Auntie is a Firefox script that makes it easier to browse and sort your Akismet spam box. If you are getting 100’s of spam comments a day, and are a Firefox user then this script will help you out. Basically it makes it easier for you to quickly browse through your spam comments to find any legit comments.

Other Forms of WordPress Spam

Contact Form Spam

The contact form on your WordPress blog can also be a target for spammers. If you find that you constantly getting spam from your contact form consider using one that has verification or challenge question on it.

Referral Spam

Bloggers tend to check their statistics to see which sites are referring traffic to them. Referral spam creates an entry in your statistics that shows the spammer’s site as the refer. The idea is that the blogger will then visit the spammers site to see what has been referring traffic.

How To Make Your WordPress Blog Safer

How horrible would it be if you woke up tomorrow and your blog was gone. All that hard work you have put into it up in smoke. Ok, so I think we can agree that it’s worth taking a few precautions to ensure our WordPress blogs are as secure as possible. Here are some tips to go about achieving this.

Keep WordPress Current

Keep your WordPress setup up to date. From time to time people find security issues in WordPress. These issues get addressed by the developers of WordPress who then release an update. If you don’t update, you may be vulnerable. WordPress can be a real pain to update, so the more lazy amongst us tend to leave it for a bit. If this sounds like you then maybe you should download WordPress Automatic Upgrade Plugin. It automates the process of backing up and upgrading WordPress.

Backup Your Posts and Comments

Create a folder on your PC and regularly create backups of your blog content. It’s easy enough to do, just go to “Manage” in your WordPress dashboard, and select “Export”, then click “Download Export File” to save a copy of all your valuable posts, comments and categories. It’s a good idea to name these export files with a date.

Drop The Version String In Your Header.php File

Quick Online Tips explains how displaying the version of your WordPress installation can leave you vulnerable. If the version is left viewable, anyone can easily figure out which version of WordPress you are using just by viewing the source file of your site, then if there is a known flaw in the version you are using you’re in trouble.

To fix this change:

<meta name="generator" content="WordPress 
<?php bloginfo('version'); ?>"


<meta name="generator" content=

"WordPress" />

Put A Blank index.html In /plugins/ Directory

In a default Wordpress installation, anyone can access your WordPress plugin folder to see which plugins you have installed. This is a problem if certain plugins are known to have security issues. The default path is “"

If you type this address in your browser using your WordPress blog’s domain you will see the entire directory with all of your plugins. A method to hide this as describe by Quick Online Tips (and Originally Matt Cutts at WordCamp 2007) is to place a blank file named index.html in the root of your plugin folder. People will no longer be able to view your plugin directory.

Wp-admin Folder

Past versions of WordPress have had vulnerabilities with the wp-admin folder. So for extra tight security Reuben Yau gives a method to Protect the WordPress wp-admin folder. However if the computer you access your blog from has a dynamic IP address assigned by your ISP this won’t work. It may be worth looking into if these sorts of security issues keep you up at night.

Login Lockdown Plugin

Login Lockdown is a plugin that monitors how many times a person tries to log in during a short period of time. If they exceed some key number, LogInLock down will lock them out from logging for some period of time. This will stop those types who will try and guess your user names and passwords.

If you are stuck using a free hosted WordPress blog you should consider blog hosting options, it’s not that expsensive to host your own WordPress blog.

I hope this information has helped you to secure your WordPress blog.

WordPress PHP Code Snip – Assign image to post ID

The following PHP code is some code I use on this blog that I thought some others that don’t program may find useful. What it does is assign an image to each unique post ID from WordPress that is a gif file. If you put a file in the image folder in your root directory of your Website called 8.gif – the 8th post you made on your blog will be assigned that image wherever you place this code. If there is no image for that id (you haven’t put a file called 8.gif in yet) it assigns the image called uplogo.gif. Of course you can change any of the directories, file extensions, and the alternative image name to suit your own needs.You can find the post ID by looking in manage posts from your dash. You should use this code in template files.

$image = "$id.gif"; 
echo "<img src='/images/$image' alt='alt tag'  />";  
echo "<img src='/images/uplogo.gif' alt='alt tag' />";  

5 things you may not know about WordPress

After recently going through the process of setting up WordPress and this site, I feel I have learnt certain things that may help other WordPress users. This article is a report of my experience.

1) You can post to WordPress using Windows Live Writer offline blog writing software. The software at first glance appears to be just for Windows Live Space blogs, however, you can easily use it for self hosted WordPress blogs. It has the added advantage of posting plug-ins, Automated pinging (sends pings to blog search engines when you post), and because it is offline software there is no page loading waiting time, so writing blogs becomes much easier. There is a beta version 2.0 of the software here: Windows Live Writer 2.0 Beta

2) In WordPress 2.2 widgets are now standard. Widgets are a form of plug-in that are easy to install and use, they tend to require no understanding of any web programming to use. If you are using version 2.2 of WordPress you can access the widget panel under the presentation tab of your admin dash. If you are using an older version you need to install the widget plug-in. The theme you are using must also be compatible for widgets to work.

3) You can organize posts and articles on your homepage/index page using category groups instead of just listing them in reverse chronological order like a standard blog. My homepage is organized this way. Using this method you can organize your WordPress like like a news site or magazine. Investigate yourself using

4) You can insert plug-in and php code into Wordpress 2.2’s widgetized sidebar using this plug-in code : Exe PHP. This is particularly useful for adding old plug-ins that don’t have widget alternatives. Install the widget above, then use it to execute the php code that runs the plug-in that you want to use… simple right?

5) You can have Feed Burner manage your rss feeds instead of using the standard WordPress feeds. You only need to install this plug-in: Feed Smith. For more top wordpress plugins check out shankrila or blogigs for some Adsense Optimized WordPress Themes.