Nobody likes spam. Yet with all the new technologies developed to combat spam, they still continue to appear in our emails, blogs and websites. And of all places on the web, WordPress blogs are among the most highly affected by spam messages. So how and why are blogs affected by spam?
One of the primary ways spam appears is through comments. Usually, spammers have special automated routines built to scour the Internet for codes similar to the coding of the comment box in a WordPress platform. Another way spam enters the system is through the registration process, often used as a means of moderation by webmasters before allowing people to comment on their blogs. By discovering how to get past the moderation, a spammer can become a member of your website and so send you spam messages.
Now that we are aware of the common sources of spam messages, let’s take a look at the methods for successfully eliminating spam messages from WordPress blogs.
Admin Panel Options
The admin panel in your WordPress platform offers you a number of options to eliminate spam:
- Navigate to
Settings > Generalfrom your admin panel. Here you will find a list of options, one of them being
Membershipalong with a check box stating “Anyone Can Register”. If the box is checked, you are effectively allowing not just regular users, but also spam bots to register at your website.
- From your admin panel, enter
Settings > Discussion. Here, you will find a list of options to help you control the steps users need to follow in order to comment on your blog. You can prevent people (and spammers) from commenting on your website by unchecking the box “Allow People To Post Comments on New Articles”. Of course, this would mean that you lose interactivity with blog readers.
- Another method to avoid spam on your website: enter
Settings > Discussion. Firstly, check the option to disallow people from registering on your website. Second, check the option for “Users must be Registered and logged in to comment”. By checking these the two options, you will be able to control which comments are added to your website.
Discussionsection in your blog offers you a range of options to control the number of people commenting on your blog. You can also restrict the spam volume in your website this way.
WordPress also offers the Comment Spam Stopper plugin to prevent identified spam bots from commenting on your blog. The plugin also helps in reducing comment space to avoid detection by spam bots.
One of the most commonly used method on the web to prevent spam is the CAPTCHA code. While genuine commenters will not find it a hassle, manual spammers will be turned off by the need to fill in a CAPTCHA while spam bots are unable to fill CAPTCHAs. In this way, CAPTCHA is one of the most useful ways to prevent spam.
In the present age, any who owns a business or who wants to stay connected to the rest of the world requires the aid of the Internet. In order to stay in the competition, every business should ideally own a website. Given the ease of use with the WordPress platform, website building is a simplified process even for the most amateur of web users. But after your website is built, how do you ensure its security?
Unlike your desktop computers and laptops, online websites do not come with “quarantine” or “anti-virus” options against spammers and hackers. To combat these online vices, we have come up with a few tips:
Security Plugins for WordPress
Securing WordPress may be tough, but it is not impossible. The first thing you can do to protect your new WordPress-based website is to use plugins meant for increased security. To improve the security of your WordPress theme, you may like to try the following plugins.
Limit Login Attempts
A very useful plugin for securing your website, it simply blocks a user from entering your website for approximately 20 minutes if s/he enters the wrong password more than thrice.
Uses a simple public key to encrypt client password. Click here.
Keeps fake user logins away from your website. Click here.
Secures your installation using a few functions, e.g. by hiding details of your WordPress version from non-administrators. Click here.
Checks visitor’s IP address against a database called Project Honey Pot for possible spammers. If visitor is malicious, plugin blocks the IP address from getting into your website.
It is advisable to use all the above-mentioned plugins in order to secure your website. In addition to those options, we have included a few other methods for those who wish for maximum security.
Empty file index.html/index.php
By default, the WordPress system comes with an exposed directory. This allows all visitors to view the various plugins used in the website. By uploading an empty index.php or empty index.html within the base plugin directory, this problem can be averted.
Limiting Access to Website Admin
You can always limit the access of your website admin to specific IP addresses using the .htaccess file. This is a basic server level file that restricts user access by interacting with the server even before interacting with the web browser. In this way, you can restrict access to your website admin to just the IP address of, for example, your office or home computers.
Changing Admin Account Name
In the WordPress system, “admin” is by default your website account. Once a user knows this, he just needs to crack your password to enter your website admin. Hence, changing the name of the admin account is one of the best ways to secure your website.