29 Steps Archives

Managing Spam Comments – WordPress

When I started using WordPress for my own self hosted sites I had already signed up for a free WordPress.com blog with which I made my first posts and learned to use this amazing content management software there. You get a key to Akismet when you have a blog at WordPress.com.

Akismet is also installed with self hosted WordPress. Akismet manages wordpress spam comments, sorting and moving spam from the comment area and deleting it, if set to. Without Akismet or something similar you can end up with hundreds of pages of spam comments in WordPress which you may have to go through page by page to delete.

You need to enter a key ( a number you are given) to make Akismet work. You can get the key when you sign up for a WordPress.com site. You only need the one key for any other WordPress blogs you might have using the same Akismet key in all. For many years I took Akismet for granted, as a free plugin that was part of WordPress.

Then at the end of last year I saw a message when I updated Akismet that said I may be using Akismet inappropriately.

I can only assume that most people, like myself, hit the agree on their Terms of Agreement clauses without giving it much thought. After all if you say no, it won’t install! Duh.

Like most people, so far as I am cognizant of license restrictions, I follow TOA agreements. Like most people, I don’t make a lot of money blogging and try to keep my costs to a minimum by using open source software.

So after following up on the Akismet message, I realized that as with many free rides, this one had come to an end. Times have changed and spam has increased. Its not that I don’t think Akismet is worth paying for, I do. If I had more money to spare, I’d probably happily pay for a license for convenience sake.

However spam comments from bots are now coming in droves, and WordPress is under attack from hackers. 90% of my email is notification about comments (that turn out to be spam) or about large numbers of failed login attempts sent from the cron job on my server. Two different issues but both need fixing as they are wasting my time and eating up my server space resources.

Spot Spam Comments in WordPress and only approve Genuine Comments

Go to your comment area in WordPress and read the first page. How do you know if a comment is spam?

1. The name and the email are inconsistent
eg The bold Name is Ivan and the email is Pete423456zjg@whatevermail.com

2. The name is a keyword phrase. eg buy brand name handbags, often not connected to the website listed. Many bloggers consider it bad form to leave a comment with a keyword phrase as a name. I don’t mind people using anchor text on a relevant site with a genuine comment, but I hate spam links on my website that say one thing and take you somewhere else – like nasty sites or hook sites. Leaving such links intact tarnishes your own websites reputation and just encourages more of the same. So generally speaking, if the name, comment and username are different, these comments are spam. Especially so if the topic of the comment is selling something or has a lot of links.

3. Some spam comments seem complimentary or ask questions. Until you’ve read a lot of these they look quite genuine. But genuine comments are generally about the article the comment was on. So look to the right for the post name, and then see if the comment says anything specific about this post. If not – its almost always spam. Some bots try to trick you by entering the title of the website or post in the comment, but its always a clumsy insertion and should be easy to spot, so this comment too is spam.

If you are like most bloggers you don’t have a lot of genuine commentators. 99% of your comments really are spam. If you want more genuine comments, you need to build a relationship with your readers, and this takes time and work.

Reduce and Remove Spam Comments

Start by deleting more spam in one go. At the top right of the comments page there is a button called Screen options with a drop menu arrow. Click it.

Change the amount of comments on a page in the Comments box to 100 and click apply. (NB do not increase this above 200 or your servers memory may be unable to handle deletion of so many entries at once and the request may fail.) Now instead of having a page of 10 spam comments, you have a page with 100.

Now, at the top left, above where the comments start there is a checkbox, next to Author. Tick it and it auto ticks all the boxes down the page, selecting every comment on the page.

If you really want to check each comment, you can then just untick those 1% of comments you want to keep, or approve them and then keep working from the Pending Sort Listing. If you just want to delete everything, it still first goes to trash, so do the WordPress community a favour and instead mark spam comments as spam. This sends their details to a spam register used to filter spam by anti-spam plugins.

Go through all the comment pages (paging is top right) and continue to approve non spam and mark other comments as spam.

To mark emails as spam, tick the author box ( as described above on each page of 100 comments) then drop the menu arrow under Bulk Actions (top or bottom left). Choose the option Mark as Spam and Apply. The comments are removed from pending to the Spam page.

Empty the Trash and Spam Pages

The empty trash and empty spam commands on these tab pages, delete (or empty) these spam records directly from the database. So even with thousands of spam comments this deletion happens quickly and doesn’t use much memory.

When you have finished marking as spam or approving comments, click on the Spam (Tab Menu listing at the top) to show the page with all the comments marked as Spam have gone. Click on the Empty Spam button. All gone. Do the same for trash if it shows it has emails.

