Ok … back to the topic. In this post I want to teach you how to upgrade your wordpress blog. That’s a pretty easy task. If you created your blog using fantastico, then you should go back there and find the appropriate button. It’ll do the job, there’s nothing else for you to do. If you followed my guide on how to install wordpress (or not :) ) and installed it with your own hands, you probably know what to do already. Simply go to wordpress.org/download, save the latest release on your PC, unzip it and finally upload it to your blog folder on your server (maybe site root, maybe not). After you’re done, go to your admin panel. It’ll say your database has to be upgraded if it’s the case (and it is when you upgrade from older versions to 2.7, it happened for all my blogs), just hit that button and you’re good to go.

That’s it :)

The good news is that from now on, wordpress has its own auto-upgrade feature embeded. For older versions, you should’ve had a plugin installed to do that, but from now on, you can simply go to the “Tools” menu and hit “Upgrade”. It’s pretty easy and intuitive so go ahead and try it.

Here we go:

1. Akismet – a very popular plugin which comes by default with wordpress. To use it, you need to signup for a wordpress acount and get an API key for your website.
2. Defensio – A wordpress plugin that helps you filter your comments and also provides rss feed for both accepted and ‘spammed’ comments.
3. Simple CAPTCHA – Adds turing text to your comment area to eliminate automated comments
4. Challenge – Adds a challenge to your comments area, the regular stuff being additions and multiplications
5. Referrer Bouncer – You don’t need to do anything to use it. Just activate it.
6. Email Immunizer – Simply converts all your emails on your website to numeric references to prevent email colecting
7. WPBayes – Implements the spam filtering with the Naive Bayesian technique, which means it marks the comments as spam or not based on your previous decisions. To be honest, I didn’t use this one
8. Spam Karma 2 – This one assigns a karma score based on multiple factors like the age of the post, the email, if there’s a link inside, etc, etc.
9. WP Spam Hitman – It fights agains wordpress spam using a series of patterns. That’s all I know about it, please test it and let me know if it’s a good one.
10. Did you pass Math – Does the same thing as the one at point #4.

Well.. I think 10 tools are enough to keep you away from spam comments. Test them and use the one(s) you like the most.

- Peter

A variety of anchors are used by spammers: images, regular link text and even whole paragraphs.

The smiley WordPress spam techinique

WordPress spam usually comes in this format: “nice post, thanks” and a link at the end of the post with a smiley ( :) ) as the anchor. Many wordpress owners won’t notice the comment has a link because it’s hidden by that smiley, as wordpress parses the smiley text into an image. The html looks like this:

"Nice post, thanks <a href="http://spamdomain.com"> : ) </a>

It’s quite easy to spot it. Everytime someone posts a comment on my blog I’m getting an email with a notice (I don’t remember if that’s default, but there’s an option for it in the settings menu, just look for it and you’ll find it). Since my email is powered by yahoo, I see the html because yahoo transforms it into regular text (for the same purposes, html is not allowed if not properly set) and I can see it’s spam.

Another clue would be the comments admin area of WordPress. Depending on your blogs css version and settings, links are underlined (I assume this is happening for most WordPress versions). Therefore, you can check for smileys in the comment before you approve it and see if they point to some external link.

How to block WordPress Spam

Fortunately, protection against wordpress spam is available. There are many ways to fight against it and, depending on your imagination, you can come up with more.

1. Disallowing multiple consecutive submissions – You won’t see too often users to reply to their own posts. Well … spammers will do it. So a possible solution would be to check if the current user IP is not the same with the last one and if a specific time period has passed. However, this can block multiple users behind the same proxy and using the same public IP. It’s up to you if you use this or not
2. Keyword blocking – this can be one of the most effective ways to block wordpress spam. You will eliminate spam simply by banning names of popular pharmaceuticals or casino games etc. for instance, “viagra”.
3. Nofollow – it’s added by default in the newer WordPress distributions. When a search engine finds the nofollow tag applied to a hyperlink, it breaks the process, so even if you link to some external URLs, they won’t be considered as links by the search engines. Google announced in 2005 that hyperlinks with rel=”nofollow” attribute would not influence the link’s target ranking in the search engines index. Yahoo and MSN also respect this tag.
4. Validation (CAPTCHA) – a method used to detect robots. Before a form is validated, a random text verification is required to the end-user.
5. Disallowing links in posts – simply, would cut any link posted in a comment by the user or simply transform it into regular text.
6. Redirects – instead of displaying the direct link to the actual target, it would display a link to a script on the same server that redirects to the correct URL.

These are few ways to protect your blog against WordPress Spam. In case I missed something, you can post a comment and tell me (make sure you don’t include any link, lol =) ). In a future post I’ll name few plugins that would help you fight against WordPress spam.

- Peter

I’m talking about wordpress security and vulnerabilities here and there’s much to say about it, so I’ve started a new category where to post.

The very first and most important thing you need to do to help your blog stay safe all the time is to keep it updated to the latest version. That’s the most safe (at least that’s what they say). Everytime a new bug/security hole is found, the platform gets updated with a fix and then the bug is published. In short words, everybody knows about it.

If you don’t want to mess with ftp and downloads and so on, you might want to use a plugin that does your updating automatically. This way you’ll always have your wordpress blog up to date. I don’t remember the name of that plugin because I don’t use it, but if you wish to install it, do a simply search on google or on wordpress.com site and you’ll find it pretty fast. I don’t use it because I don’t like having too much “foreign” code on my server… you never know what can happen to your database or whatever. Therefore, I prefer to update it manually.

Oh … and by the way, I was talking about plugins. When you get a new plugin, make sure it’s a safe one. Don’t install any plugin just because the owner is saying on his website that plugin  will help you do this or that. Maybe use a test blog to check the plugin, or maybe get a software engineer to analyze it carefully. This way you’ll know it isn’t a threat for you or your business.