Comments on: Added Two New Plugins To Increase WordPress Spam Protection

By: Richard Cummings

Richard Cummings — Sun, 24 May 2009 15:18:49 +0000

Yes, it looks as though the spammers have gotten to this article. Several comments above are clearly spam, but thanks for these updates on how to prevent spam. I’ll have a look at each!

By: Richard Cummings

Richard Cummings — Sun, 24 May 2009 15:18:00 +0000

Yes, it looks as though the spammers have gotten to this article. Several comments above are clearly spam, but thanks for these updates on how to prevent spam. I’ll have a look at each!

By: Michel

Michel — Sat, 23 May 2009 11:12:51 +0000

That’s funny… Looks like there is no more Math AntiSpam protection here, in this blog, and it also appears that the latest comments are (before this one)… pure spam!

By: Michel

Michel — Sat, 23 May 2009 11:12:00 +0000

That’s funny… Looks like there is no more Math AntiSpam protection here, in this blog, and it also appears that the latest comments are (before this one)… pure spam!

By: Cheryline

Cheryline — Tue, 12 Aug 2008 16:08:51 +0000

spammers are very adapt to the new technologies and always try to find a way to hack your system and get their message across. You always have to stay above them at all times.

By: Cheryline

Cheryline — Tue, 12 Aug 2008 16:08:00 +0000

spammers are very adapt to the new technologies and always try to find a way to hack your system and get their message across. You always have to stay above them at all times.

By: Quix0r

Quix0r — Sat, 17 Feb 2007 15:48:53 +0000

Oh, and sorry for my bad english. :/

By: Quix0r

Quix0r — Sat, 17 Feb 2007 15:48:00 +0000

Oh, and sorry for my bad english. :/

By: Quix0r

Quix0r — Sat, 17 Feb 2007 15:47:40 +0000

On my blog I have now answered someone what to do next after you have created your key WP_SECRET in your wp-config.php script. Please have a look on it.

By: Quix0r

Quix0r — Sat, 17 Feb 2007 15:47:00 +0000

On my blog I have now answered someone what to do next after you have created your key WP_SECRET in your wp-config.php script. Please have a look on it.

By: Ajay

Ajay — Tue, 19 Dec 2006 20:56:39 +0000

I’m using Peter’s Antispam on my blog. Going to give Math one a shot on Techtites

By: Ajay

Ajay — Tue, 19 Dec 2006 20:56:00 +0000

I’m using Peter’s Antispam on my blog. Going to give Math one a shot on Techtites

By: Everton Blair

Everton Blair — Thu, 14 Dec 2006 11:01:33 +0000

Thanks Quix0r. I think I’ll give this a go this evening, as although the amount of spam getting through to Akismet has fallen by around 95%, which means I can now catch the false positives, I want to stop the 5 spam comments per hour that are still somehow getting through.

Still it’s better than the approx. 100 per hour I was getting, which was crazy. I haven’t had any trackback spam though since adding the trackback validator which is fantastic.

By: Everton Blair

Everton Blair — Thu, 14 Dec 2006 11:01:00 +0000

Still it’s better than the approx. 100 per hour I was getting, which was crazy. I haven’t had any trackback spam though since adding the trackback validator which is fantastic.

By: Quix0r

Quix0r — Thu, 14 Dec 2006 10:43:48 +0000

I have found a german post about this math-plugin. He found out that a spammer can very easy find out a hash and the matching result. So please add a “secret key” to your wp-config.php when not already done:

define('WP_SECRET', "wordpress-xxxxxxxx");

By xxxxx is something random typed by your finger-random-generator… And do never every expose this to public. Now you just need to add this to the plug-in code where it generates the code and where it compares it with the hidden one from the form.

If you like, add this code to the hashing parts as well:

filemtime(__FILE__).":".filemtime(ABSPATH . "wp-config.php");

This shall add more entropy to the hash. Finally add – when your blog support his – the number of views or reads of the current post plus title. This is much more secure against “guessing” the current hash.

By: Quix0r

Quix0r — Thu, 14 Dec 2006 10:43:00 +0000

define('WP_SECRET', "wordpress-xxxxxxxx");

If you like, add this code to the hashing parts as well:

filemtime(__FILE__).":".filemtime(ABSPATH . "wp-config.php");