james mckay dot net

Following a recent flood of comment spam last week, I’ve decided to tighten up on my blog commenting policy. I’m now limiting comments to two hyperlinks each, which must not be in BBCode format. WordPress doesn’t use BBCode anyway, and I’ve never seen a genuine comment on anybody’s blog which contains more than one hyperlink, so I don’t think this is going to be a problem.

I’m also going to close comments and trackbacks right across the board to any IP address which has three comments pending moderation in my spam queue or which gets trapped by Bad Behavior three times in a week. In practice, it’s not likely to affect you unless you are running a spam bot on your computer or network.

If you want to do something similar on your own blog, it’s handled by the the latest version (1.3) of Comment Timeout. Note that this is still in alpha, so use it at your own risk. It’s configurable as before, so you can set it to allow three — or more — hyperlinks if you prefer.

Comments (2) »

Posted at 22:50 in WordPress plugins

If you are a responsible blogger, your blog will not contain any spam comments older than a certain age. You will usually delete the occasional one that slips past Akismet within at most a month, so anything older than that will have a 100% chance of being ham rather than spam.

So while it’s right and proper to include rel="nofollow" on all hyperlinks in new comments, one would think it’s usually safe to remove it from older ones, and give constructive, bona fide comments on your blog some Google juice after a while. New comments should, of course, have the nofollow tag added.

I’m experimenting with this in the next version of Comment Timeout, which you can download and try out for yourself. The option is disabled by default, in which case all the comments on your website will, of course, be marked as nofollow, but you can of course turn it on if you want.

Another new feature is the option to indicate to your visitors how long comments will remain open on your blog.

Version 1.2 is currently in alpha, so it’s a case of “use at your own risk”, but I’m dogfooding it on my own blog, removing the nofollow on comments after 21 days. (NB: I make no guarantees that I won’t change the settings!) I’d be interested to know if anyone makes any use of it, or whether or not you think it’s a good idea. Let me know what you think by leaving a comment.

The current stable version is still 1.0 release candidate 2.

Update: I’ve released alpha 2, adding a bit more granularity to the nofollow options.

Comments (2) »

Posted at 18:52 in WordPress plugins

I’ve released an update to Comment Timeout this weekend to fix a couple of critical bugs. (Did I say it was still in beta?) It was not working on PHP 4, though it was fine on PHP 5, and it was not closing comments correctly if you turned off the option to keep ongoing discussions open. Both these bugs have now been fixed.

Thanks to Heather (http://www.ohmystinkinheck.com/) for the heads-up and feedback. The latest version is release candidate 2 (because the second bug only came to light a few hours after I released a fix for the first one as release candidate 1).

Comments (1) »

Posted at 10:42 in WordPress plugins

WordPress 2.1 comes with a new version of the Akismet plugin, which has an option to silently discard comments that it considers to be spam on posts older than a month.

Personally, I don’t like this approach, because it silently nukes bona fide comments that register as false positives on older posts. My experience of Akismet is that it flags about ten percent of bona fide, non-spam comments as false positives: out of the twenty-three comments and trackbacks that I’ve had over the past month, I’ve had to rescue at least two of them from the spam queue. Furthermore, just before Christmas, the Akismet service started trapping all my comments on other people’s blogs that were labelled with my own domain name (jamesmckay.net). This was very disconcerting at the time, though it righted itself after a few days. Apparently several other people have reported the same problem. I don’t know quite to what extent this is replicated worldwide, but it’s enough to warrant keeping an eye on what is being flagged as spam and what isn’t.

The other problem is that the time delay is not configurable. It may be fine on popular blogs which are updated two or three times a week, but it isn’t suitable for the vast majority of bloggers, who only write once or twice a month and whose readership is relatively small. It also fails if you write a popular, classic post that gets linked to from, say, a Wikipedia article, and would benefit from a longer lasting, ongoing discussion. That’s why I included an option in Comment Timeout to allow you to keep a discussion open for longer if it has had some recent comments.

What we need are better tools to help get to the false positives quickly and (relatively) easily. One way of doing this is to reduce the number of comments that gets as far as Akismet. I use it in conjunction with Bad Behavior and my own Comment Timeout, and the two in combination seem to reduce the spam to ham ratio in my case from about 30:1 to 3:1. I have also tried Spam Karma, though I’m not actually using it at the moment.

