It is a wonderful, wacky Wednesday and instead of an iPhone and/or iPad app, I am singing the praises of a WordPress Plug-in, Akismet, this week.
If you blog, you are targeted by spammers.
Google owns Blogger / Blogspot.com and zaps spam for you. But if you need to own and control your own blog the odds are that you are using WordPress. I hope that you are using a reputable host that provides some monitoring of the health and functioning of your site, they are out there. With those infrastructural considerations behind you all that remains is to manage and write your blog, right? Almost. Spam is more than annoying, it can be dangerous, and it is the first thing you probably want to address when putting up, moving, or renovating a blog. It is also easy to manage with Akismet.
The WordPress development folks are behind the Akismet plugin that as they explain, “checks your comments against the Akismet web service to see if they look like spam or not.” It is easy to install and activate from the Plugin GUI (Graphical User Interface) that is accessible on the sidebar of the WordPress Dashboard.
Something very much like this, below, should appear on your screen.
Click “Install Now” and you will only have to do a couple more steps on your own.
On another tab or window, go to https://akismet.com/signup/ and select the plan in which you you want. If you just have a personal blog you can select the personal option and pay nothing, or if you have a personal blog that is starting to turn into a business and you can afford a few bucks to support the Akismet project, select the amount you would like to give .
Once your have selected your plan and filled out the information, you will be given an API Key (save that key/code!) that you can enter back on the other tab where you will be asked to provideit, so copy that and go back to the tab or window where you did your Plugin search for Askimet.
Your have already done the install so now just click on the Settings tab:
Paste in the API key on the Settings page, and you should be ready to go.
When I first installed this I checked the spam cue until I was sure it was only catching spam comments and not real comments. I only had to retrieve false positive comments once, that I did that by simply clicking that they were not spam. I installed the plugin for Reason Creek when I was setting the site up and it has been working like a charm ever since then, and best of all no more CAPTCHA entries. CAPTCHA is the challenge and response system that computers cannot answer and theoretically humans can answer. But it causes so much frustration in readers that they often will not leave a comment. Akismet solves that problem.
I highly recommend trying this plugin out. I also recommend using as few plugins as possible and only installing them after you have researched them, found them to be extensively and positively reviewed, and gone through a few versions. Putting unknown code into your site is like having someone have you hack your own site for them. Don’t do it. Do your homework.
Once this is done you will just have to write, write, write and not worry about going through comments or losing readers due to CAPTCHA. Have fun!
Sharing Information, Sharing Smiles
Yesterday a set of comments on the blog post I wrote the previous day, Saturday, reinforced a very powerful bit of information which I have a tendency to forget over time. We all know different things. You may well say, “Of course!” At the most basic level, sure, we all know this, yet as a writer, blogger, and graphics nerd; I can forget that the things with which I work, day in and day out, are not common knowledge.
I was unsure as to whether I would be writing something that was of no practical use to anyone when I wrote a short post on a basic resource for free images. I didn’t want to insult anyone’s intelligence, and I’ve known of this resource for ages.
But those fears went away when one reader commented that she had bookmarked the resource and thanked me. The other comment that popped up Sunday morning was reinforcing the info I had shared as a known quantity but one of high quality. Today another reader thanked me. I love sharing information that is useful.
So today I’m wondering, how do I find out what it is that I know that others don’t know that they might want to hear about? I’m at a loss. I mean I can ask you the readers, and I am going to ask you, but other than questionnaires and scouring my analytics, what else is there? How do you determine the topics on which you write? What are the subjects of which you would like to see more? There is a poll on this topic in the sidebar; please fill it out if you would be so kind. It will remain open through October 31st. Do you like my reviews, my information nerd articles, pet articles, personal stories, or political stuff? You can always leave a comment too. Thanks!
Vigilance Is Your Best Security Option When Using WordPress
V is for Vigilant
vigilant |ˈvijələnt|
adjective
keeping careful watch for possible danger or difficulties
Yesterday I began talking about security through the routine installation of upgrades. This is probably the biggest single thing you can do to secure your self-hosted WordPress site. You need to be vigilant about upgrades to any software you use or have loaded on your computer, host, and mobile devices.
