Where we last left off I had Google reCATPCHA v3 and Limit Login Attempts Reloaded installed and working. I’m happy to report that all breech attempts since have been prevented, reported, and are being logged.. I couldn’t be happier.
If intruders think and act like me I could have been breached while discussing prevention against that very thing.. it’s a scary thought isn’t it?
So let’s just take another step, so I can sleep tonight.
Spam – Red Flags!
The easiest way to identify a spammer is by the crap they post. It’s out of context, conveys no relevant information, it’s hard to read, contains cryptic references to illegal products or services, and usually an urgency to “act now“.. with one or more links – they aren’t hard to spot, even without a dog.
So what if we were to profile those types of posts, unattended, with a good degree of accuracy? We wouldn’t even have to bother Google with a verdict we could just dump the post without contributing to our “million a month” quota.. that’s the approach I’m taking.
I know some of you might think this is overkill so it might shock you that there is even more levels of security to come. It’s either OCD or experience.. you be the judge.
WordPress Comment Blacklist
Unless you are in the dark, you know that GitHub is a collection of nerds, organized by topics of concern. A project I would like to bring to your attention is a collection of words that don’t make sense to the normal reader but commonly occur in spam posts. It’s a BLOCK LIST, and from experience has a good degree of accuracy.
Visit splorp / wordpress-comments-blacklist to get the latest details.
Follow the instructions there and we’ll see you at the next meeting – kent