wordpress logoWordPress has become very popular over the years. In the beginning it was wordpress.com hosted websites but over the past few years self hosted wordpress sites have become even more popular than the wordpress.com hosted sites. While the wordpress.com hosted site were fine they didn’t have the freedom that the self-hosted wordpress sites offered.

As the popularity grew for this content management system lots of would be programmers started producing plugins (small programs to enhance wordpress performance across a wide variety of needs) and wouldn’t you know it some of these plugins represented security problems for unsuspecting site owners. The WordPress plugins themselves were not necessarily the problem in and of themselves but rather they opened more potential entry points for hackers to gain access to the sites, servers and databases.

Unfortunately even if you have no problematic plugins installed on your self hosted wordpress site you are still vulnerable to spam in the form of comments and trackbacks. Even if you turn off commenting and trackbacks these bloody hackers still have a way in to your comments through some other exploits and even though you make i so that no one can leave a comment without first being a member of your blog they still make it in somehow.

About the only way to stop them is to either remove 2 specific files or rename them. Of course in doing so you will no longer get any comments  but these days comments do seem to matter anyway as 95% of them or more seem to be spam anyway. Yes you could rename these 2 files and would then need to update the code to make sure that your comments and trackbacks still work. However in doing so the hackers may still be able to find your comment and trackback pages.

For me, as someone who managed hundreds of self hosted wordpress sites I used to get hundreds of spam comments every day and it really became quite burdensome to filter all of these comments and trackbacks for real ones from spam. Finally one day I said to hell with the comments and decided to just get rid of them period.

To do this all I did was open an ftp session to my hosting accounts and once in the folder for a specific self hosted wordpress domain I would look for the following 2 files; wp-comments-post.php and wp-trackback.php. Once I located the files, generally in the root folder, I would simply click on rename and then tack on a .spe extension, which stands for original, at the end of the file name. wp-comments-post.php becomes wp-comments-post.php.spe and wp-trackback.php becomes wp-trackback.php.spe. By adding the .spe extension at the end does nothing to the code of the page and simply just turns the system off from commenting and trackbacks. If and when I want to activate the files once again I simply have to rename the files by dropping the .spe and viola; it is working perfectly fine once again.

If you adopt this method of fighting spam commenting just remember this; whenever you update your wordpress installation the updating will replace these two files for you and you will need to rename them once again to stop the commenting.

My next post on WordPress with Les I am thinking about talking about finding the right theme to use on your site.

The following two tabs change content below.
Search Engines are now one of the biggest lead generators for any online company, and Les Romhanyi is passionate about Google and Bing and everything ‘SERP.’ Truly an SEO expert in organic search optimization, Les has optimized websites for search engines before it was even called Search Engine Optimization, going back to 1995 while working on the Net Sheppard project. In the nearly two decades since, Les has provided SEO services to some of the most competitive and difficult business verticals, such as online gambling, pharmaceuticals, and real estate.