WP = Spam Magnet

  • Blaze Miskulin

    (@blazemiskulin)


    15 years, 5 months ago

    I tried to search for topics dealing with this, but the top dozen pages all point to posts that are years old and closed.

    I’m part owner of a small web-hosting company. We push WP as a great solution for our clients who aren’t web-savvy (that’s almost all of them).

    The problem, however, is the spam. I’m seeing 10-20 spam comments per day on sites that are lucky to get that many hits in a day. I have a site that has been idle for at least 2 years (a WP install), that I upgraded and repurposed as a personal blog just this week. 2 years without a single spam, and an upgrade and initial post results in instant spam.

    So my question is 2-fold:

    1) I manage quite a few sites for clients (and some for myself) where spam comments are regularly marked as spam. From what I can tell, this does absolutely nothing (except increase the size of the database). What, exactly, is the point of marking a comment as “spam”? I’ve flagged the exact same comment several dozen times within a blog, and it keeps showing up. To me that means the “mark as spam” feature is worse than useless (it does nothing, and it wastes db/drive space)

    2) WP is *obviously* being targeted quite aggressively. Aside from purchasing an Askimet license from Automattic, what is WP doing to combat this? It’s becoming much more difficult to sell WP to clients when I have to say “Oh.. yeah… you’ll also be getting several dozen spam comments (and associated e-mail notices) every day.

    I have e-mail addresses published in plain text on several sites. I get (and I am *not* exaggerating) 100 times more comment spam from WP than I do from blatantly-harvestable e-mail addresses.

    Asking people to pay more for Askimet is a very difficult sell. It comes across as extortion (pay us more money or you’ll get flooded with spam!)–Especially since our company is targeting the very low end of the spectrum (hey, *someone* needs to provide affordable services to them).

    WP is gaining serious market share. As they become more popular, they become more of a target. Is WP doing anything to address this attack on their platform? Or do we just need to start including the cost of an askimet license with every package?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator Dion Hulse

    (@dd32)

    Meta Developer

    15 years, 5 months ago

    Yes, WordPress sites are targeted by spam bots, there is a simple reasoning behind that however, write the script once, applies to millions of websites instantly, no need to be smart and work out which field names the developer has used on the contact form.

    My checklist:
    * Are comments required?
    * What is the Intended Audience?
    * Can the Intended Audience handle Captcha’s or similar questions( ie. 3 plus 5 is?)

    for some people, they’re not going to want to make their users/commenter’s lives harder than they have to, in that case, you can start looking at the alternatives, such as Akismet.

    But you’re not limited to Akismet, There are a few plugins around which can help stem the flow, Bad Behaviour comes to mind, and the plugin repo does have a few other freebie plugins which attempt to help.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    15 years, 5 months ago

    Saying WordPress attracts spam is like saying Microsoft attracts viruses. Yeah, it’s true, but there’s a reason WHY, and it’s not bad coding. It’s popularity 🙂

    I would never consider captcha. I use Bad Behavior, Akismet, Cookies for Comments, and I get MAYBE 1 or 2 spam slipping through a month 🙂

    hpguru

    (@hpguru)

    15 years, 5 months ago

    I use Akismet – no more. 🙂

    Great CMS for me!

    Thread Starter Blaze Miskulin

    (@blazemiskulin)

    15 years, 5 months ago

    @ Dion Hulse

    Are comments required?

    Yes. For most of the sites I create for our clients, I automatically turn off all comments and trackbacks.

    What is the Intended Audience?

    I’m dealing with a wide range of sites and a wide range of audiences. They range from high-end geeks to grandmothers that can barely type.

    Can the Intended Audience handle Captcha’s or similar questions?

    In most of the situations? Not really. I am *not* exaggerating when I say that the target audiences of many of the sites are hard-pressed to figure out how to use a comment form in the first place.

    We deal with a niche market–absolute beginners with little to no tech knowledge or skill. We use WordPress for these clients because it allows these people have a website without having to know anything about code or having to deal with expensive contracts.

    @ thread:

    Yes, I’m quite aware of akismet. But I’m dealing with commercial sites, which means a paid license. The cost of the license would add 50-100% to the hosting package. Given our client base, that’s a bit steep. If our company were offering higher-end (i.e., more profitable) packages, I wouldn’t hesitate to add $5/month to the cost.

    Akismet doesn’t answer the original question, however.

    The primary question is: What does “mark as spam” do? I’ve marked the exact same bot-generated message as “spam” on any particular site anywhere from a dozen to a hundred times–and yet it still keeps showing up in the queue. As far as I can see, this action serves absolutely no purpose, and the marked messages just take up space in the DB. Why should I “mark as spam” instead of just deleting the comments?

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    15 years, 5 months ago

    The primary question is: What does “mark as spam” do?

    Nothing, if you don’t have Akismet, really. Just delete them. Also, you may want to drop Akismet a note, but I think YOU would need to pay for Akismet, but your CLIENTS might not. I mean, make THEM an akismet account and the license might still be free… Depends on their details. And you can always email Akismet and ask for advice 🙂

    I’m horribly anti-captcha so try these FREE plugins:
    http://ww.wp.xz.cn/extend/plugins/bad-behavior/ (stops spammers from being able to get in, let alone post)

    http://ww.wp.xz.cn/extend/plugins/nospamnx/ (hidden fields which get filled in by spammers and, thus, can be turfed)

    http://ww.wp.xz.cn/extend/plugins/cookies-for-comments/ (creates a cookie for real users, blocking the bots)

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘WP = Spam Magnet’ is closed to new replies.