Comment spam is a nuisance just about every WordPress blog owner faces. I use the free Akismet WordPress plugin to block spam comments on my blog and my other WordPress-based websites. Akismet has blocked hundreds of thousands of spam comments from appearing on my blog and annoying readers.

One thing I’ve noticed quite a bit of lately are repetitive comments that are made by different people (or maybe even bots) that try to embed links or have keyword anchor text, and they aren’t being blocked by Akismet. Despite having “nofollow” tag attribute on all comments and in the comment section of my blog, people still think they may get some search engine benefits from posting links.

There are a couple of tell-tale signs that a comment may be spam. Of course it’s quite obvious when there are keywords in lieu of a person’s name (some people always do this though). The other thing that people try is copying someone else’s comment word for word but they add a link below the comment. I guess they assume many people will just approve the comment and not notice the link.

It’s unlikely that these comments will be harmful to a blog, but they are certainly annoying to read. Akismet is a helpful plugin, but it doesn’t always do the trick.

While doing some testing on one of my websites that uses WordPress, I registered as a subscriber.  Later on, while still logged in as the subscriber, I typed in the URL that I would have used as the admin, forgetting that I wasn’t logged in as the admin. Surprisingly, I was still taken to the back-end dashboard of the website, although I didn’t have the same level of access or ability to make changes.

Although there isn’t much (if anything) that can be done in the Dashboard as a subscriber, there is still a treasure trove of information that can be found. A subscriber can see the publisher’s post count, comment count, spam count, recent incoming links, and possibly most importantly, the WordPress version that is running on the website.

The reason it’s important to shield others from seeing the WordPress version you are running is because many WP updates have security components due to known exploits. If someone is behind on their upgrade, a hacker may be able to do something malicious with one of the known exploits. There are other ways to find out what version of WP someone is running (footer or source code), but many people prevent the display of this info by using a special plugin or coding to have it removed.

There is a way to prevent access to your dashboard, and it’s something I implemented already (see screenshot above). Under Settings in the Dashboard, there is a link for General settings. On this page, make sure the “Anyone can Register” check box is not checked and people won’t be able to register. If you do allow people to register, make sure the default is Subscriber so they don’t have other privileges.

Even if you don’t have a link displayed for people to register, they can use the standard registration url used by all WordPress blogs and websites (just substituting your domain name). It’s not terrible if someone gains access to your Dashboard, but I don’t think it’s helpful either.

As you may recall, I blogged about the problem I encountered when I updated my blog to WordPress 2.9. In a nutshell, my posts were missing their schedule, which happened once before after a blog overhaul. I have since found a fix to the issue (well, my designer/programmer found it), but I am still cautious as a result.

I just noticed that WordPress is urging people to update to WP 2.9.1 now with a notice at the top of the Admin dashboard. If you are thinking about making the upgrade, it’s advisable to see what features were changed and to evaluate whether it’s worth the bit of risk that could accompany any upgrade.

If you do decide to upgrade to 2.9.1, make sure you back your site up first before you push the button. Trust me, one small issue can cause hours of work for you or for your programmer. You were warned!

I have the All in One SEO plugin installed on all of my WordPress websites. It’s a free plugin from Semper Fi Web Design that makes the process of SEO much easier and automated. However, up until today, I wasn’t really harnessing the power of the plugin on my websites.

For most of my sites, I was basically using the default settings that come with the plugin. Each post/page title would be listed as the article title, and I didn’t add a meta description sentence for individual posts. I figured Google and Yahoo would be smart enough to pick up the content and rank it accordingly.

Although it’s worked fairly well, it’s silly not to use this plugin to its fullest. From here out, I plan to add a different page title and description instead of the default, which was the post title and the first 160 or so characters of the post. Usually that would be a lead in, but not really the meat of the post.

Over the next few months, I will monitor the percentage of my traffic that comes from search to see if it increases as a result of my efforts. With many people using WordPress for various websites, blogs, and mini sites, it doesn’t really make sense not to install the All in One SEO plugin – and once it’s installed, it’s silly not to use it.

I was viewing a friend’s website on my Blackberry the other day, when I noticed a bunch of random unrelated links above his header. There were Viagra links, Honda links, Cialis links, Acai links…etc. You name the affiliate link, and it was probably there. When I visited his site on my laptop, those links were nowhere to be seen.

Several months ago, I had a similar problem, which my developer diagnosed as some sort of code injection. This was attributed to my not upgrading to the latest WordPress version (currently 2.8.4). Basically when security flaws are found, WordPress closes those holes in the next edition, and site owners need to upgrade ASAP. Because hackers and other malicious people can then learn what security flaws were found in the previous version, they can exploit those flaws in blogs and websites that aren’t running on the most recent version.

In any case, it can be a bit tricky to remove the cause of the malicious links, but it’s important to do so, otherwise your site is leaking “search engine link juice,” and those links can be harmful. This doesn’t even consider that other areas of your site may have been attacked, which can cause other problems. Simply upgrading to the newest version of WP may not help, as the malicious code will still be there.

One of my the best things for me is that the person who manages the technical side of my blog is knowledgeable about programming and WordPress, and he has been able to help me with errors (both human error and a malicious hacking attempt). If you don’t know of a capable person, it would be wise to find someone smart that you trust who can help you at a moment’s notice. There are also plenty of resources on the web that can help you, but sometimes the fixes are complicated.

Always be on the look out for strange things that happen with your blog’s performance and layout, and if you notice something funky, don’t just cast it aside. Search Google, Twitter, and WordPress to see if other people are facing the same issues. Stay on top of WordPress or other platform updates and security warnings, and you may help prevent damage to your website.