Removing Thousands of Pending or Approved Spam

Removing a few pages of spam comments isn’t too bad, but what if you have thousands?

If you have pages and pages of spam comments in WordPress, there is a plugin you can use called Delete Pending Comments. It will save you a lot of time if you have thousands of built up pending spam comments. You will lose any genuine comments but you have to decide what your time is worth.


Deleting approved comments is harder as there are probably many you prefer to keep. To pick and choose you will have do this manually. To delete thousands of approved comments, please see the following thread for how you to delete comments using PHPMyAdmin on the server.


So now we’ve removed the built up piles of spam, we need to make sure spam doesn’t build up again. We need to use a plugin to make that sort process, separating spam from human comments, automatic so genuine comments are preserved and spam is deleted immediately.

This is something that Akismet can do. This plugin comes installed with WordPress but needs to be activated with a key.

If you want to use Akismet, find its plugin settings and check the box to auto-empty spam perhaps every 7 days or so. Maybe every 30 days if you don’t want to check the website too often but you do want to check for genuine comments.

But if you have what Akismet considers to be a commercial website then you may have to pay to use this plugin. (Thanks Spammers!)

As an alternative you can try several other free plugins, however I now use and can therefore recommend for use, AntiSpam Bee. (see below)

If you have settings that auto approve all comments, its now time to check those settings under Settings>Discussion in the WordPress Left Side Menu. If your spam is so bad you don’t want comments you can just untick the checkbox “Allow people to post comments on new articles” and turn comments off all together.

If you are sick of emails piling up in your inbox advising that you have spam comments, and you don’t want to be notified of every spam comment you can untick the two boxes next to E-mail me whenever – Anyone posts a comment and A comment is held for moderation.

Cool, no more inbox full of useless notifications. Another useful spam tool here is the blacklist at the bottom of the page. In comments, it lists the IP address of the commentator. Copy and save IP addresses (listed next to spam emails) into the blacklist box and it will stop all but proxy enabled spam bots. Although I used to do this, I have now found it too time intensive.

If you had WordPress Settings that said “you must be subscribed to comment”, also check your Users > All Users listing. If you find you have lots of spammy looking emails, maybe you should also delete any the spammy looking users.


If you delete your own entry here, and you are the only administrator, you will be unable to login to your website with your browser. Then you will need to learn how to go to your server and use PHP MyAdmin to enter a new administrator in order to log in.

( I know because I’ve done it once! – oops 🙁 …sigh )

AntiSpam Bee – Alternative to Akismet

Install AntiSpam Bee and activate it. http://wordpress.org/plugins/antispam-bee/
Yes its in German on the Repository, but it is English inside your WordPress Interface

Use the WordPress Plugin Installer and search for Antispam bee and install it.

Go to its Settings > AntiSpam Bee and check the plugin defaults and adjust them to perform as you wish. Here, like with Akismet, you can check a box to auto delete spam after 30 days if you wish. Personally, on blogs that get few real comments, I uncheck the box right side box to keep spam at all. The plugin then just deletes it all without me even having to look at it.

Now you are spam protected again, and will find it not less hard to stay on top things. Constantly deleting spam comments in wordpress is a time consuming endless pointless task – automate it.

Stump Spam Bots – Limit Login Attempts

While you install antispam bee also download and install Limit Login Attempts

For WordPress security, we enter another realm here, beyond SEO comment bot spammers, to malicious hackers who are using Brute Force bot attacks to log in to WordPress in order to plant data. There are many articles that weigh up the pros and cons of how many security plugins or strategies you need versus the time and inconvenience you’ll spend implementing them.

There are many security plugins available to consider, something for another article. Anyone who has been hacked will say they are worth it, but they can be complex and sometimes it depends on what you are defending. However…

Meanwhile this awesome plugin does one thing really well. When hackers attempt to login using a piece of software, it gives them 5 chances. Each time after that, it delays their next attempt in increasing time periods from 5 minutes to 20 minutes and then to 24 hours. Soon they give up and go away and try a website that doesn’t have this safety measure.

Think of it like a barking dog. It won’t stop a dedicated hacker, but it will deter most hackers who are just testing things, and they will move on to an easier target.

Here are 7 Simple Tips To Make Your WordPress Website More Secure

1. No longer use “admin” as the login name, this is the first attempt bots use to hack your website. The second is variations of your name combined with your domain name as an email address, so use a contact form and don’t display your email on the website in a naked form if its the email you use to login with.

If you already have admin as a user name from a few years ago, create a new user, (under Users) preferably with a two part name, and enable the user as an administrator. Ensure you can use and have saved the new login details for this user by logging out and logging in again, then delete the old admin user record and update any password software you use.

