How To Stop WordPress SPAM

Is your WordPress website being flooded with SPAM? Here how to stop WordPress SPAM.

WordPress now powers a third of the web, so if you’re running a website, there’s a good chance your using WordPress. Since it’s such a popular platform, it’s also a huge bulls eye for spammers looking to promote their bullshit.

There are two types of WordPress SPAM; automated and manual. Automated SPAM is created by computer programs, or bots, that try to post SPAM to every WordPress site they can find. Manual SPAM is created by people who enter SPAM manually on WordPress sites.


A common way to stop automated SPAM bots is to use CAPTCHA. This is a type of challenge-response test used to determine whether or not a user is human. The first CAPTCHA implementations were very basic. You just had to recognize a few numbers and letters in a picture, and enter them in a form to prove you were not a pesky SPAM bot. This was a trivial task for humans, but very hard for computers.

But the spammers soon caught up with the early CAPTCHA technology, and taught their bots to solve the simple CAPTCHAs. In the inevitable game of cat-and-mouse, the CAPTCHAs then had to become more advanced to stop the bots. The result was that, more often than not, a CAPTCHA was too hard for humans to solve as well. This made the technology a less desirable way to stop SPAM since they also stopped legitimate users.

Let’s Try Gutenberg

The new Gutenberg editor will be introduced in WordPress 5.0. It has received a lot of bad reviews, so I decided to give it a spin myself.

The new WordPress editor, code named Gutenberg, is introducing the concept of blocks as a way to structure a post. It’s not a revolutionary way of structuring things, really, since everything you see on the internet is made out of blocks, or HTML-elements as they are called.

Gutenberg makes it amazingly easy to get an impressive amount of control of each HTML-element, though. The block you read now, for instance, is an ordinary HTML paragraph element. But the new editor makes it very easy for me to control the content of the element. I can quickly change the font size, text alignment, add a drop cap, change the color of the text, add custom CSS classes, and a myriad of other things.

This is a massive step forward compared to current visual editor in WordPress. I’ve avoided that editor like the plague, and written pure HTML instead.

How To White List JetPack Servers

JetPack is a collection of WordPress power tools maintained by the WordPress creators Automattic. It will, among other things, provide you with site stats and analytics, automatic social network sharing, 24/7 uptime monitoring, and access to a high-speed content deliver network for images.

Many of JetPack’s features use the infrastructure, and to use it on a self-hosted WordPress install – like the one you’re looking at right now – the WordPress XML RPC interface has to be accessible to the servers. The problem with that approach is that XML RPC interface is one of the favorite attack vectors for WordPress hackers script kiddies. So the interface is ideally locked down and made inaccessible unless it’s strictly necessary to make it available.

To get JetPack to work properly it’s necessary to make the XML RPC interface accessible from the in-ter-net. But you don’t want every single Russian basement dweller to get access: Ideally, you just white list the JetPack servers.

Independent Publishing

The site’s design is beginning to feel stale again. I’m popping in at least once a day, just to check that everything is A-OK, and now I’m starting to get too used to how things look around here. The current theme, the Editör, was introduced a little over a year, and one year seems to be the expiration date for most of the designs I’ve used on this site.

There is an almost infinite amount of WordPress themes available, both free and premium. And, man, have I looked at a lot of them to find the right look, feel, and feature set. I was close to shelling out $50 for a theme that probably would have worked without too much tweaking, but decided I couldn’t rationalize spending that much money now on something like that. So, in the end, I’ve resolved to trying a basic, but clean, open source theme called Independent Publisher.

Independent Publisher is a good staring point for a theme, but it has a few shortcomings, most of them related to navigation. But it’s nothing a few tweaks can fix. And since it’s all open source, maybe I can contribute something back to the original project. I’ve already had one pull request approved, so things are moving along.

The plan is to make enough changes to the CSS so that my highly customized A Picture a Day and A Book a Month sections look all right, then activate the theme. That means that many features, like the use of my very own wp-days-ago WordPress plugin, will disappear – but it won’t be anything you can’t live without. The actual content will still be here, and I’m aiming to gradually add everything that goes missing again over time.

Update: And we’re live! A lot of missing features, and some minor bugs. But that’s to be expected after only four or so hours of work. I’m way past my usual bedtime, so it’s time to head off to sleep. If you notice any major issues, please let me know.

A Short Evening With Ghost

I’ve been playing around with Ghost this evening, and reached the sober conclusion that it’s not for me. At least not yet. If you’re planning to launch a brand new blog, and you like simplicity and a platform that is very far from being feature bloated, I’d strongly recommend Ghost. But if you’re like me; currently running a WordPress site with 2,000+ (i.e. a shitload) of posts and pages that you want to convert to the Ghost platform, you might want to sit on the fence for a while.

Here are a few good reasons why, most of them related to the process of moving your content from WordPress to Ghost:

There’s no automatic update process

If you’re used to WordPress, you’re also used to the luxury that it’s updating automatically now, fixing critical security vulnerabilities and bugs without you having to hold its hand. Ghost doesn’t do that, you have to manually update the core code yourself. In a world where there is just a matter of time before someone finds a gaping security hole in anything connected to the internet and uses it to butt rape everyone, automatic updates are essential.