Just like a mini Digital Kings Landing, your blog is constantly under the impending threat of attack from your sworn enemies. Seriously, the internet is just absolutely lousy with people of questionable morals and dubious intention who would like nothing more than to exploit every little nook and cranny of your company blog for their own little ill gotten gains.
Fortunately, there are steps you can take to mitigate the danger that your poor little installation lives under day-to-day. And today I’m going to talk about one of the most annoying exploits I see on a daily basis and some “sweet-as” plug-ins and services that you can one click upload and kick those crafty scammers and spammers back to the deepest, darkest corner of the internet (where they belong).
These guys are cute, suffice it to say they also make your life as a blog owner or manager a living hell if you don’t have a solid system of how to deal with and or block them altogether. It all starts innocently enough, you put a couple of posts on your blog and at first they will just trickle in. An innocuous looking compliment in the back end with an email alert saying a “new comment is awaiting moderation” and they will frequently look like this…
You say to yourself “Why thank you so much Storm, Leatrix, Medford and Jace… you guys are too kind, and of course I am going to approve a comment FROM someone that wants to link back to Bing and/or Facebook… those sites are legit” and then the temptation to hit the approval button is staggering. Do yourself a favor AND DON’T DO IT!!!
These are penetration comments, designed by heavy spammers to see if you have a vulnerable blog. The second you approve them you will send a signal to the spam gods to hit your blog with all holy hell’s worth of garbage comment spam… it’s actually quite impressive.
This is just a small sample of over 6,000 queued comments that I had to clean out from a client’s site that was vulnerable and had approved the little red herring “Facebook” and “Bing” test comments… actually I wasn’t even mad, it was kind of amazing. Six Thousand comments… in one day. Gotta admire their gumption. But enough of these pests! Do yourself a favor and install these handy little blog comment spam killer plug-ins.
This should really be a no brainer as Akismet comes standard on all WordPress installs these days (but it is really impressive how few people actually activate it). Akismet is a global spam stopping network that runs on pure love (and donations… so be sure to donate).
Activation is simple, just mosey on over to the site, make an account, register your blog and email address (this is where you donate *cough *cough), get your activation code (API Key) and input it into the Akismet plug-in on your WordPress back-end and you’re done. Akismet filters out most of the junk, leaving you free to focus more time on creating content for your readers instead of cleaning out your comment queue of spam.
Once you’ve gotten your Akismet act together (Defensio is another viable option, though not as effective in my opinion), you would be wise to install some sort of comment moderation plug-in for added protection. Disqus is great because it’s essentially an opt-in profile that requires people to sign in using one of many social networks in order to comment (Facebook, Twitter or Disqus itself) thereby forcing a sort of accountability on commenters. The best part about it is it has full API integration with Akismet, giving you two layers of security that will markedly cut down on all comment spam.
Another effective and extremely popular way to go is to install Facebook’s social comment plug-in that requires anyone who wishes to comment on your blog to log-in with their Facebook. This has the added bonus of potentially sharing a comment on the commenter’s wall, thus having terrific ripple effect in inbound traffic. The only downside we’ve encountered so far with using this plug-in is (while all signals should point to the contrary) not everyone on earth who reads and wants to comment on a blog has an active Facebook account. Disqus is a more global option, but lacks the aspect of viral sharing that the Facebook plug-in offers, so it’s really up to you.
Author’s note: this entry was going to be a larger blog post on the various exploits I’ve seen in the PHP code of some of the WordPress installations I manage and how to combat those… but I got really distracted making memes and decided to keep it comment spam specific, since it’s apparently still an issue that people are curious about. Stay tuned.