Spam can wreck havoc on your network, your desktops, and your bottom line. Follow these best practices for blocking spam on your WordPress site.
Spam can get into just about anything, including your WordPress site. On a WordPress platform, there can be spam accounts, spam within forums, spam product orders, and spam comments in posts.
I’ll walk
you through my best practice for blocking spam on a WordPress site. It’s not as challenging as you might suspect.
Comment threads are one of the first areas that are targeted for spam; this is where spammers can post links to their spam sites and other less-than-desired information.
The
most obvious way to prevent spam in comments is to turn off comments. This might be advantageous for a business-centric site, as that is
inviting trouble (in the form of flames, trolling, negative feedback, or support requests). To turn off comments, follow these steps:
Figure A
If you don’t want to completely disable comments, you can
(from the same settings pages) limit comments to only registered users and require administrator approval for every comment. Both options should be
enabled if you want to leave commenting on for your site.
There is another unique feature to use in this same section.
In the Comment Moderation section, you will see a text area that allows you to
enter a blacklist of words that, when detected in a comment’s body, title, link, email, or IP, will cause WordPress to hold the comment for
moderation.
Below that section is a comment blacklist. When WordPress detects any of the words in your blacklist in a comment’s content, name, URL, or IP address, it will automatically mark
it as spam. This system means less moderation on
the part of the administrator.
Be sure to click the Save Changes button after you add text to either the Moderator or Blacklist.
If you have no need for users to register on your site,
why not avoid potential issues by disabling the membership feature? Without the ability
to register, unwanted users will not gain access to features that might allow
them to spam your site.
To do this, follow these steps:
Figure B
I’ve tried a number of the spam blocker WordPress plugins; some offer decent
results, while others can be disastrous. The plugin I find most
effective is Stop Spammers. It checks logins, registrations, and comments for
spam users and blocks them when they are detected. Stop Spammers also checks against
numerous well-known spam lists (e.g., Spamhaus.org, StopForumSpam.com,
Project Honeypot, BotScout), checks HTTP_ACCEPT headers, and checks
for bots hitting your site.
Here’s the easiest method of installing Stop Spammers:
After you add the plugin, a new entry will appear in the Settings menu for Stop Spammers. If you click the Settings button from the plugin listing (Figure C), you will see a lot of available options.
Figure C
It’s very important to click the Check Your IP button immediately, because if your IP is on any of the spam listing sites,
you’ll be blocked from your own WordPress site. If the plugin detects that your IP is on a spam listing site, it
will automatically deactivate the plugin so you can continue working with your
platform. If this happens, you should work with your provider to
remove your IP from the listing.
These are the options types of options available with the plugin:
From the Settings window, you can create your own whitelist, blacklist, and spam word lists or block email domains or TLDs, and more.
Jack Wallen is an award-winning writer for TechRepublic, The New Stack, and Linux New Media. He's covered a variety of topics for over twenty years and is an avid promoter of open source. For more news about Jack Wallen, visit his website jackwallen.com.