The other thing that we need is a better interface to the comments that have been flagged as spam. The Akismet WordPress plugin is rubbish in this respect. It lists the whole body of everything it reckons is spam, sorted by age, with no options to apply any other sort order. If in spite of using Bad Behavior, Comment Timeout, and Spam Karma, you still end up getting hit by a hundred spams with a hundred links each in the space of half an hour, sorting out the false positives can be an absolute nightmare. What we need is an interface that shows us an overview of all the comments in the entire queue, allowing us to sort and selectively bulk delete by age of comment, age of post, IP address, length of comment, number of hyperlinks, and so on. We need to be have the comments collapsed down to just the first line or even only the comment metadata, and then expand them when they’re clicked using Javascript/DHTML. And it would also be good if the Akismet service could return an indication of the level of spamminess of a comment, rather than just a binary yes/no value as at present, so we could sort on that as well.

Comment on this »

Posted at 21:05 in WordPress plugins

It’s encouraging to see the positive response that Comment Timeout has been getting over the past week or so. Patrick Chia has adapted it to work with WordPress MU, the multi-user version of WordPress. Thanks Patrick!

Comment on this »

Posted at 18:41 in WordPress plugins

My recently released WordPress plugin, Comment Timeout, gained the attention of Weblog Tools Collection in the wee small hours of this morning. Weblog Tools Collection is a blog which covers important new tools and gizmos available to WordPress users. It’s a particularly high visibility blog because its feed appears on the dashboard of every WordPress installation, of which there are approximately one and a half million. Nice one.

It’ll be interesting to see how widely used it becomes.

Comments (1) »

Posted at 16:00 in WordPress plugins

I’ve been spending a while updating some of my WordPress plugins over the past day or so. It turns out that The Frame Buster had a bug that was stopping it working on some servers. If the version you are using is failing to override framesets as intended, or if you get an “undefined function does_host_match” error, you should upgrade to version 1.0.4. If you’re not sure, I’ve put up a page where you can test it here.

I’ve also released another plugin that I’ve been using for ages on end on my own blog, called Include. As its title suggests, it is similar to the <!--#include--> directive which is familiar to Apache or ASP/ASP.NET developers, in that it lets you include a file or PHP script in your blog posts.

Comment on this »

Posted at 18:03 in WordPress plugins

Here is a WordPress plugin that automatically shuts off comments on older posts, unless they still have an active discussion going on.

Like everyone else, my blog was getting pretty heavily spammed. I have been using a combination of Akismet and Bad Behavior and this has had considerable success. However, I noticed that a lot of the spam comments that were coming through were targetting posts that were over a year old.

I’ve come across some popular blogs that are getting thousands of spam comments a day. Amazingly, nearly all of them keep comments open on all their entries, in some cases going back as much as four or five years. Why would anyone want to post a legitimate comment today on your trip to New York five years ago?

Since I started using this approach a couple of weeks ago, it’s proven to be pretty successful. Beforehand, Akismet was handling an average of five spams a day, with one day chalking up more than seventy. Bad Behavior knocked that figure down to typically one a day. Now, spam comments seem to be almost non-existent.

Some blog software such as CommunityServer and dasBlog has this functionality built in, though as far as I’m aware the ability to keep active discussions open is a new one. Unfortunately, WordPress has hitherto had no such facility, apart from a much simpler plugin which isn’t configurable and doesn’t allow for active, ongoing discussions.

This is a beta release of the plugin, and it has been tested on WordPress 2.0.5. Any feedback would be welcome.

[Update 28/12/2006]: I’ve created a separate page for the plugin, and released an update that is compatible with WordPress 2.1 alpha 3.

Comment on this »

Posted at 13:33 in WordPress plugins

I’ve posted a new version of my WordPress Frame Buster plugin. It fixes a minor bug that stopped it working properly if your blog’s URL includes an HTTP port number, e.g. http://www.jamesmckay.net:8080/.

Comment on this »

Posted at 23:03 in WordPress plugins

Here’s a WordPress plugin that I’ve been working on over the weekend. It is a frame buster script on steroids — it is compatible with the preview functionality of WordPress 2.0 and also includes an admin page that lets you turn it off for other individual domain names if you need to.

Any comments or suggestions would be welcome. Get it here.

Oh, and there’s more coming soon from where that came from. Watch this space…

Comment on this »

Posted at 23:16 in WordPress plugins