2. Use a strong password with at least 3 different components not just a dictionary word and a number. Pick something along the lines of “I like#3”, this uses capitols, lower case, number, space and symbol.

3. Update WordPress at least every three months. Sooner if notified to.

4. Install an automated Backup plugin and schedule it to make a backup every three months or more. Do a manual backup before you update WordPress, theme or plugins. Do a manual backup after making any post or page changes. If you are hacked, a backup saves you from a lot of headaches.

5. Store a minimum of 4 backups of your site per year off site, set the backup program to email it to you (Do NOT store backups on the server which may potentially hand your wordpress config details to a hacker).

6. Install Limit Login Attempts and just use its defaults, so your server doesn’t continue to get hammered by Brute Force attacks.

7. If possible check on your site every week even if you haven’t changed anything. Take a look at the stats the Limit Login Attempts gives you. Maybe you’ll think it is time to look at more advanced security measures. It is worth asking your host if they have security measures they can implement server side, like mod_security and spam-assassin.

Your Website Audience – Readers, Subscribers & Users

All the world’s a stage,
And all the men and women merely players:
They have their exits and their entrances;
And one man in his time plays many parts…

William Shakespeare –

All the world’s a stage (from As You Like It 2/7)

What is a website? That is, we know what it is, but to help us conceptualize and focus our own website, lets just examine a few perspectives.

First and foremost a website is a way of publishing “content”. In this view, it is most similar to a newspaper or magazine and consists of articles, images and contact information – and often may include advertising.

This isn’t something that lands on the lawn or can be read in a doctors surgery however. So secondly, a website is a group of electronic documents that can only be accessed inside a browser program on an electronic device that is connected to the internet. It is hyper linked enabling people to “turn a page” to look at something new.

Thirdly unlike printed media like books and magazines, a website can display video and audio content. So it is – or has the potential to be – a performance or a moving slide show, with both galleries of moving pictures and a soundtrack of music or voice over.

Fourth and last – but not least – with various different applications (that are often described as being Web 2.0) – a website is a Performance Stage that can invite the audience to take part. From conference software where websites can display live events with instant question and answer sessions, to more passive applications such as comment threads where questions and answers are dependent on attention for replies, the reader can participate in a discussion with the writer and with other readers.

Blogging is a Performance Art!


Image via Wikipedia

I have used the word website throughout this website, because it is a word that the majority of people know and understand but many others ask – “What is a blog?” if blog or blogging is used.

The definition of a blog usually relates to the software being a CMS (like WordPress). However to me the main difference between a website, and said website being specifically a blog, is a constantly updating feed of news.

Each new post is similar to a narrator moving the story forward. So…

You can be the person on stage who lets people sleep – or you can wake up your audience.

To get to the point – a website is NOT a “passive” medium. Although there are many static websites – and maybe your website is one – whether your site is static or dynamic, a website is there for one purpose only.

It has something to “say” to a reader… So make it count!

And if a website’s reason for being is the reader (not the writer) it’s time to think about how you can optimize people’s experience of your website for its users.

Much will depend on the type of content on your website, but even a simple brochure website should be making it super simple for people to call or email the owner. A website looking to build their readership should be publishing regularly ( minimum 1 post a week). It should be using images, videos and audio – and asking their readers what they want and giving it to them.

In return ask your readers TO DO what you want them to. Probably the main thing you’d like from them is their email. Because then you can contact them and keep in touch with them and tell them when you have something new or have news.

Because then, suddenly – you are no longer just a static throwaway website – you are a community.

What can readers DO on your website?

By using WordPress, the options for readers to interact with your website increase dramatically. There are multiple levels of interaction available that you can set according to what you want to achieve.

Without joining you can enable people to start using maps to get directions and contact forms to send an email or ask for a quote. With other web applications they can play games, do polls, enter a discussion by leaving a comment, participate in a webinar, watch a teleseminar, listen to a podcast, go through a slideshow, browse a picture gallery, and listen to some music.

By joining your website they can do even more, such as add a profile, a link or an article or more to your site and pages that are “unique to them”, such as a download page. This is done by the CMS and you can use it by understanding Users, their roles and their capabilities.

I’ll start at the most passive and work my way up to you on the “admin” level.

Readers Can Comment

The most basic level of interaction is when a visitor stops by and reads an article. Starting on whichever “landing” page they arrive at via a SERP or on the home page from typing in your url, they can read an article and are presented with navigation links to other content.

As a reader they may be able to comment on an article if your settings allow then to. They cannot do this from a “feed” page and will need to leave an email with their comment. To comment they should click on the page title linking to the single page for the article or on a comment link, and the comment box will appear at the bottom.

