Spam is a huge problem these days, and not only for email accounts. It ‘s done by automatically posting random comments or promoting commercial services to public services. Blogs can be spammed too. In fact, everything that requires posting and user action/comments can be spammed (forums, boards, blogs, guestbooks, wikis, etc). Any web application that accepts and displays hyperlinks can be a target for spammers. WordPress spam is done using the commenting feature of wordpress, therefore the term comments spam . By posting links, spammers help increasing the pagerank of a website and the traffic coming from refering websites as well.
A variety of anchors are used by spammers: images, regular link text and even whole paragraphs.
The smiley WordPress spam techinique
WordPress spam usually comes in this format: nice post, thanks and a link at the end of the post with a smiley ( ) as the anchor. Many wordpress owners won ‘t notice the comment has a link because it ‘s hidden by that smiley, as wordpress parses the smiley text into an image. The html looks like this:
"Nice post, thanks <a href="http://spamdomain.com"> : ) </a>
It ‘s quite easy to spot it. Everytime someone posts a comment on my blog I ‘m getting an email with a notice (I don ‘t remember if that ‘s default, but there ‘s an option for it in the settings menu, just look for it and you ‘ll find it). Since my email is powered by yahoo, I see the html because yahoo transforms it into regular text (for the same purposes, html is not allowed if not properly set) and I can see it ‘s spam.
Another clue would be the comments admin area of WordPress. Depending on your blogs css version and settings, links are underlined (I assume this is happening for most WordPress versions). Therefore, you can check for smileys in the comment before you approve it and see if they point to some external link.
How to block WordPress Spam
Fortunately, protection against wordpress spam is available. There are many ways to fight against it and, depending on your imagination, you can come up with more.
- Disallowing multiple consecutive submissions “ You won ‘t see too often users to reply to their own posts. Well ¦ spammers will do it. So a possible solution would be to check if the current user IP is not the same with the last one and if a specific time period has passed. However, this can block multiple users behind the same proxy and using the same public IP. It ‘s up to you if you use this or not
- Keyword blocking “ this can be one of the most effective ways to block wordpress spam. You will eliminate spam simply by banning names of popular pharmaceuticals or casino games etc. for instance, viagra .
- Nofollow “ it ‘s added by default in the newer WordPress distributions. When a search engine finds the nofollow tag applied to a hyperlink, it breaks the process, so even if you link to some external URLs, they won ‘t be considered as links by the search engines. Google announced in 2005 that hyperlinks with rel= nofollow attribute would not influence the link ‘s target ranking in the search engines index. Yahoo and MSN also respect this tag.
- Validation (CAPTCHA) “ a method used to detect robots. Before a form is validated, a random text verification is required to the end-user.
- Disallowing links in posts “ simply, would cut any link posted in a comment by the user or simply transform it into regular text.
- Redirects “ instead of displaying the direct link to the actual target, it would display a link to a script on the same server that redirects to the correct URL.
These are few ways to protect your blog against WordPress Spam. In case I missed something, you can post a comment and tell me (make sure you don ‘t include any link, lol =) ). In a future post I ‘ll name few plugins that would help you fight against WordPress spam.