Upgrade WordPress to the current version. Why? Because these new versions have bug fixes and close security gaps. Most malware that can get onto or into your site comes through holes that bad guys have previously used. Of course there is always the time period between when a problem is discovered and when it gets fixed, and maybe there is nothing you can do during that time period. But after the fix is available you need to take advantage of it. If you don’t, a bad guy will sniff out your vulnerability and exploit it. You might as well be playing the poor damsel in distress and broadcasting, “Yoo hoo, hackers, come on over and f*** my site.”
When you log in to your WordPress dashboard, you should see a notification if there is a new version of WordPress available. If there is a newer version than the one you are using, you need to do a site or blog backup and then install the newest version. The current version as of this writing is 3.3.2 that was released on April 20th, 2012. There is another planned update on May 9th, 2012. How do I know this? Besides my brilliance and psi powers (Not!) there is a WordPress page that tells you all the release info in a nutshell: http://codex.wordpress.org/WordPress_Versions
Do backup your site first though, before you upgrade. If there is something incompatible on your site upgrades can “break.” It does not happen often, but it can happen. The most likely cause of an upgrade breaking something, according to what I’ve been told by trusted, informed guru-ish and nerdy sources is that incompatible plug-ins will not work and play nicely with the new code in the upgrade.
So how do you take care of that mess and prevent it from happening if at all possible. Plug-ins have upgrades too. Use only trusted, absolutely necessary to your purposes plug-ins. Plug-ins add some sort of functionality to a program that you use. In this case it is WordPress. Before you install any plug-ins, do your homework. You wouldn’t put just anyone’s doo-whichy into your doo-whatchy would you? Well, don’t do it with your computers, laptops, notebooks, iPads and mobile devices either! Geesh, it is just basic hygiene!
The best plug-ins don’t just do neato-keen things, they save you heartache from unwanted gifts that keep on giving, just like in the biological world. Akismet is my favorite plug-in that protects me from spam. It acts as a trap and catches comments that have some of the characteristics of spam. Even if you have clicked the Settings – Discussion options to have visitors leave a name and email and have a previously approved comment before you automatically allow comments, which is one thing that regular visitors and comment givers really like, bad guys and gals who are trolling for click-throughs or access to lesser secured areas of your site, may seem like sincere comment leavers at first. They are just waiting for you to let your guard down and then they will spam you with viagra ads or tempt you with wonderful sounding offers (often about security) but Akismet catches these and holds them for you to evaluate. At first glance nothing seems unusual in this real example of a spam comment:
I really like what you’ve done with the thmeme but I was asking myself if you are the one that created it or you just bought it and customized it?
This was a gateway spam comment. No links in it, but if I allowed this comment by the author there would have been another post that wasn’t captured through the discussion settings and then the spam would have hit. So how did I know it wasn’t real? Well for one thing saying nice things about your site is a standard way to try to gain trust through flattery. But I have WordPress and Elegant Themes links at the bottom of my pages so anyone actually interested in my changes would have said something more in depth. That and I checked the email address of the poster and it ended in .ro. Not that many people in Romania read my blog, and lots of attacks originate in the Eastern Bloc and former USSR states, so I will block those IP addresses that have sent spam. Often the originating site of the spam is only up and live for a day or two. That is how these hackers work. Akismet gets most of these and every few days, ideally every day, I check my Akismet spam folder and allow real posts from recognized readers through. Better safe than sorry.
So yes you have to update your plug-ins too. New versions of plug-ins most often fix holes just like with your platform. They are also noted on your WordPress dashboard.
This is such a huge and not fun to think about topic that I totally understand why lots of bloggers just don’t want to think about all the details involved in security. But like anything else in life, just work it into your routine and eventually it becomes second nature.
That is probably enough to leave your head spinning, so I will end this post. There are another few areas of basic site security that I want to make sure my readers know about, so there will be another installment in this “series” of posts. I want to talk about theme updates, some other easy fixes that minimize your risks, and I want to share a bunch of web resources at which you might want to take a look.