STEP BY STEP AND ILLUSTRATED: How to protect your WordPress blog by using Akismet

[Harry Behrens]

During the past few days I have seen a few different threads talking about WordPress spam comments and their consequences. In these threads, it becomes clear that quite a few people are not activating their Akismet plugin that comes included in their WordPress installation.

This is alarming to me because it is not just spam you want to protect against in your comments; it is a wide variety of creative ways to attack your blog, some of which leads to SQL injection (meaning the hacker tries to take control of your database and your content), cross-site-scripting traps (meaning the hacker tries to take control of your readers' browsers and through them, their computer and any identity information that's not encrypted or locked down), or even just straight viruses.

Of course you can just turn the comments in your blog completely off. But for many people this defeats the purpose of having a blog, and makes you miss out on many benefits of user-generated content.

For this reason I put together this little how-to guide, aimed squarely at true-blue non-tech WordPress newbies that genuinely think something like this is complicated. It's not! You just need someone to guide you through it.

Note: I spent a bit of time on this and I'm doing it to help new people avoid frustration and problems. During making this I had a lot of thoughts of how basic this is and had many doubts of whether this would really be useful to anybody... But I went ahead with it anyway just in case. I do ask then that IF you find it useful, please do press the Thanks button or leave me a reply so that I know my effort was worth it. Also if you know someone who might appreciate the step-by-step, very basic nature of this guide then please point them to this thread.


Getting And Activating The Plugin

First we're going to determine if you have the Akismet plugin installed and whether or not you need to update it. Make sure you are using WordPress 2.7 at the least! Preferably 2.8. If you are not upgraded, then do so before doing anything else.

We begin in our WordPress Dashboard, right after logging in. On the left, click the menu item that says "Plugins":

This takes you to your plugin page, where you can see a list of the plugins you have installed. Now, usually Akismet, because of its name, will be the first or second plugin on the list (it's alphabetized).

If you don't see any entry on the list that says "Akismet", then skip down to "If You Don't Have Akismet Installed".

Check the list entry for Akismet. If you have had your blog for a while, there's a good chance that your plugin is out of date. This is easy to correct: simply find and click on the bottom of the list item where it says Upgrade Automatically. If you don't see any upgrade link, then simply click the Activate link on the left.

If you had to upgrade, you'll see the following screen, in which you have the chance to Activate the plugin directly.

If you had the plugin installed and successfully activated it, you can skip forward to "Once The Plugin Is Activated".


If You Don't Have Akismet Installed

No problem! We can install it easily without ever leaving the WordPress admin panels. Simply go to the left and click on the menu item Add New, under Plugins:

This takes us to the Install Plugins page, where you can go to the search box and type in "akismet" then press Search Plugins.

As you can see, the first result is of course, the latest and greatest version of the Akismet plugin. Go ahead and press Install on the right.

You'll get a popup on a block background. Don't worry about anything here - Just ignore everything and press the big orange button on the top right.

If everything went fine, you'll see the following screen, where you get the chance to Activate the plugin right away.

Once The Plugin Is Activated

Once you install and activate your Akismet plguin you'll see the following screen:

Note that Akismet is not actually active yet! You need to get your personal WordPress.com API key. This is not as complicated as it sounds. I will cover this in the next post (because there is an image limit per post).

[Harry Behrens]

Ok, so we're going to be getting our personal WP API key so that we can make our Akismet plugin work. Point your browser over to WordPress.com Get a Free Blog Here and hit that big ol' sign up button:

You'll be choosing a user name and a password for your Wordpress.com account. I already have my account but I'll be making a new one to illustrate.

At the bottom agree to the terms and choose "Just a username please" since we're doing this on our own blog and not theirs. Click Send to submit your registration.

Once you submit your login and password, you're going to get an email just like for any opt-in newsletter you've ever gotten.

Go on over to your email account, find the email from Wordpress.com and click the confirmation link. You'll land on this page, where you can click Login to get into your account, where your API key is hiding.

Note that this login is a completely different thing from your own blog! Even though the login look the same. Enter your login and password that you just chose...

...And you'll land in Wordpress.com's "global desktop". Don't worry about anything here. Just go up to the top left and click on My Account.

Then click on Edit Profile.

You'll land on this page, where your API key is waiting for you. Finally!

Copy and paste your key onto a Notepad file and save it (or just write it down somewhere). This is now your key for life, you can use it over and over again forever, in however many Wordpress sites you like.

In the next post I'll show how to enter your API key into your Akismet plugin and that'll be it.

[Harry Behrens]

Ok, this next part is the easiest part of all. Go over to your own blog and to the Plugins page, where you had the notice about needing the API keym click it:

Next just type in the key into the box, click Update Options and...

You're done

That's it - that's all there's to it. Do not ever skip doing this for any Wordpress blog you have. It is so easy and yet the benefits are never-ending. You'd never know just how important this is until you actually have a string of blogs taken down by hackers, which I have - including sites I had made for offline clients - because of a comment form SQL vulnerability.

Also spread the word to anybody you know that doesn't have an active Akismet protection on their Wordpress. The more people know and apply this, the harder it is for spammers or hackers to hit us and the better off everybody is.

I hope this was useful to someone in the forum... I am also thinking of bundling all this up into a PDF with free and clean giveaway rights (by 'clean' I mean that the PDF would have no opt-in, no links nor any attribution to anybody or anywhere, it would be completely anonymous) so that people who have lists of IM newbies that they'd like to help out with this can do so.

However, this would take even more time than I have today, so, if there is any demand for this please let me know in a reply and if I get any response (even a small one probably) I will get it done and post it up.

[John Taylor]

This is a discussion forum and threads
like this are completely inappropriate.

John