Fighting WordPress Spams

Of course the most popular plugin for protecting WordPress blogs from spamming is Akismet. Yes it is simple to use, famous, and easy to get.

But in my opinion, if you’re running an unknown blog like mine, you should discard Akismet and choose a more clever one. Akismet blocks non-spam comments now and again, and it’s difficult to rescue them from within the thousands of spams. Some day you will suddenly find a regular comment by your friend in the spams and realize that. It’s the same situation when using Spam Karma or Bad Behavior. They all block regular comments by some probability.

So stay away with the plugins which recognize spams by using machines’ intelligence. I need a plugin that will block all spam bots but will never block a human being.

Usually, the spam bots are not clever enough to emulate a browser (except the human spammers, of course). So why not use some simple JavaScript to confirm the commenter is not a machine?

I first tried WordPress Hashcash. It blocks all bots and never blocks a human. But it needs a database table to function right. I don’t like this.

Then I found bcSpamBlock, which seems an ideal solution for me:

  1. It ensures only comments by human pass through the validation.
  2. It doesn’t need a database table.
  3. It rejects the spam in the “preprocess_comment” filter, which means the spam won’t be saved to the database, making the database always clean. Too many comment_ID’s we’ve wasted on spams! (Yes I’m an idealist :) )

There are some human spams which will bypass the plugin but I have the time to delete them.

Wait, still there are trackback spams! bcSpamBlock does have a simple way to check trackbacks, but I disabled this feature and used the Simple Trackback Validation plugin. The ideas to validate trackbacks are identical, but the latter is more reliable.

So the final solution becomes bcSpamBlock + Simple Trackback Validation.

When bcSpamBlock is famous enough, there must be a way for bots to analyze the keys and simulate a human (I’ll try this). But for now it’s enough for me.

Who Sold Me to Domain Design Shop?

I was curious when I received an Email with the subject “Important information about your domain: thinlight.org”. I ordered this domain name from GoDaddy, but they shouldn’t send me emails when there isn’t any changes of the domain.

Actually the mail was not from GoDaddy. The content was:

Hello,
Congratulations on registering the domain: thinlight.org. Now is the time to establish an effective Internet presence. Domain Design Shop is an internationally recognized Web design company that specializes in marketing and branding. Our staff has assisted hundreds of companies, organizations, and individuals in achieving their goals of developing custom web sites and technology solutions.

Please click here to see our portfolio: [their site url]

Warm Regards,
[their site url]

Sweet! They knew that I had just got this domain and provided such a comfortable service!

But wait a minute. Who gave away the message that I just registered this domain? I think it’s not GoDaddy who sold me out. “Domain Design Shop” must be such a shit polling the whois database to get the new registered domains information, and spamming these domain owners.

If you’re interested, go and check out their own website. No I don’t want such design works, though my own design is ugly enough. They just remind me of the “good old days” years ago.

Usually we would pay an extra fee to hide our contact information in the whois query result. Just hope they’re not spamming every domain buyers.

Google Analytics with WordPress – Exclude Your Own Visits

When I started to use Google Analytics last year, I was in a big LAN. To exclude my own traffic from Google Analytics, I created a filter to exclude a small range of IP addresses. Though it may wrongly filter out some visits of people in the same LAN, it’s tolerable.

Today I’m connected to the Internet by some DSL service of an ISP and the IP address changes from time to time, not limited in a C-class range. So I can no longer exclude my visits by simply creating a filter of IP address.

I searched the help system of Google Analytics, and got a method of excluding by cookie.

Yes, it’s great. But still it’s not convenient to set the cookie because cookies will expire one day or you may clear them by hand.

I was led to the wrong way since the beginning. Since we’re using Google Analytics on such a specific system – WordPress, we should discard the idea of excluding by IP and consider excluding by user.

Then I found some Google Analytics plugins for WordPress. For example, Ultimate GA. It provides an option of not adding analytics code to the page when it’s requested by a logged on user. And of course a lot of other great features.

I don’t want to use a plugin to slow down my WordPress for such a small requirement. Just surround your analytics code (usually in footer.php of current theme) with an “if” statement:

<?php if (!$user_ID) { ?>
...your Google Analytics code...
<?php } ?>

and it’s done.

Readonly Text Input Background Color in Firefox

The other day I was stuck when trying to make the background-color of a readonly text input white in Firefox.

Today lots of sites are using readonly text inputs to carry out some urls for propagation or some code snippets for embedding in your own pages. For example, every Youtube video has such a input field just on the right of it. When you click on it, the text gets selected and you can press Ctrl+C to copy it to the clipboard.

The code is like this:

<input type="text" readonly="readonly" value="some read only text..." onclick="this.select()" />

and the rendered output:

In all other major browsers it looks like a normal text input. But in Firefox, the background color is made gray (#D6D5D9, actually), maybe emphasizing the difference. There are always cases when we want to make it white. But when added “background-color:#FFFFFF;”, it showed no difference. At that time I thought I couldn’t change the background color.

But soon I found the “white” text input when watching this video (I love the puppy!). After inspecting the code with Firebug I found it was “border:1px solid #D2D2D0” who did the trick. Adding it to the example code above:

Then I found that the background color is ok with any color except #FFFFFF. For example, setting it to “#FEFEFE” (Almost white. And note the default border style is “outset”):

Weird, isn’t it? I don’t know if it’s a bug or “feature”.

First Draft of Site Design

Developing a new look for WordPress is a relatively simple task, as long as you know some CSS/HTML basics.

I don’t know how to create beautiful graphics, so I only used simple colors and simple transitions. Totally three blue colors were used, from light to dark. I especially like the sidebar border :) . The ripples mark the beginnings of entries. I discarded the CSS list types but used background images to achieve this effect.

Thanks to the simple structure of WordPress, it didn’t take me much time to make this theme. Of course I will tailor it in the future to make it better-looking.

GoDaddy Gift Cards with other Payments

When I was going to buy this domain from GoDaddy, I realized that I had a gift card with $1 balance. Of course I would not waste it.

I searched and found the “official solution”. It was easy. First choose gift card as payment option, and

If your purchase amount is greater than the amount on your gift card, simply choose another payment method to cover the remaining balance.

I followed the instructions, but on the page where I entered my gift card number, I could only add more gift cards, but couldn’t add other payment methods. I tried to go to next step, with the hope that it would prompt me to choose another payment method. No, it just said the payment couldn’t be verified.

Finally I got the right way to use this “wasted” gift card. Instead choosing gift card as your payment option, you should choose the payment method that you want to cover the balance. I chose paypal, and after returning to the checkout page, I saw the “use gift card” option right below the paypal account information form. GoDaddy first used my gift card, and then requested the remaining balance from my paypal account. Largely the same if you choose paying by credit card.

GoDaddy needs to update their help docs :) .