As the website owner you can decide whether comments are published immediately, set aside for moderation, or disabled altogether. This is done under Settings>Discussion in the dashboard.

You can moderate comments under Comments at the top of the dashboard. Unfortunately due to the ability of software to spam websites, 99% of your first comments will be spam looking for a free link. Enable Akismet in order to keep these to a minimum – to do so you must get an API key to use Akismet via a WordPress.com account.

With plugins readers can add rich content to comments if you choose, even embed a video. The reader who enjoys what you have to say and comments is a gift. It is as rude to ignore a comment as it is to ignore someone who talks to you. Even if they never see your reply take the time to answer questions if asked and to acknowledge comments in active discussions. If this becomes too hard turn comments off on all but new posts.

Subscribers Can Read Emailed Summaries and See More.

It is a misconception that you need to subscribe to read blogs. It is true however that subscribers can often see more! When you write a post – in the editor is a split page icon to insert the Read More tag. If this tag is inserted on a post or page, in settings it can be made to use the first part (above the tag) as an excerpt and anything below the tag has further options.

Some people set this so that only subscribers can read the full content when logged in, and other website owners set it so that the full article is only available on the permalink single page (which means they are presented with the comment box after they finish reading). Both of these publishing techniques aim to engage the reader more fully, although occasionally they backfire and mean that only first paragraphs get read!

With the use of the Subscribe2 plugin, or by joining Feedburner, people who subscribe can receive emailed updates either when you write a new post, or as a weekly summary of new posts. You can also email updates by using an autoresponder like Aweber, if you offer a free report or newsletter as an incentive to subscribe. These strategies make it possible to gain your readers email and add it to your mailing list.

This is another means to engage with readers, and your best way to stay in touch with people who have visited your website and want to read more when you publish it.

Users can have their own back office area

The next step after subscriber is User. WordPress has several levels of user starting at subscriber, and moving up to full privileges as administrator. With different plugins you can change the default user privileges if you wish and redirect these users to specific areas of your websites back office according to the users level of membership.

Read the full article in the codex on User roles and capabilities

User Roles & Capabilities

  1. Super Admin – YOU! Or someone with access to the WordPress CMA administration features controlling the entire back office.
  2. Administrator – Someone else to whom you have given access to all the administration features
  3. Editor – Somebody at a trusted managerial level who can publish and manage posts and pages as well as manage other users’ posts, and who can enable plugins and do updates and other maintenance tasks.
  4. Author – Somebody who can publish an article and manage only what they publish
  5. Contributor – Somebody who can write and manage their posts but not publish them, they must wait for a moderator to approve things.
  6. Subscriber – Somebody who can only manage their own profile page and receive updates

A member by any other name would smell as sweet…

Member sites all use this USER role and capability framework, but adapt it for specific purposes.

Much has been made of membership plugins and store plugins that have been built on the WordPress framework. It is often worth taking a premium option for a specific usage simply to save time and get support. You may well be able to achieve something similar with free plugins but how many hours in the day do you have to spare. Do you really want to re-invent the wheel?

Premium shop and membership site plugins set up templates and hooks and filters and make everything happen smoothly so you can into your back office and add a product page and a download page and check sales and users. If there is a snag, you can get support. When you need to look professional then it’s preferable to not lose the confidence of members by attempting to diy and failing. DIY on a test blog by all means but don’t waste your readers time.

Who Is Your Audience?

Reading Your Website Statistics

Referring Back to Target Readers – Step 1

When you started your website you probably had very little idea of who might visit your site, where they hailed from and what they came to read. When you start a website therefore you want to enable some form of Statistic program. These keep track of hits, keep a record of keywords and backlinks and generally measure how well your website is performing for your readers.

Stats help you figure out what you can do to get more readers. The most common Stats programs used are Google Analytics and CPanel Statistic programs like Webalizer and these both need to be set up or enabled.

After a few months you will have graphs and figures to look at and can start to see where people are landing and which pages hold their interest. Reading these statistics can be fascinating for some people and incomprehensible to others, but either way you should look at your stats at least once a month, such as when you are doing your maintenance.

If there is a specific audience you are not reaching (eg a local one) then you will see it in your stats and can start to look for ways to get more local visitors. If you discover that search engines are sending you traffic for a specific keyword and this is relevant to you, expand on this type of content in order to reward visitors and use this content to ask for your required actions.

The more you learn about making a website, the more your own website stats will mean and the better you will get at optimizing your content for the search engines and for your readers.

Enhanced by Zemanta
 Page 1 of 8  1  2  3  4  5 » ...  Last »