Reducing Wordpress Web Spam
- SEO |
While WordPress is very good for SEO, because it is so popular for building web sites it is also a target for web spam.
The good news is that most of this spam comes from a handful of countries.
In my case the majority of the spam and hacking attacks seem to originate from China, The Russian Federation, India, Pakistan, The Netherlands, The Ukraine, Germany and The Philippines.
And this isn't just comment spam either. These countries are also a major source of hacking attempts using what is called an SQL Injection attack. They hammer your web site's database with multiple database query strings trying to find a hole they can then exploit.
Rule of thumb is if a country's name starts with "The" or contains the word "Stan", then it's probably a major source of spam
So what is the solution?
There are three plugins for WordPress that I suggest you try.
iQ Block Country
If you want to block people from certain countries that have no business visiting your blog and perhaps only leave spam comments or other harmful actions than this is the plugin for you.
Choose which countries you want to ban from visiting your blog. Any visitors from that country get a HTTP/403 error with the standard message "Forbidden - Users from your country are not permitted to browse this site." You can change this message.
SEO Warning: It is not a good idea to block the USA. That's where the Google bots live and if you block them your site will get delisted and lose all search engine rankings.
WordPress Firewall 2
This WordPress plugin investigates web requests to identify and stop the most obvious attacks.
This plugin intelligently whitelists and blacklists strange-looking page requests.
WARNING: Once you install this plugin, you will be stunned at the number of emails you will get warning you of hacking attempts and giving you the IP address of the machine attempting to gain access. This email feature can be turned off.
Contact Form 7 Honeypot
If you get a lot of spam via your contact forms, this plugin is for you. The principle of a honeypot is simple spambots are stupid.
While some spam is done by real people, the vast majority is submitted by bots scripted in a specific (wide-scope) way to submit spam to the largest number of form types. In this way they somewhat blindly fill in fields, regardless of whether the field should be filled in or not. This is how a honeypot catches the bot -- it introduces an additional field in the form that if filled out will cause the form not to validate.
To install all of these plugins should take less than 5 minutes.
Wordpress Help
Robin